Date: Thu, 28 Oct 1999 18:53:40 -0600 (MDT) From: Dan Burcaw <dburcaw@terraplex.com> To: yellowdog-security@lists.yellowdoglinux.com Subject: SECURITY: ypserv The Yellow Dog Linux Updates Team has released a new errata update to the ypserv package which fixes a recently discovered security vulnerability. Package: ypserv Date: October 27, 1999 Problem: With ypserv, local administrators in the NIS domain could possibly inject password tables. In rpc.yppasswdd, users could change GECOS and login shells of other users, and there is a buffer overflow in the md5 hash generation. All Yellow Dog users that are using ypserv should upgrade to this errata update. Urgency: MEDIUM Solution: rpm -Uvh ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/champion-1.1/RPMS/ypserv-1.3.9-1a.ppc.rpm Please verify the following md5 checksum for the ypserv update before you install this new package: md5sum ypserv-1.3.9-1a.ppc.rpm fa2254f50b3bf77a104ece3e4c93a2d3 ypserv-1.3.9-1a.ppc.rpm For more information, please see our Errata and Updates site: http://www.yellowdoglinux.com/resources/errata.shtml Regards, Yellow Dog Linux Updates Team Terra Soft Solutions, Inc. updates@yellowdoglinux.com