Yellow Dog Linux Security Announcement -------------------------------------- Package: eog Issue Date: Apr 23,2003 Priority: medium Advisory ID: YDU-20030423-5 1. Topic: Updated eog packages are available. 2. Problem: "A vulnerability was found in EOG version 2.2.0 and earlier. A carefully crafted filename passed to the program could lead to the execution of arbitrary code. An attacker could exploit this because various packages (Mutt, for example) make use of eog for image viewing. All users are advised to upgrade to these erratum packages which contain a backported patch correcting this issue." (From Red Hat Advisory) 3. Solution: a) Updating via apt... We suggest that you use the apt-get program to keep your system up-to-date. The following command(s) will retrieve and install the fixed version of this update onto your system: apt-get eog apt-get install eog b) Updating manually... Download the updates below and then run the following rpm command. (Please use a mirror site) rpm -Fvh [filenames] Yellow Dog Linux 3.0 ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/yellowdog-3.0/ ppc/eog-2.2.0-2.ppc.rpm 4. Verification MD5 checksum Package -------------------------------- ---------------------------- [Yellow Dog Linux 3.0] 7e87b9bcb2c6fde0152fc2883249b33c SRPMS/eog-2.2.0-2.src.rpm 29efb6c3f801055e448363a63ef2879f ppc/eog-2.2.0-2.ppc.rpm If you wish to verify that each package has not been corrupted or tampered with, examine the md5sum with the following command: md5sum 5. Misc. Terra Soft has setup a moderated mailing list where these security, bugfix, and package enhancement announcements will be posted. See http://lists.terrasoftsolutions.com/ for more information. For information regarding the usage of apt-get, see: http://www.yellowdoglinux.com/support/solutions/ydl_general/apt-get.shtml