Linux Today: Linux News On Internet Time.

More on LinuxToday

Yellow Dog Security Advisory: Package: ypserv

Oct 29, 1999, 01:53 (0 Talkback[s])

Date: Thu, 28 Oct 1999 18:53:40 -0600 (MDT)
From: Dan Burcaw <>

The Yellow Dog Linux Updates Team has released a new errata update to the ypserv package which fixes a recently discovered security vulnerability.

Package: ypserv
Date: October 27, 1999
With ypserv, local administrators in the NIS domain could possibly inject password tables. In rpc.yppasswdd, users could change GECOS and login shells of other users, and there is a buffer overflow in the md5 hash generation.

All Yellow Dog users that are using ypserv should upgrade to this errata update.

Urgency: MEDIUM
Solution: rpm -Uvh

Please verify the following md5 checksum for the ypserv update before you install this new package: md5sum ypserv-1.3.9-1a.ppc.rpm

fa2254f50b3bf77a104ece3e4c93a2d3 ypserv-1.3.9-1a.ppc.rpm

For more information, please see our Errata and Updates site:

Yellow Dog Linux Updates Team
Terra Soft Solutions, Inc.