-----BEGIN PGP SIGNED MESSAGE----- - ------------------------------------------------------------------------ Debian Security Advisory This email address is being protected from spambots. You need JavaScript enabled to view it. http://www.debian.org/security/ Wichert Akkerman October 28, 1999 - ------------------------------------------------------------------------ The nis package that was distributed with Debian GNU/Linux 2.1 has a couple of problems: * ypserv allowed any machine in the NIS domain to insert new tables * rpc.yppasswd had a bufferoverflow in its MD5 code * rpc.yppasswd allowed users to change the GECOS and loginshell entries of other users This has been fixed in version 3.5-2. We recommend you upgrade your nis package immediately. wget url will fetch the file for you dpkg -i file.deb will install the referenced file. Source archives: http://security.debian.org/dists/stable/updates/source/nis_3.5- 2.diff.gz MD5 checksum: 5b41361ce80bd2067c2c40f03ea14ac4 http://security.debian.org/dists/stable/updates/source/nis_3.5-2.dsc MD5 checksum: 696ad9726555336e8bab482ee8f2f040 http://security.debian.org/dists/stable/updates/source/nis_3.5.orig.tar.gz MD5 checksum: 368167b1e16eb25ac639935310a26daa Alpha architecture: http://security.debian.org/dists/stable/updates/binary- alpha/nis_3.5-2_alpha.deb MD5 checksum: c0a8066bd00ed4fe10ac4c7294768ede Intel ia32 architecture: http://security.debian.org/dists/stable/updates/binary- i386/nis_3.5-2_i386.deb MD5 checksum: 0cc3b116a4ede4dec99189b9bdb9830a Motorola 680x0 architecture: http://security.debian.org/dists/stable/updates/binary- m68k/nis_3.5-2_m68k.deb MD5 checksum: 5a713462f36bb6faf90d362b5e28aa61 Sun Sparc architecture: http://security.debian.org/dists/stable/updates/binary- sparc/nis_3.5-2_sparc.deb MD5 checksum: 9fa64238b625748523e5f5e8591434cd These files will be moved into ftp://ftp.debian.org/debian/dists/stable/*/binary-$arch/ soon. For not yet released architectures please refer to the appropriate directory ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ . - -- - ---------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable updates For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia Charset: noconv iQB1AwUBOBd/VqjZR/ntlUftAQEDaQL/U4xUvtW84sRPjrXQS1kqEE0nyUBqEM8b T0lVB68/OS1hiwMXAV/oVnBvBnoGSuX0nqA54fcwEBbeagHf7q2/aY/E1C7vPdSU SrgcxGwjA66YomkzkfBNLHosSMitKE/F =cEQe -----END PGP SIGNATURE-----
New version of nis released
The nis package that was distributed with Debian GNU/Linux 2.1 has a couple of problems: * ypserv allowed any machine in the NIS domain to insert new tables * rpc.yppasswd had a bufferoverflow in its MD5 code * rpc.yppasswd allowed users to change the GECOS and loginshell entries of other users
You are not authorised to post comments.