- ------------------------------------------------------------------------

Debian Security Advisory                             security@debian.org

http://www.debian.org/security/                         Wichert Akkerman

October 28, 1999

- ------------------------------------------------------------------------





The nis package that was distributed with Debian GNU/Linux 2.1 has a

couple of problems:

* ypserv allowed any machine in the NIS domain to insert new tables

* rpc.yppasswd had a bufferoverflow in its MD5 code

* rpc.yppasswd allowed users to change the GECOS and loginshell entries

  of other users



This has been fixed in version 3.5-2. We recommend you upgrade your nis

package immediately.



wget url

        will fetch the file for you

dpkg -i file.deb

        will install the referenced file.



  Source archives:

    http://security.debian.org/dists/stable/updates/source/nis_3.5-2.diff.gz

      MD5 checksum: 5b41361ce80bd2067c2c40f03ea14ac4

    http://security.debian.org/dists/stable/updates/source/nis_3.5-2.dsc

      MD5 checksum: 696ad9726555336e8bab482ee8f2f040

    http://security.debian.org/dists/stable/updates/source/nis_3.5.orig.tar.gz

      MD5 checksum: 368167b1e16eb25ac639935310a26daa



  Alpha architecture:

    http://security.debian.org/dists/stable/updates/binary-alpha/nis_3.5-2_alpha.d

eb

      MD5 checksum: c0a8066bd00ed4fe10ac4c7294768ede



  Intel ia32 architecture:

    http://security.debian.org/dists/stable/updates/binary-i386/nis_3.5-2_i386.deb



      MD5 checksum: 0cc3b116a4ede4dec99189b9bdb9830a



  Motorola 680x0 architecture:

    http://security.debian.org/dists/stable/updates/binary-m68k/nis_3.5-2_m68k.deb



      MD5 checksum: 5a713462f36bb6faf90d362b5e28aa61



  Sun Sparc architecture:

    http://security.debian.org/dists/stable/updates/binary-sparc/nis_3.5-2_sparc.d

eb

      MD5 checksum: 9fa64238b625748523e5f5e8591434cd



  These files will be moved into

  ftp://ftp.debian.org/debian/dists/stable/*/binary-$arch/ soon.





For not yet released architectures please refer to the appropriate

directory ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ .



- --

- ----------------------------------------------------------------------------

For apt-get: deb http://security.debian.org/ stable updates

For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates

Mailing list: debian-security-announce@lists.debian.org



-----BEGIN PGP SIGNATURE-----

Version: 2.6.3ia

Charset: noconv



iQB1AwUBOBd/VqjZR/ntlUftAQEDaQL/U4xUvtW84sRPjrXQS1kqEE0nyUBqEM8b

T0lVB68/OS1hiwMXAV/oVnBvBnoGSuX0nqA54fcwEBbeagHf7q2/aY/E1C7vPdSU

SrgcxGwjA66YomkzkfBNLHosSMitKE/F

=cEQe

-----END PGP SIGNATURE-----





--

To UNSUBSCRIBE, email to debian-security-announce-request@lists.debian.org

with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org