Yellow Dog Linux Security Announcement -------------------------------------- Package: bind Issue Date: January 30, 2000 Update Date: January 30, 2000 Priority: high Advisory ID: YDU-20010130-1 1. Topic: Security vulnerabilities have been discovered in bind. 2. Problem: Several problems, including a remoteley exploitable hole, were found in bind, the DNS server that ships with Yellow Dog Linux. 3. Solution: a) Updating via yup... We suggest that you use the Yellow Dog Update Program (yup) to keep your system up-to-date. The following command(s) will automatically retrieve and install the fixed version of bind onto your system: yup update bind yup update bind-utils yup update bind-devel # This rpm isn't necessary in most cases b) Updating manually... The update can also be retrieved manually from our ftp site below along with the rpm command that should be used to install the update. ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/champion-1.2/ppc/RPMS/ bind-8.2.3-1.ppc.rpm bind-utils-8.2.3-1.ppc.rpm bind-devel-8.2.3-1.ppc.rpm rpm -Fvh *-8.2.3-1.ppc.rpm 4. Verification MD5 checksum Package -------------------------------- ---------------------------- c57dcdad9d07ba5fa9b72f905a730b6b RPMS/bind-8.2.3-1.ppc.rpm 18a5a4cb062ba7a89236b5e878d501de RPMS/bind-devel-8.2.3-1.ppc.rpm 9a1273286da190829efb3cfb059469e6 RPMS/bind-utils-8.2.3-1.ppc.rpm 5c3ec56f0253d60198b8aa1379fdab20 SRPMS/bind-8.2.3-1.src.rpm If you wish to verify that each package has not been corrupted or tampered with, examine the md5sum with the following command: rpm --checksig --nogpg filename 5. Misc. Terra Soft has setup a moderated mailing list where these security, bugfix, and package enhancement announcements will be posted. See http://lists.yellowdoglinux.com/ for more information. For information regarding the usage of yup, the Yellow Dog Update Program, see http://http://www.yellowdoglinux.com/support/solutions/ydl_general/yup.shtml