[debian] New version of nis released

• Previous message: Jesús López de Aguileta: "Avirt Mail Server 3.3a or 3.5 remotely exploitable buffer"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Thu, 28 Oct 1999 00:40:28 +0200
From: Wichert Akkerman <wichertat_private>
Message-Id: <199910272240.AAA07525at_private>
To: debian-security-announceat_private
Subject: [SECURITY] New version of nis released

-----BEGIN PGP SIGNED MESSAGE-----

- ------------------------------------------------------------------------
Debian Security Advisory                             securityat_private
http://www.debian.org/security/                         Wichert Akkerman
October 28, 1999
- ------------------------------------------------------------------------


The nis package that was distributed with Debian GNU/Linux 2.1 has a
couple of problems:
* ypserv allowed any machine in the NIS domain to insert new tables
* rpc.yppasswd had a bufferoverflow in its MD5 code
* rpc.yppasswd allowed users to change the GECOS and loginshell entries
  of other users

This has been fixed in version 3.5-2. We recommend you upgrade your nis
package immediately.

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

  Source archives:
    http://security.debian.org/dists/stable/updates/source/nis_3.5-2.diff.gz
      MD5 checksum: 5b41361ce80bd2067c2c40f03ea14ac4
    http://security.debian.org/dists/stable/updates/source/nis_3.5-2.dsc
      MD5 checksum: 696ad9726555336e8bab482ee8f2f040
    http://security.debian.org/dists/stable/updates/source/nis_3.5.orig.tar.gz
      MD5 checksum: 368167b1e16eb25ac639935310a26daa

  Alpha architecture:
    http://security.debian.org/dists/stable/updates/binary-alpha/nis_3.5-2_alpha.deb
      MD5 checksum: c0a8066bd00ed4fe10ac4c7294768ede

  Intel ia32 architecture:
    http://security.debian.org/dists/stable/updates/binary-i386/nis_3.5-2_i386.deb
      MD5 checksum: 0cc3b116a4ede4dec99189b9bdb9830a

  Motorola 680x0 architecture:
    http://security.debian.org/dists/stable/updates/binary-m68k/nis_3.5-2_m68k.deb
      MD5 checksum: 5a713462f36bb6faf90d362b5e28aa61

  Sun Sparc architecture:
    http://security.debian.org/dists/stable/updates/binary-sparc/nis_3.5-2_sparc.deb
      MD5 checksum: 9fa64238b625748523e5f5e8591434cd

  These files will be moved into
  ftp://ftp.debian.org/debian/dists/stable/*/binary-$arch/ soon.


For not yet released architectures please refer to the appropriate
directory ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ .

- --
- ----------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable updates
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates
Mailing list: debian-security-announceat_private

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv

iQB1AwUBOBd/VqjZR/ntlUftAQEDaQL/U4xUvtW84sRPjrXQS1kqEE0nyUBqEM8b
T0lVB68/OS1hiwMXAV/oVnBvBnoGSuX0nqA54fcwEBbeagHf7q2/aY/E1C7vPdSU
SrgcxGwjA66YomkzkfBNLHosSMitKE/F
=cEQe
-----END PGP SIGNATURE-----


--
To UNSUBSCRIBE, email to debian-security-announce-requestat_private
with a subject of "unsubscribe". Trouble? Contact listmasterat_private

• Next message: .rain.forest.puppy.: "RFP9907: You, your servers, RDS, and thousands of script kiddies"
• Previous message: Jesús López de Aguileta: "Avirt Mail Server 3.3a or 3.5 remotely exploitable buffer"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:09:31 PDT