Slackware alert: klogd Kernel Logger vulnerability and fix

Posted by dave on Sep 19, 2000 12:57 AM EDT
Mailing list
Mail this story
Print this story

A string format / buffer overflow bug has been discovered in klogd, the kernel logging daemon. Please upgrade to the new sysklogd 1.4 package available on the Slackware FTP site.

A string format / buffer overflow bug has been discovered in klogd, the kernel
logging daemon.  Please upgrade to the new sysklogd 1.4 package available on 
the Slackware FTP site.

========================================================================= sysklogd 1.4 AVAILABLE - (a1/sysklogd.tgz) =========================================================================

PACKAGE INFORMATION: -------------------- a1/sysklogd.tgz: This package contains a new version of klogd (1.4) which is not vulnerable to this string format hole. Most users will have a previous version installed, and should upgrade to the new version on the FTP site.

WHERE TO FIND THE NEW PACKAGES: ------------------------------- All new packages can be found in the -current branch:

ftp://ftp.slackware.com/pub/slackware/slackware-current/slakware/a1/sysklogd.tgz

MD5 SIGNATURES AND CHECKSUMS: ----------------------------- Here are the md5sums and checksums for the packages:

d2a7c649c19fc14e6668c583feaf62ae a1/sysklogd.tgz

4100951056 58926 a1/sysklogd.tgz

INSTALLATION INSTRUCTIONS: -------------------------- The packages above should be upgraded in single user mode (runlevel 1). Bring the system into runlevel 1:

# telinit 1

Then upgrade the packages:

# upgradepkg <package name>.tgz

Then bring the system back into multiuser mode:

# telinit 3

Remember, it's also a good idea to back up configuration files before upgrading packages.

+------------------------------------------------------------------------+ | HOW TO REMOVE YOURSELF FROM THIS MAILING LIST: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back. Follow the instructions to | | complete the unsubscription. Do not reply to this message to | | unsubscribe! | +------------------------------------------------------------------------+

- Slackware Linux Security Team http://www.slackware.com

  Nav
» Read more about: Story Type: Security; Groups: Slackware

« Return to the newswire homepage

This topic does not have any threads posted yet!

You cannot post until you login.