[notting en redhat com: [RHSA-1999:046-01] security problems with ypserv]

To: linux en nuclecu unam mx
Subject: [notting en redhat com: [RHSA-1999:046-01] security problems with ypserv]
From: Miguel de Icaza <miguel en gnu org>
Date: Fri, 29 Oct 1999 01:32:17 -0500
Sender: owner-linux en nuclecu unam mx

------- Start of forwarded message -------
MBOX-Line: From redhat-announce-list-request en redhat com  Thu Oct 28 13:53:08 1999
Resent-Cc: recipient list not shown: ;
MBOX-Line: From redhat-watch-list-request en redhat com  Thu Oct 28 13:53:06 1999
Date: Thu, 28 Oct 1999 12:35:00 -0400
From: Bill Nottingham <notting en redhat com>
To: redhat-watch-list en redhat com
Subject: [RHSA-1999:046-01] security problems with ypserv
Content-Type: text/plain; charset=us-ascii
Approved: djb en redhat com
Resent-From: redhat-watch-list en redhat com
Reply-To: redhat-watch-list en redhat com
X-Mailing-List: <redhat-watch-list en redhat com> archive/latest/14
X-Loop: redhat-watch-list en redhat com
X-URL: http://www.redhat.com
X-Loop: redhat-announce-list en redhat com
Precedence: list
Resent-Sender: redhat-announce-list-request en redhat com
X-URL: http://www.redhat.com

- ---------------------------------------------------------------------
		   Red Hat, Inc. Security Advisory

Synopsis:		security problems with ypserv
Advisory ID:		RHSA-1999:046-01
Issue date:		1999-10-27
Updated on:		1999-10-27	
Keywords:		
Cross references:	ypserv yppasswdd rpc.yppasswdd
- ---------------------------------------------------------------------

1. Topic:

The ypserv package, which contains the ypserv NIS server
and the yppasswdd password-change server, has been discovered
to have security holes.

2. Problem description:

With ypserv, local administrators in the NIS domain could
possibly inject password tables. In rpc.yppasswdd, users
could change GECOS and login shells of other users, and
there is a buffer overflow in the md5 hash generation.

It is recommended that all users of the ypserv package upgrade
to the new packages.

3. Bug IDs fixed (http://developer.redhat.com/bugzilla for more info):

4. Relevant releases/architectures:

Red Hat Linux 4.x, all architectures
Red Hat Linux 5.x, all architectures
Red Hat Linux 6.x, all architectures

5. Obsoleted by:

6. Conflicts with:

7. RPMs required:

Red Hat Linux 4.x:

Intel:
  ftp://updates.redhat.com/4.2/i386/ypserv-1.3.9-0.4.2.i386.rpm

Alpha:
  ftp://updates.redhat.com/4.2/alpha/ypserv-1.3.9-0.4.2.alpha.rpm

Sparc:
  ftp://updates.redhat.com/4.2/sparc/ypserv-1.3.9-0.4.2.sparc.rpm

Source packages:
  ftp://updates.redhat.com/4.2/SRPMS/ypserv-1.3.9-0.4.2.src.rpm

Red Hat Linux 5.x:

Intel:
  ftp://updates.redhat.com/5.2/i386/ypserv-1.3.9-0.5.2.i386.rpm

Alpha:
  ftp://updates.redhat.com/5.2/alpha/ypserv-1.3.9-0.5.2.alpha.rpm

Sparc:
  ftp://updates.redhat.com/5.2/sparc/ypserv-1.3.9-0.5.2.sparc.rpm

Source packages:
  ftp://updates.redhat.com/5.2/SRPMS/ypserv-1.3.9-0.5.2.src.rpm

Red Hat Linux 6.x:

Intel:
  ftp://updates.redhat.com/6.1/i386/ypserv-1.3.9-1.i386.rpm

Alpha:
  ftp://updates.redhat.com/6.0/alpha/ypserv-1.3.9-1.alpha.rpm

Sparc:
  ftp://updates.redhat.com/6.0/sparc/ypserv-1.3.9-1.sparc.rpm

Source packages:
  ftp://updates.redhat.com/6.1/SRPMS/ypserv-1.3.9-1.src.rpm

8. Solution:

For each RPM for your particular architecture, run:
    rpm -Uvh 'filename'
where filename is the name of the RPM.

9. Verification:

MD5 sum                           Package Name
- --------------------------------------------------------------------------
d384966683e0c59b7c63d2d0fcba79ce  ypserv-1.3.9-0.4.2.i386.rpm
e8e860c754e894b955c2ec3e73bcad8d  ypserv-1.3.9-0.4.2.alpha.rpm
19cfbc0bf8ef5ed272243d74020b69df  ypserv-1.3.9-0.4.2.sparc.rpm
df131f369bfb64d1b093447168484e38  ypserv-1.3.9-0.4.2.src.rpm

51a38316e72f25b6751ade459728f049  ypserv-1.3.9-0.5.2.i386.rpm
65da86b0b61ae70b82a5b3fe17b77803  ypserv-1.3.9-0.5.2.alpha.rpm
2956fc958456d5a91d697043932266bd  ypserv-1.3.9-0.5.2.sparc.rpm
dda2d28bb89cddb9ecb4409778a548f9  ypserv-1.3.9-0.5.2.src.rpm

c1a566b7535bb51e25d9c1743f822682  ypserv-1.3.9-1.i386.rpm
a8f5a82d450ddb2b42068537859c18ae  ypserv-1.3.9-1.alpha.rpm
6759503c9cc688bcd1902f6511ecc60a  ypserv-1.3.9-1.sparc.rpm
f7e8b5a241c4e873822c83be2f0cf566  ypserv-1.3.9-1.src.rpm
 
These packages are GPG signed by Red Hat, Inc. for security.  Our key
is available at:
    http://www.redhat.com/corp/contact.html
 
You can verify each package with the following command:
    rpm --checksig  <filename>

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
    rpm --checksig --nogpg <filename>

10. References:
<19991024163423 6665A67B0 en Galois suse de>



- -- 
         To unsubscribe: mail redhat-watch-list-request en redhat com with 
                       "unsubscribe" as the Subject.

- -- 
To unsubscribe:
mail -s unsubscribe redhat-announce-list-request en redhat com < /dev/null
------- End of forwarded message -------

Previo por Fecha: una ayudita
Previo por Hilo: una ayudita

[Hilos de Discusión] [Fecha] [Tema] [Autor]