[ Thanks to Dan
Burcaw for this report. ]
The Yellow Dog Linux Security Team has just released an updated
version of am-utils which fixes recently discovered security
vulnerabilities in the AMD automounter that is being actively
exploited on the internet.
Date: September 1, 1999
An explotable buffer overflow security problem in the amd daemon
which is part of the am-utils package has been fixed. This problem
is being actively exploted on the Internet and can be used to gain
root access on machines running amd.
Thanks to Erez Zadok, the maintainer of am-utils, for resolving
We recommend that all Yellow Dog users upgrade to this fixed
version of am-utils.
Solution: rpm -Uvh <file>
Here is the md5 checksum of the updated package. Please verify
these before installing the new package by running: md5sum
Users of Champion Server 1.0 can also, and are strongly advised
to upgrade to this version of am-utils.
More information can be found from our errata page at: