Date: Mon, 13 Sep 1999 23:07:37 -0600 (MDT) From: Dan Burcaw <dburcaw@terraplex.com> To: info@macintouch.com, lwn@lwn.net, dave@linuxtoday.com Subject: SECURITY: mars-nwe The Yellow Dog Linux Security Team has released a new version of the mars-nwe package. mars-nwe allows the sharing of files between Linux machines and Novell NetWare clients, using NetWare's native IPX protocol suite. Package: mars-nwe Date: September 13, 1999 Problem: Buffer overflows are present in the mars_nwe package. Since the code is possible if users create carefully designed directories and/or bindery objects. A sample exploit has been made available. Thanks go to Przemyslaw Frasunek (secure@freebsdf.lublin.pl) and Babcia Padlina Ltd. for noting the problem and providing a patch and Red Hat for providing a quick RPM update. Urgency: MEDIUM Solution: rpm -Uvh ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/champion-1.1/RPMS/mars-nwe-0.99pl17-4.ppc.rpm Here is the md5 checksum of the update packages, please verify this before installing the new package by running: md5sum <file> 625555b3be788a00a4d7429ea254183a RPMS/mars-nwe-0.99pl17-4.ppc.rpm This update is only necessary if mars-nwe is installed and running on your system. Terra Soft Solutions, Inc. Yellow Dog Linux "The Ultimate Companion for a Dedicated Server" http://www.yellowdoglinux.com/