Yellow Dog Linux Security Announcement
--------------------------------------

Package:	krb5
Issue Date: 	December 27, 2002	
Priority:	medium
Advisory ID: 	YDU-20021227-6


1. 	Topic:

	Updated krb5 packages are available.


2. 	Problem:

	"A stack buffer overflow has been found in the implementation of the
	Kerberos v4 compatibility administration daemon (kadmind4), which is part
	of the the MIT krb5 distribution. This vulnerability is present in version
	1.2.6 and earlier of the MIT krb5 distribution and can be exploited to gain
	unauthorized root access to a KDC host. The attacker does not need to
	authenticate to the daemon to successfully perform this attack."
	(from Red Hat advisory)


3. 	Solution:

   	a) Updating via apt...
   	We suggest that you use the apt-get program to keep your
   	system up-to-date. The following command(s) will retrieve
   	and install the fixed version of this update onto your system:

		apt-get update
		apt-get install krb5-libs

   	b) Updating manually...
	Download the updates below and then run the following rpm command.
   	(Please use a mirror site)

		rpm -Fvh [filenames]
		ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/yellowdog-2.3/
			ppc/krb5-devel-1.2.4-3.ppc.rpm
			ppc/krb5-libs-1.2.4-3.ppc.rpm
			ppc/krb5-server-1.2.4-3.ppc.rpm
			ppc/krb5-workstation-1.2.4-3.ppc.rpm


4. Verification

MD5 checksum			  Package
--------------------------------  ----------------------------
25df3539c35594087e7d95f2165fa479  ppc/krb5-devel-1.2.4-3.ppc.rpm
80bafa9350e982e730bd3e9b47b42444  ppc/krb5-libs-1.2.4-3.ppc.rpm
ea1386999125e702432704c68a30b1c4  ppc/krb5-server-1.2.4-3.ppc.rpm
b508a73f0a5eb10230681e76fb2b840f  ppc/krb5-workstation-1.2.4-3.ppc.rpm
47a4a4411276d30e845f7c9fa79a8edd  SRPMS/krb5-1.2.4-3.src.rpm

I wish to verify that each package has not been corrupted or tampered with,
examine the md5sum with the following command: rpm --checksig --nogpg filename


5. Misc.

Terra Soft has setup a moderated mailing list where these security, bugfix, and package
enhancement announcements will be posted. See http://lists.terrasoftsolutions.com/ for more
information.

For information regarding the usage of apt-get, see:
http://www.yellowdoglinux.com/support/solutions/ydl_general/apt-get.shtml