Yellow Dog Security Advisory: Package: ypserv

Date: Thu, 28 Oct 1999 18:53:40 -0600 (MDT)
From: Dan Burcaw <dburcaw@terraplex.com>
To: yellowdog-security@lists.yellowdoglinux.com

The Yellow Dog Linux Updates Team has released a new errata
update to the ypserv package which fixes a recently discovered
security vulnerability.

Package: ypserv
Date: October 27, 1999
With ypserv, local administrators in the NIS domain could possibly
inject password tables. In rpc.yppasswdd, users could change GECOS
and login shells of other users, and there is a buffer overflow in
the md5 hash generation.

All Yellow Dog users that are using ypserv should upgrade to
this errata update.

Urgency: MEDIUM
Solution: rpm -Uvh


Please verify the following md5 checksum for the ypserv update
before you install this new package: md5sum

fa2254f50b3bf77a104ece3e4c93a2d3 ypserv-1.3.9-1a.ppc.rpm

For more information, please see our Errata and Updates

Yellow Dog Linux Updates Team
Terra Soft Solutions, Inc.

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis