Yellow Dog Linux Security Announcement
--------------------------------------

Package:	glibc
Issue Date: 	October 20, 2002	
Priority:	high
Advisory ID: 	YDU-20021020-1


1. 	Topic:

	Updated glibc packages are available.


2. 	Problem:

	"The GNU C library package, glibc, contains standard libraries which are
	used by multiple programs on the system.

	A read buffer overflow vulnerability exists in the glibc resolver code in
	versions of glibc up to and including 2.2.5. The vulnerability is
	triggered by DNS packets larger than 1024 bytes and can cause applications
	to crash.

	All [Yellow Dog] Linux users are advised to upgrade to these errata packages
	which contain a patch to correct this vulnerability."
	(from Red Had advisory)

3. 	Solution:

   	a) Updating via apt...
   	We suggest that you use the apt-get program to keep your
   	system up-to-date. The following command(s) will retrieve
   	and install the fixed version of this update onto your system:

		apt-get update
		apt-get install glibc

   	b) Updating manually...
	Download the updates below and then run the following rpm command.
   	(Please use a mirror site)

		rpm -Fvh [filenames]
		ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/yellowdog-2.3/
			ppc/glibc-2.2.5-40.2.3a.ppc.rpm
			ppc/glibc-common-02.2.5-40.2.3a.ppc.rpm
			ppc/glibc-debug-2.2.5-40.2.3a.ppc.rpm
			ppc/glibc-debug-static-2.2.5-40.2.3a.ppc.rpm
			ppc/glibc-profile-2.2.5-40.2.3a.ppc.rpm
			ppc/glibc-utils-2.2.5-40.2.3a.ppc.rpm
			ppc/nss_db-2.2-14.2.3a.ppc.rpm
			ppc/nss_db-compat-2.2-14.2.3a.ppc.rpm
			ppc/libelf-0.7.0-2.2.3a.ppc.rpm


4. Verification

MD5 checksum			  Package
--------------------------------  ----------------------------
06deb71d8c39ab2fb1abbf94ef6c55c7  ppc/glibc-2.2.5-40.2.3a.ppc.rpm
7f7f9b7f7e2f46f15eca60e7825a88be  ppc/glibc-common-2.2.5-40.2.3a.ppc.rpm
4f6db0204087bf5ad7592f1bacbb0998  ppc/glibc-debug-2.2.5-40.2.3a.ppc.rpm
4b81b8ef6019d57dff979ae3ba2ccce2  ppc/glibc-debug-static-2.2.5-40.2.3a.ppc.rpm
94f6d7b1444c5a6c377be623cfd2a721  ppc/glibc-devel-2.2.5-40.2.3a.ppc.rpm
666b5e9b4b56ae38addfdf044b294b7f  ppc/glibc-profile-2.2.5-40.2.3a.ppc.rpm
e04dc0701f05bc414e9950cbd04fc10f  ppc/glibc-utils-2.2.5-40.2.3a.ppc.rpm
020b8119b7c32ea57f96341170070b4f  ppc/nss_db-2.2-14.2.3a.ppc.rpm
780ff7fbd2356fc88a900bfb077c9f25  ppc/nss_db-compat-2.2-14.2.3a.ppc.rpm
cb86bac6aaf0adbb110135974a95c03f  ppc/libelf-0.7.0-2.2.3a.ppc.rpm
2cd9e7b4c81673d7602bc79b300ff1f9  SRPMS/glibc-2.2.5-40.2.3a.src.rpm
0ce547179c1f2bfd58298ad9c13b8cac  SRPMS/nss_db-2.2-14.2.3a.src.rpm
56cd95e11452b9f73fc6459076a75dfa  SRPMS/libelf-0.7.0-2.2.3a.src.rpm

I wish to verify that each package has not been corrupted or tampered with,
examine the md5sum with the following command: rpm --checksig --nogpg filename


5. Misc.

Terra Soft has setup a moderated mailing list where these security, bugfix, and package
enhancement announcements will be posted. See http://lists.terrasoftsolutions.com/ for more
information.

For information regarding the usage of apt-get, see:
http://www.yellowdoglinux.com/support/solutions/ydl_general/apt-get.shtml