Yellow Dog Linux Security Announcement -------------------------------------- Package: lv Issue Date: Jun 02,2003 Priority: medium Advisory ID: YDU-20030602-6 1. Topic: Updated lv packages are available. 2. Problem: "Lv is a powerful file viewer similar to less. It can decode and encode multilingual streams through many coding systems, such as ISO-8859, ISO-2022, EUC, SJIS Big5, HZ, and Unicode. A bug has been found in versions of lv that read a .lv file in the current directory. Local attackers can use this to place an .lv file in any directory to which they have write access. Any user who subsequently runs lv in that directory and uses the v (edit) command can be forced to execute an arbitrary program. Users are advised to upgrade to these erratum packages, which contain a version of lv that is patched to read the .lv configuration file only in the user's home directory." (From Red Hat Advisory) 3. Solution: a) Updating via apt... We suggest that you use the apt-get program to keep your system up-to-date. The following command(s) will retrieve and install the fixed version of this update onto your system: apt-get update apt-get install lv b) Updating manually... Download the updates below and then run the following rpm command. (Please use a mirror site) rpm -Fvh [filenames] Yellow Dog Linux 3.0 ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/yellowdog-3.0/ ppc/lv-4.49.4-9.9.1.ppc.rpm 4. Verification MD5 checksum Package -------------------------------- ---------------------------- [Yellow Dog Linux 3.0] 67e24c650a40ff04057ea66c3507fc5c SRPMS/lv-4.49.4-9.9.1.src.rpm 952aad11c68f410994afe02dddff12cd ppc/lv-4.49.4-9.9.1.ppc.rpm If you wish to verify that each package has not been corrupted or tampered with, examine the md5sum with the following command: md5sum 5. Misc. Terra Soft has setup a moderated mailing list where these security, bugfix, and package enhancement announcements will be posted. See http://lists.terrasoftsolutions.com/ for more information. For information regarding the usage of apt-get, see: http://www.yellowdoglinux.com/support/solutions/ydl_general/apt-get.shtml