[ Thanks to Dan
Burcaw for this report. ]
The Yellow Dog Linux Security Team has just released an updated
version of am-utils which fixes recently discovered security
vulnerabilities in the AMD automounter that is being actively
exploited on the internet.
Package: am-utils
Date: September 1, 1999
Problem:
An explotable buffer overflow security problem in the amd daemon
which is part of the am-utils package has been fixed. This problem
is being actively exploted on the Internet and can be used to gain
root access on machines running amd.
Thanks to Erez Zadok, the maintainer of am-utils, for resolving
the problem.
We recommend that all Yellow Dog users upgrade to this fixed
version of am-utils.
Urgency: HIGH
Solution: rpm -Uvh <file>
ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/champion-1.1/RPMS/am-utils-6.0.1s11-1a.ppc.rpm
Here is the md5 checksum of the updated package. Please verify
these before installing the new package by running: md5sum
<file>
65d78d00632fb71e41eb136746f99b24
RPMS/am-utils-6.0.1s11-1a.ppc.rpm
Users of Champion Server 1.0 can also, and are strongly advised
to upgrade to this version of am-utils.
More information can be found from our errata page at:
http://www.yellowdoglinux.com/resources/errata_cs11.shtml