linux, säkerhet

5490395 2000-09-19  21:07  /75 rader/ Brevbäraren (som är implementerad i) Python
Mottagare: Bugtraq (import) <12852>
Ärende: klogd Kernel Logger vulnerability and fix
------------------------------------------------------------
From: "Slackware Security Team (by way of Thomas Novin               <tnovin@hem.passagen.se>)" <security@SLACKWARE.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
Message-ID: <4.3.2.7.2.20000919155822.02a294c0@hem.passagen.se>

A string format / buffer overflow bug has been discovered in klogd,
the kernel logging daemon.  Please upgrade to the new sysklogd 1.4
package available on the Slackware FTP site.


=========================================================================
sysklogd 1.4 AVAILABLE - (a1/sysklogd.tgz)
=========================================================================


PACKAGE INFORMATION:
--------------------
a1/sysklogd.tgz:
    This package contains a new version of klogd (1.4) which is not vulnerable
    to this string format hole.  Most users will have a previous version
    installed, and should upgrade to the new version on the FTP site.


WHERE TO FIND THE NEW PACKAGES:
-------------------------------
All new packages can be found in the -current branch:

ftp://ftp.slackware.com/pub/slackware/slackware-current/slakware/a1/sysklogd.tgz


MD5 SIGNATURES AND CHECKSUMS:
-----------------------------
Here are the md5sums and checksums for the packages:

    d2a7c649c19fc14e6668c583feaf62ae  a1/sysklogd.tgz

    4100951056 58926  a1/sysklogd.tgz


INSTALLATION INSTRUCTIONS:
--------------------------
The packages above should be upgraded in single user mode (runlevel
1).  Bring the system into runlevel 1:

    # telinit 1

Then upgrade the packages:

    # upgradepkg <package name>.tgz

Then bring the system back into multiuser mode:

    # telinit 3

Remember, it's also a good idea to back up configuration files before
upgrading packages.


+------------------------------------------------------------------------+
| HOW TO REMOVE YOURSELF FROM THIS MAILING LIST:                         |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message:                                                     |
|                                                                        |
|   unsubscribe slackware-security                                       |
|                                                                        |
| You will get a confirmation message back.  Follow the instructions to  |
| complete the unsubscription.  Do not reply to this message to          |
| unsubscribe!                                                           |
+------------------------------------------------------------------------+


- Slackware Linux Security Team
   http://www.slackware.com
(5490395) ------------------------------------------(Ombruten)