---

Yellow Dog Security Advisory: Package: ypserv

Date: Thu, 28 Oct 1999 18:53:40 -0600 (MDT)
From: Dan Burcaw <[email protected]>
To: [email protected]

The Yellow Dog Linux Updates Team has released a new errata
update to the ypserv package which fixes a recently discovered
security vulnerability.

Package: ypserv
Date: October 27, 1999
Problem:
With ypserv, local administrators in the NIS domain could possibly
inject password tables. In rpc.yppasswdd, users could change GECOS
and login shells of other users, and there is a buffer overflow in
the md5 hash generation.

All Yellow Dog users that are using ypserv should upgrade to
this errata update.

Urgency: MEDIUM
Solution: rpm -Uvh

ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/champion-1.1/RPMS/ypserv-1.3.9-1a.ppc.rpm

Please verify the following md5 checksum for the ypserv update
before you install this new package: md5sum
ypserv-1.3.9-1a.ppc.rpm

fa2254f50b3bf77a104ece3e4c93a2d3 ypserv-1.3.9-1a.ppc.rpm

For more information, please see our Errata and Updates
site:
http://www.yellowdoglinux.com/resources/errata.shtml

Regards,
Yellow Dog Linux Updates Team
Terra Soft Solutions, Inc.
[email protected]