SECURITY: am-utils

Subject: SECURITY: am-utils
From: Dan Burcaw (dburcaw@terraplex.com)
Date: Wed Sep 01 1999 - 17:28:43 MDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: Erick W.Curtis: "<no subject>"
• Previous message: Rich Lafferty: "dump/restore"

The Yellow Dog Linux Security Team has just released an updated
version of am-utils which fixes recently discovered security
vulnerabilities in the AMD automounter that is being actively exploited on
the internet.

Package: am-utils
Date: September 1, 1999
Problem:

An explotable buffer overflow security problem in the amd daemon which is
part of the am-utils package has been fixed. This problem is being
actively exploted on the Internet and can be used to gain root access on
machines running amd.

Thanks to Erez Zadok, the maintainer of am-utils, for resolving the
problem.

We recommend that all Yellow Dog users upgrade to this fixed version of
am-utils.

Urgency: HIGH
Solution: rpm -Uvh <file>

ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/champion-1.1/RPMS/am-utils-6.0.1s11-1a.ppc.rpm

Here is the md5 checksum of the updated package. Please verify these
before installing the new package by running: md5sum <file>

65d78d00632fb71e41eb136746f99b24 RPMS/am-utils-6.0.1s11-1a.ppc.rpm

Users of Champion Server 1.0 can also, and are strongly advised to upgrade
to this version of am-utils.

More information can be found from our errata page at:
http://www.yellowdoglinux.com/resources/errata_cs11.shtml

• Next message: Erick W.Curtis: "<no subject>"
• Previous message: Rich Lafferty: "dump/restore"

This archive was generated by hypermail 2a24 : Sun Sep 05 1999 - 13:46:33 MDT