Yellow Dog Linux Security Announcement
--------------------------------------

Package:	nfs-utils
Issue Date: 	July 31, 2000
Update Date: 	July 31, 2000
Priority: 	high
Advisory ID: 	YDU-20000731-2


1. Topic:

   The rpc.statd daemon has a problem which could lead to a
   root break-in.


2. Problem:

   The rpc.statd daemon contains a flaw that could lead to a 
   remote root break-in. This update of nfs-utils fixes the
   problem.  There are currently no known exploits for the
   flaw.


3. Solution:

   a) Updating via yup...
   We suggest that you use the Yellow Dog Update Program (yup)
   to keep your system up-to-date. The following command will
   automatically retrieve and install the fixed version of
   the nfs-utils onto your system:

   	yup update nfs-utils

   b) Updating manually...
   The update can also be retrieved manually from our ftp site
   below along with the rpm command that should be used to install
   the update.

   ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/champion-1.2/ppc/RPMS/
   nfs-utils-0.1.9.1-1.ppc.rpm

        rpm -Fvh nfs-utils-0.1.9.1-1.ppc.rpm


4. Verification

MD5 checksum				Package
--------------------------------	----------------------------
69a0dc24dcfdf37da793442b4d7a5d20  	RPMS/nfs-utils-0.1.9.1-1.ppc.rpm
56eb97659c077c1c1b4cf2b3316ffe47  	SRPMS/nfs-utils-0.1.9.1-1.src.rpm

If you only wish to verify that each package has not been corrupted or tampered with,
examine only the md5sum with the following command: rpm --checksig --nogpg filename


5. Misc.

Terra Soft has setup a moderated mailing list where these security, bugfix, and package
enhancement announcements will be posted. See http://lists.yellowdoglinux.com/ for more
information.

For information regarding the usage of yup, the Yellow Dog Update Program, see 
http://http://www.yellowdoglinux.com/support/solutions/ydl_general/yup.shtml