[yellowdog-security] SECURITY: ypserv

Subject: [yellowdog-security] SECURITY: ypserv
From: Dan Burcaw (dburcaw@terraplex.com)
Date: Thu Oct 28 1999 - 18:53:40 MDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Previous message: Dan Burcaw: "[yellowdog-security] UPDATE: lpr"

The Yellow Dog Linux Updates Team has released a new errata update to the
ypserv package which fixes a recently discovered security vulnerability.

Package: ypserv
Date: October 27, 1999
Problem:
With ypserv, local administrators in the NIS domain could possibly inject
password tables. In rpc.yppasswdd, users could change GECOS and login
shells of other users, and there is a buffer overflow in the md5 hash
generation.

All Yellow Dog users that are using ypserv should upgrade to this errata
update.

Urgency: MEDIUM
Solution: rpm -Uvh
ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/champion-1.1/RPMS/ypserv-1.3.9-1a.ppc.rpm

Please verify the following md5 checksum for the ypserv update before you
install this new package: md5sum ypserv-1.3.9-1a.ppc.rpm

fa2254f50b3bf77a104ece3e4c93a2d3 ypserv-1.3.9-1a.ppc.rpm
                             

For more information, please see our Errata and Updates site:
http://www.yellowdoglinux.com/resources/errata.shtml

Regards,
Yellow Dog Linux Updates Team
Terra Soft Solutions, Inc.
updates@yellowdoglinux.com

• Previous message: Dan Burcaw: "[yellowdog-security] UPDATE: lpr"

This archive was generated by hypermail 2a24 : Tue Nov 02 1999 - 16:21:15 MST