Gentoo alert 200307-04 (ypserv) [LWN.net]


From:
    	       aliz@gentoo.org (Daniel Ahlberg)
To:
    	       gentoo-announce@gentoo.org
Subject:
    	       GLSA:  ypserv (200307-04)
Date:
    	       Fri, 11 Jul 2003 16:27:12 +0200 (CEST)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - - ---------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200307-04
- - - ---------------------------------------------------------------------

          PACKAGE : ypserv
          SUMMARY : denial of service
             DATE : 2003-07-11 14:27 UTC
          EXPLOIT : remote
VERSIONS AFFECTED : <ypserv-2.8
    FIXED VERSION : >=ypserv-2.8
              CVE : CAN-2003-0251

- - - ---------------------------------------------------------------------

quote from CVE:

"ypserv NIS server before 2.7 allows remote attackers to cause a denial 
of service via a TCP client request that does not respond to the server, 
which causes ypserv to block."

SOLUTION

It is recommended that all Gentoo Linux users who are running
net-nds/ypserv upgrade to ypserv-2.8 as follows

emerge sync
emerge ypserv
emerge clean

- - - ---------------------------------------------------------------------
aliz@gentoo.org - GnuPG key is available at http://dev.gentoo.org/~aliz
- - - ---------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQE/DslAfT7nyhUpoZMRAlifAKCJuEv32S1Tsb5ErNVsfHrkxcmIuACfa8Fo
avi3km4Y6pngjxw9QCPcSHs=
=o3G/
-----END PGP SIGNATURE-----
(Log in to post comments)