Yellow Dog Linux Security Announcement -------------------------------------- Package: kernel Issue Date: July 28, 2000 Update Date: July 28, 2000 Priority: high Advisory ID: YDU-20000728-1 1. Topic: A security hole was discovered that affects any setuid program on a system. 2. Problem: A security bug involving setuid programs is fixed in this kernel. Other fixes include: - GMAC ethernet river - 2000 "Pismo" PowerBook G3 support - ATI Rage 128 Pro support 3. Solution: a) Updating via yup... We suggest that you use the Yellow Dog Update Program (yup) to keep your system up-to-date. The following command will automatically retrieve and install the fixed version of the kernel onto your system: yup update kernel If you require kernel headers and/or source, run the following yup commands respectively: yup update kernel-headers yup update kernel-source b) Updating manually... The update can also be retrieved manually from our ftp site below along with the rpm command that should be used to install the update. ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/champion-1.2/ppc/RPMS/ kernel-2.2.17-0.6.1.ppc.rpm rpm -Fvh kernel-2.2.17-0.6.1.ppc.rpm If you require kernel headers and/or source, install the following files respectively: ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/champion-1.2/ppc/RPMS/ kernel-headers-2.2.17-0.6.1.ppc.rpm kernel-source-2.2.17-0.6.1.ppc.rpm rpm -Fvh kernel-headers-2.2.17-0.6.1.ppc.rpm rpm -Fvh kernel-source-2.2.17-0.6.1.ppc.rpm You also need to copy the new vmlinux file to either your MacOS System Folder if you are using BootX to boot YDL or to your yaboot partition if you are using yaboot. 4. Verification MD5 checksum Package -------------------------------- ---------------------------- a5b03e718c4db68fc84e4af558cae01d RPMS/kernel-2.2.17-0.6.1.ppc.rpm b7b1331472d1ff52705b10d09af45580 RPMS/kernel-doc-2.2.17-0.6.1.ppc.rpm 94b1abbb7d3705af32d591f4b4eefd34 RPMS/kernel-headers-2.2.17-0.6.1.ppc.rpm be424ccf9d9d34e5a29e53052b181c0b RPMS/kernel-pcmcia-cs-2.2.17-0.6.1.ppc.rpm 7d252f14e4785e3f615116c110961a43 RPMS/kernel-smp-2.2.17-0.6.1.ppc.rpm 8aa5c849fffb79b98cd58224a7f999cb RPMS/kernel-source-2.2.17-0.6.1.ppc.rpm 4fc3b01df1032a1c2015d8fd41a2e11c RPMS/kernel-utils-2.2.17-0.6.1.ppc.rpm If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg filename 5. Misc. Terra Soft has setup a moderated mailing list where these security, bugfix, and package enhancement announcements will be posted. See http://lists.yellowdoglinux.com/ for more information. For information regarding the usage of yup, the Yellow Dog Update Program, see http://http://www.yellowdoglinux.com/support/solutions/ydl_general/yup.shtml