Linux Today: Linux News On Internet Time.

More on LinuxToday

Debian Security Advisory: New version of nis released

Oct 28, 1999, 15:07 (0 Talkback[s])

WEBINAR: On-demand Event

Replace Oracle with the NoSQL Engagement Database: Why and how leading companies are making the switch REGISTER >

Date: Thu, 28 Oct 1999 00:40:28 +0200
From: Wichert Akkerman <<a href="">>
Reply to:


Debian Security Advisory Wichert Akkerman
October 28, 1999

The nis package that was distributed with Debian GNU/Linux 2.1 has a couple of problems:
* ypserv allowed any machine in the NIS domain to insert new tables
* rpc.yppasswd had a bufferoverflow in its MD5 code
* rpc.yppasswd allowed users to change the GECOS and loginshell entries of other users

This has been fixed in version 3.5-2. We recommend you upgrade your nis package immediately.

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

Source archives:
MD5 checksum: 5b41361ce80bd2067c2c40f03ea14ac4
MD5 checksum: 696ad9726555336e8bab482ee8f2f040
MD5 checksum: 368167b1e16eb25ac639935310a26daa

Alpha architecture:
MD5 checksum: c0a8066bd00ed4fe10ac4c7294768ede

Intel ia32 architecture:
MD5 checksum: 0cc3b116a4ede4dec99189b9bdb9830a

Motorola 680x0 architecture:
MD5 checksum: 5a713462f36bb6faf90d362b5e28aa61

Sun Sparc architecture:
MD5 checksum: 9fa64238b625748523e5f5e8591434cd

These files will be moved into*/binary-$arch/ soon.

For not yet released architectures please refer to the appropriate directory$arch/.

For apt-get: deb stable updates
For dpkg-ftp: dists/stable/updates
Mailing list:

Version: 2.6.3ia
Charset: noconv


To UNSUBSCRIBE, email to with a subject of "unsubscribe". Trouble? Contact