Yellow Dog Linux Security Announcement -------------------------------------- Package: nfs-utils Issue Date: Jul 18,2003 Priority: medium Advisory ID: YDU-20030718-1 1. Topic: Updated nfs-utils packages are available. 2. Problem: "The nfs-utils package provides a daemon for the kernel NFS server and related tools. Janusz Niewiadomski found a buffer overflow bug in nfs-utils version 1.0.3 and earlier. This bug could be exploited by an attacker, causing a remote Denial of Service (crash). It is not believed that this bug could lead to remote arbitrary code execution. Users are advised to update to these erratum packages, which contain a backported security patch supplied by the nfs-utils maintainers and are not vulnerable to this issue." From Red Hat Advisory 3. Solution: a) Updating via yum... We suggest that you use the yum program to keep your system up-to-date. The following command(s) will retrieve and install the fixed version of this update onto your system: yum update nfs-utils b) Updating manually... Download the updates below and then run the following rpm command. (Please use a mirror site) rpm -Fvh [filenames] ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/yellowdog-3.0/ ppc/nfs-utils-1.0.1-3.9.ppc.rpm 4. Verification MD5 checksum Package -------------------------------- ---------------------------- 83992ac9c3007e0fb8bdb617707b6d9d SRPMS/nfs-utils-1.0.1-3.9.src.rpm 1f107e571c38fe49f33cc9f6b2759d9d nfs-utils-1.0.1-3.9.ppc.rpm If you wish to verify that each package has not been corrupted or tampered with, examine the md5sum with the following command: md5sum 5. Misc. Terra Soft has setup a moderated mailing list where these security, bugfix, and package enhancement announcements will be posted. See http://lists.terrasoftsolutions.com/ for more information. For information regarding the usage of yum, see: http://www.yellowdoglinux.com/support/solutions/ydl_general/yum.shtml