-----BEGIN PGP SIGNED MESSAGE-----

- ------------------------------------------------------------------------
Debian Security Advisory                             security@debian.org
Debian -- Security Information       
                   Wichert Akkerman
October 28, 1999
- ------------------------------------------------------------------------


The nis package that was distributed with Debian GNU/Linux 2.1 has a
couple of problems:
* ypserv allowed any machine in the NIS domain to insert new tables
* rpc.yppasswd had a bufferoverflow in its MD5 code
* rpc.yppasswd allowed users to change the GECOS and loginshell entries
  of other users
This has been fixed in version 3.5-2. We recommend you upgrade your nis
package immediately.

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

  Source archives:
     
2.diff.gz
      MD5 checksum: 5b41361ce80bd2067c2c40f03ea14ac4
     2.dsc
      MD5 checksum: 696ad9726555336e8bab482ee8f2f040
     
      MD5 checksum: 368167b1e16eb25ac639935310a26daa

  Alpha architecture:
     
alpha/nis_3.5-2_alpha.deb
      MD5 checksum: c0a8066bd00ed4fe10ac4c7294768ede

  Intel ia32 architecture:
     
i386/nis_3.5-2_i386.deb
      MD5 checksum: 0cc3b116a4ede4dec99189b9bdb9830a

  Motorola 680x0 architecture:
     
m68k/nis_3.5-2_m68k.deb
      MD5 checksum: 5a713462f36bb6faf90d362b5e28aa61

  Sun Sparc architecture:
     
sparc/nis_3.5-2_sparc.deb
      MD5 checksum: 9fa64238b625748523e5f5e8591434cd

  These files will be moved into
    soon.


For not yet released architectures please refer to the appropriate
directory   .

- -- 
- ----------------------------------------------------------------------------
For apt-get: deb Debian -- Security Information  stable 
updates
For dpkg-ftp:   dists/stable/updates
Mailing list: debian-security-announce@lists.debian.org

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv

iQB1AwUBOBd/VqjZR/ntlUftAQEDaQL/U4xUvtW84sRPjrXQS1kqEE0nyUBqEM8b
T0lVB68/OS1hiwMXAV/oVnBvBnoGSuX0nqA54fcwEBbeagHf7q2/aY/E1C7vPdSU
SrgcxGwjA66YomkzkfBNLHosSMitKE/F
=cEQe
-----END PGP SIGNATURE-----

New version of nis released

December 13, 1999
The nis package that was distributed with Debian GNU/Linux 2.1 has a couple of problems: * ypserv allowed any machine in the NIS domain to insert new tables * rpc.yppasswd had a bu...

Summary


The nis package that was distributed with Debian GNU/Linux 2.1 has a
couple of problems:
* ypserv allowed any machine in the NIS domain to insert new tables
* rpc.yppasswd had a bufferoverflow in its MD5 code
* rpc.yppasswd allowed users to change the GECOS and loginshell entries
of other users
This has been fixed in version 3.5-2. We recommend you upgrade your nis
package immediately.

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

Source archives:

2.diff.gz
MD5 checksum: 5b41361ce80bd2067c2c40f03ea14ac4
2.dsc
MD5 checksum: 696ad9726555336e8bab482ee8f2f040

MD5 checksum: 368167b1e16eb25ac639935310a26daa

Alpha architecture:

alpha/nis_3.5-2_alpha.deb
MD5 checksum: c0a8066bd00ed4fe10ac4c7294768ede

Intel ia32 architecture:

i386/nis_3.5-2_i386.deb
MD5 checksum: 0cc3b116a4ede4dec99189b9bdb9830a

Motorola 680x0 architecture:

m68k/nis_3.5-2_m68k.deb
MD5 checksum: 5a713462f36bb6faf90d362b5e28aa61

Sun Sparc architecture:

sparc/nis_3.5-2_sparc.deb
MD5 checksum: 9fa64238b625748523e5f5e8591434cd

These files will be moved into
soon.


For not yet released architectures please refer to the appropriate
directory .

- --
For apt-get: deb Debian -- Security Information stable
updates
For dpkg-ftp: dists/stable/updates
Mailing list: debian-security-announce@lists.debian.org

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv

iQB1AwUBOBd/VqjZR/ntlUftAQEDaQL/U4xUvtW84sRPjrXQS1kqEE0nyUBqEM8b
T0lVB68/OS1hiwMXAV/oVnBvBnoGSuX0nqA54fcwEBbeagHf7q2/aY/E1C7vPdSU
SrgcxGwjA66YomkzkfBNLHosSMitKE/F
=cEQe
-----END PGP SIGNATURE-----




Severity
Debian Security Advisory security@debian.org
//www.debian.org/security/">Debian -- Security Information
Wichert Akkerman
October 28, 1999

Related News

19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
Sign Up