Yellow Dog Linux Security Announcement
--------------------------------------

Package:	ypserv
Issue Date: 	December 27, 2002	
Priority:	medium
Advisory ID: 	YDU-20021227-5


1. 	Topic:

	Updated ypserv packages are available.


2. 	Problem:

	"ypserv is an NIS authentication server. ypserv versions before 2.5 contain
	a memory leak that can be triggered remotely.

	When someone requests a map that doesn't exist, a previous mapname may be
	leaked. This happens, for instance, if you run "ypmatch foo
	aaaaaaaaaaaaaaaaaaaa". Repeated runs will result in the yp server using
	more and more memory, and running more slowly. It could also result in
	ypserv being killed due to the system being out of memory."
	(from Red Hat advisory)


3. 	Solution:

   	a) Updating via apt...
   	We suggest that you use the apt-get program to keep your
   	system up-to-date. The following command(s) will retrieve
   	and install the fixed version of this update onto your system:

		apt-get update
		apt-get install ypserv

   	b) Updating manually...
	Download the updates below and then run the following rpm command.
   	(Please use a mirror site)

		rpm -Fvh [filenames]
		ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/yellowdog-2.3/
			ppc/ypserv-2.5-2.7x.ppc.rpm


4. Verification

MD5 checksum			  Package
--------------------------------  ----------------------------
ed14beb54d65c28ca265d4d8eb8b4c3a  ppc/ypserv-2.5-2.7x.ppc.rpm
91985320eb32c028bd62160aab0b5f08  SRPMS/ypserv-2.5-2.7x.src.rpm

I wish to verify that each package has not been corrupted or tampered with,
examine the md5sum with the following command: rpm --checksig --nogpg filename


5. Misc.

Terra Soft has setup a moderated mailing list where these security, bugfix, and package
enhancement announcements will be posted. See http://lists.terrasoftsolutions.com/ for more
information.

For information regarding the usage of apt-get, see:
http://www.yellowdoglinux.com/support/solutions/ydl_general/apt-get.shtml