6623525 2001-06-14 16:55 -0700 /77 rader/ Immunix Security Team <security@wirex.com> Sänt av: joel@lysator.liu.se Importerad: 2001-06-15 08:31 av Brevbäraren Extern mottagare: bugtraq@securityfocus.com Mottagare: Bugtraq (import) <17439> Ärende: sysklogd update -- Immunix OS 6.2, 7.0-beta, 7.0 ------------------------------------------------------------ ----------------------------------------------------------------------- Immunix OS Security Advisory Packages updated: sysklogd Affected products: Immunix OS 6.2, 7.0-beta, and 7.0 Bugs fixed: immunix/1623 Date: Thu Jun 14 2001 Advisory ID: IMNX-2001-70-026-01 Author: Seth Arnold <sarnold@wirex.com> ----------------------------------------------------------------------- Description: The Linux kernel logging daemon klogd distributed in the sysklogd package can be forced to quit if it receives a null byte in a log message from the Linux kernel. These updates have applied a patch from roessler at does-not-exist dot org to fix this problem. Because an attacker would need to convince the kernel to log a null byte in order to exploit this problem, we don't think it is an issue for most sites; however, the bug was found when a kernel module supplied with kernel 2.4 attempted to print a null byte. We recommend Immunix OS users upgrade their sysklogd packages. References: http://bugs.debian.org/cgi-bin/bugreport.cgi?archive=no&bug=85478 Package names and locations: Precompiled binary packages for Immunix 6.2 are available at: http://download.immunix.org/ImmunixOS/6.2/updates/RPMS/sysklogd-1.3.31-18_StackGuard.i386.rpm Source packages for Immunix 6.2 are available at: http://download.immunix.org/ImmunixOS/6.2/updates/SRPMS/sysklogd-1.3.31-18_StackGuard.src.rpm Precompiled binary packages for Immunix 7.0-beta and 7.0 are available at: http://download.immunix.org/ImmunixOS/7.0/updates/SRPMS/sysklogd-1.3.33-9_imnx.src.rpm Source package for Immunix 7.0-beta and 7.0 is available at: http://download.immunix.org/ImmunixOS/7.0/updates/SRPMS/sysklogd-1.3.33-9_imnx.src.rpm md5sums of the packages: 6.2: 8f1dca74c72179aba3a04226f916b4a2 RPMS/sysklogd-1.3.31-18_StackGuard.i386.rpm 4fdf88fd615bce2d730915d5812eaf97 SRPMS/sysklogd-1.3.31-18_StackGuard.src.rpm 7.0: 577a073a871475704a68fde712a90b1e RPMS/sysklogd-1.3.33-9_imnx.i386.rpm 3add2ae895e9c4dad1e9737807cc1f30 SRPMS/sysklogd-1.3.33-9_imnx.src.rpm GPG verification: Our public key is available at <http://wirex.com/security/GPG_KEY>. *** NOTE *** This key is different from the one used in advisories IMNX-2001-70-020-01 and earlier. Online version of all Immunix 6.2 updates and advisories: http://immunix.org/ImmunixOS/6.2/updates/ Online version of all Immunix 7.0-beta updates and advisories: http://immunix.org/ImmunixOS/7.0-beta/updates/ Online version of all Immunix 7.0 updates and advisories: http://immunix.org/ImmunixOS/7.0/updates/ NOTE: Ibiblio is graciously mirroring our updates, so if the links above are slow, please try: ftp://ftp.ibiblio.org/pub/Linux/distributions/immunix/ or one of the many mirrors available at: http://www.ibiblio.org/pub/Linux/MIRRORS.html Contact information: To report vulnerabilities, please contact security@wirex.com. WireX attempts to conform to the RFP vulnerability disclosure protocol <http://www.wiretrip.net/rfp/policy.html>. (6623525) /Immunix Security Team <security@wirex.com>/(Ombruten) Bilaga (application/pgp-signature) i text 6623526 6623526 2001-06-14 16:55 -0700 /10 rader/ Immunix Security Team <security@wirex.com> Importerad: 2001-06-15 08:31 av Brevbäraren Extern mottagare: bugtraq@securityfocus.com Mottagare: Bugtraq (import) <17440> Bilaga (text/plain) till text 6623525 Ärende: Bilaga till: sysklogd update -- Immunix OS 6.2, 7.0-beta, 7.0 ------------------------------------------------------------ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjspTwwACgkQVQcWL60UVMu+FwCcDgmXMrlnpcsYVf3lBhjnMA41 ViYAn3j2pNGOQwG3CgylU+vdW5cKozpe =GxJi -----END PGP SIGNATURE----- (6623526) /Immunix Security Team <security@wirex.com>/