Home page logo
/

bugtraq logo Bugtraq mailing list archives

klogd Kernel Logger vulnerability and fix
From: "Slackware Security Team (by way of Thomas Novin <tnovin () hem passagen se>)" <security () SLACKWARE COM>
Date: Tue, 19 Sep 2000 15:59:16 +0200

A string format / buffer overflow bug has been discovered in klogd, the kernel
logging daemon.  Please upgrade to the new sysklogd 1.4 package available on
the Slackware FTP site.


=========================================================================
sysklogd 1.4 AVAILABLE - (a1/sysklogd.tgz)
=========================================================================


PACKAGE INFORMATION:
--------------------
a1/sysklogd.tgz:
   This package contains a new version of klogd (1.4) which is not vulnerable
   to this string format hole.  Most users will have a previous version
   installed, and should upgrade to the new version on the FTP site.


WHERE TO FIND THE NEW PACKAGES:
-------------------------------
All new packages can be found in the -current branch:

ftp://ftp.slackware.com/pub/slackware/slackware-current/slakware/a1/sysklogd.tgz


MD5 SIGNATURES AND CHECKSUMS:
-----------------------------
Here are the md5sums and checksums for the packages:

   d2a7c649c19fc14e6668c583feaf62ae  a1/sysklogd.tgz

   4100951056 58926  a1/sysklogd.tgz


INSTALLATION INSTRUCTIONS:
--------------------------
The packages above should be upgraded in single user mode (runlevel
1).  Bring the system into runlevel 1:

   # telinit 1

Then upgrade the packages:

   # upgradepkg <package name>.tgz

Then bring the system back into multiuser mode:

   # telinit 3

Remember, it's also a good idea to back up configuration files before
upgrading packages.


+------------------------------------------------------------------------+
| HOW TO REMOVE YOURSELF FROM THIS MAILING LIST:                         |
+------------------------------------------------------------------------+
| Send an email to majordomo () slackware com with this text in the body of |
| the email message:                                                     |
|                                                                        |
|   unsubscribe slackware-security                                       |
|                                                                        |
| You will get a confirmation message back.  Follow the instructions to  |
| complete the unsubscription.  Do not reply to this message to          |
| unsubscribe!                                                           |
+------------------------------------------------------------------------+


- Slackware Linux Security Team
  http://www.slackware.com


  By Date           By Thread  

Current thread:
  • klogd Kernel Logger vulnerability and fix Slackware Security Team (by way of Thomas Novin <tnovin () hem passagen se>) (Sep 19)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault