Yellow Dog Linux Security Announcement
--------------------------------------

Package: 	ircii
Issue Date: 	May 07, 2000
Update Date: 	May 07, 2000
Priority: 	medium
Advisory ID: 	YDU-20000507-2


1. Topic:

   ircii contains a buffer overflow.


2. Problem:

   ircii's dcc chat functionality contains a buffer overflow.
   An attacker could use this to execute code as the user of ircii.
   

3. Solution:

   a) Updating via yup...
   We suggest that you use the Yellow Dog Update Program (yup)
   to keep your system up-to-date. The following command will
   automatically retrieve and install the fixed version of
   man onto your system:

   	yup update ircii

   b) Updating manually...
   The update can also be retrieved manually from our ftp site
   below along with the rpm command that should be used to install
   the update.

   ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/champion-1.2/ppc/RPMS/
   ircii-4.4M-1.ppc.rpm

        rpm -Fvh ircii-4.4M-1.ppc.rpm


4. Verification

MD5 checksum				Package
--------------------------------	----------------------------
1b5fc0c5c93047597dd9d410bbecc2f6  	RPMS/ircii-4.4M-1.ppc.rpm 
23eb4a7bbea7623c007f5aeb7ea50aa1  	SRPMS/ircii-4.4M-1.src.rpm

All updates are signed by Terra Soft Solutions, Inc. 
with our GPG key which is available at:
http://www.yellowdoglinux.com/resources/public_key.shtml

You can verify each package with the following command: rpm --checksig filename 

If you only wish to verify that each package has not been corrupted or tampered with,
examine only the md5sum with the following command: rpm --checksig --nogpg filename


5. Misc.

Terra Soft has setup a moderated mailing list where these security, bugfix, and package
enhancement announcements will be posted. See http://lists.yellowdoglinux.com/ for more
information.

For information regarding the usage of yup, the Yellow Dog Update Program, see 
http://http://www.yellowdoglinux.com/support/solutions/ydl_general/yup.shtml