Yellow Dog Linux Security Announcement
--------------------------------------

Package:	Canna
Issue Date: 	December 27, 2002	
Priority:	medium
Advisory ID: 	YDU-20021227-3


1. 	Topic:

	Updated Canna packages are available.


2. 	Problem:

	"Canna is a kana-kanji conversion server which is necessary for Japanese
	language character input.

	A buffer overflow bug in the Canna server up to and including version 3.5b2
	allows a local user to gain the privileges of the user 'bin' which could
	lead to further exploits. The Common Vulnerabilities and Exposures project
	(cve.mitre.org) has assigned the name CAN-2002-1158 to this issue.

	A lack of validation of requests has been found that affects Canna version
	3.6 and earlier. A malicious remote user could exploit this vulnerability
	to leak information, or cause a denial of service attack. (CAN-2002-1159)"
	(from Red Hat advisory)


3. 	Solution:

   	a) Updating via apt...
   	We suggest that you use the apt-get program to keep your
   	system up-to-date. The following command(s) will retrieve
   	and install the fixed version of this update onto your system:

		apt-get update
		apt-get install Canna

   	b) Updating manually...
	Download the updates below and then run the following rpm command.
   	(Please use a mirror site)

		rpm -Fvh [filenames]
		ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/yellowdog-2.3/
			ppc/Canna-3.5b2-62.7.3.ppc.rpm
			ppc/Canna-devel-3.5b2-62.7.3.ppc.rpm
			ppc/Canna-libs-3.5b2-62.7.3.ppc.rpm


4. Verification

MD5 checksum			  Package
--------------------------------  ----------------------------
143ae7a8b05969fd8ba3520aeab0b40a  ppc/Canna-3.5b2-62.7.3.ppc.rpm
bef41bcffe4b342514c0bca243611452  ppc/Canna-devel-3.5b2-62.7.3.ppc.rpm
9fd7642e601e1dae3e1889f5bdf8c018  ppc/Canna-libs-3.5b2-62.7.3.ppc.rpm
5986e71504ca198ca089694e20433c32  SRPMS/Canna-3.5b2-62.7.3.src.rpm


I wish to verify that each package has not been corrupted or tampered with,
examine the md5sum with the following command: rpm --checksig --nogpg filename


5. Misc.

Terra Soft has setup a moderated mailing list where these security, bugfix, and package
enhancement announcements will be posted. See http://lists.terrasoftsolutions.com/ for more
information.

For information regarding the usage of apt-get, see:
http://www.yellowdoglinux.com/support/solutions/ydl_general/apt-get.shtml