Yellow Dog Linux Security Announcement
--------------------------------------

Package:	ucd-snmp	
Issue Date: 	December 08, 2001
Priority:	high		
Advisory ID: 	YDU-20011208-2


1. 	Topic:

	Updated ucd-snmp packages are now available.
	These packages include fixes for the following problems:

	- /tmp race and setgroups() privilege problem
	- Various buffer overflow and format string issues
	- One signedness problem in ASN handling

	It is recommended that all users update to the fixed packages.


2. 	Problem:

	Due to the mentioned security problems a remote attacker might obtain
	superuser privileges on a vulnerable host.

3. 	Solution:

   	a) Updating via yup...
   	We suggest that you use the Yellow Dog Update Program (yup)
   	to keep your system up-to-date. The following command(s) will
   	automatically retrieve and install the fixed version of
   	this update onto your system:

   		yup update ucd-snmp
		yup update ucd-snmp-devel
		yup update ucd-snmp-utils

   	b) Updating manually...
   	The update can also be retrieved manually from our ftp site
   	below along with the rpm command that should be used to install
   	the update.  (Please use a mirror site)

   		ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/yellowdog-2.1/ppc/
                rpm -Fvh ucd-snmp-4.2.1-4.ppc.rpm
		rpm -Fvh ucd-snmp-devel-4.2.1-4.ppc.rpm
		rpm -Fvh ucd-snmp-utils-4.2.1-4.ppc.rpm

4. Verification

MD5 checksum			  Package
--------------------------------  ----------------------------
9013702df074ebc28a514d82d513845f  RPMS/ucd-snmp-4.2.1-4.ppc.rpm
1d1b8f07fe8f8af6af0eb4c56173875e  RPMS/ucd-snmp-devel-4.2.1-4.ppc.rpm
917e8f5c1c209580408a818e991f0a8f  RPMS/ucd-snmp-utils-4.2.1-4.ppc.rpm
4e611662481873f51cf95566153c73d4  SRPMS/ucd-snmp-4.2.1-4.src.rpm

If you wish to verify that each package has not been corrupted or tampered with,
examine the md5sum with the following command: rpm --checksig --nogpg filename


5. Misc.

Terra Soft has setup a moderated mailing list where these security, bugfix, and package
enhancement announcements will be posted. See http://lists.yellowdoglinux.com/ for more
information.

For information regarding the usage of yup, the Yellow Dog Update Program, see 
http://http://www.yellowdoglinux.com/support/solutions/ydl_general/yup.shtml