Date: Wed, 1 Sep 1999 17:30:41 -0600 (MDT) From: Dan Burcaw <dburcaw@terraplex.com> To: lwn@lwn.net, dave@linuxtoday.com, info@macintouch.com Subject: SECURITY: am-utils The Yellow Dog Linux Security Team has just released an updated version of am-utils which fixes recently discovered security vulnerabilities in the AMD automounter that is being actively exploited on the internet. Package: am-utils Date: September 1, 1999 Problem: An explotable buffer overflow security problem in the amd daemon which is part of the am-utils package has been fixed. This problem is being actively exploted on the Internet and can be used to gain root access on machines running amd. Thanks to Erez Zadok, the maintainer of am-utils, for resolving the problem. We recommend that all Yellow Dog users upgrade to this fixed version of am-utils. Urgency: HIGH Solution: rpm -Uvh <file> ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/champion-1.1/RPMS/am-utils-6.0.1s11-1a.ppc.rpm Here is the md5 checksum of the updated package. Please verify these before installing the new package by running: md5sum <file> 65d78d00632fb71e41eb136746f99b24 RPMS/am-utils-6.0.1s11-1a.ppc.rpm Users of Champion Server 1.0 can also, and are strongly advised to upgrade to this version of am-utils. More information can be found from our errata page at: http://www.yellowdoglinux.com/resources/errata_cs11.shtml