sysklogd HACK

To: Debian List <debian-user@lists.debian.org>
Subject: sysklogd HACK
From: Account for Debian group mail <debian@pcez.com>
Date: Tue, 20 Apr 1999 13:29:08 -0700 (PDT)
Message-id: <[🔎] Pine.LNX.3.96.990420132613.5231E-100000@mail.pcez.com>

Here is info I found on the redhat.com system about the sysklogd Hack. Is
anyone working on a fix for this?

Thanks,

Ken Rea
----------------------------------------------------------------------
Package: Sysklogd 

Updated: 01-Apr-1999 

Problem: 

     (01-Apr-1999):Security Fix 

     An overflow in the parsing code could lead to crashes of the system
logger. 

     Red Hat would like to thank the members of the BUGTRAQ mailing list,
the members of the Linux Security Audit team,
     and others. All users of Red Hat Linux are encouraged to upgrade to
the new packages immediately. As always, these
     packages have been signed with the Red Hat PGP key. 
     (17-Nov-1998):Security Fix 

     A buffer overflow has been identified in all versions of the sysklogd
packages shipped with Red Hat Linux. As the time
     of this post there are no known exploits for this security
vulnerability. 

     Red Hat would like to thank Michal Zalewski (lcamtuf@IDS.PL) and the
members of the Bugtraq mailing list for
     discovering this problem and providing a fix. 

     Users of Red Hat Linux are recommended to upgrade to the new packages
available under updates directory on our ftp
     site: 

Solution: 

     Intel: Upgrade to: 
     rpm -Uvh
ftp://updates.redhat.com/5.2/i386/sysklogd-1.3.31-0.5.i386.rpm 
     Alpha: Upgrade to: 
     rpm -Uvh
ftp://updates.redhat.com/5.2/alpha/sysklogd-1.3.31-0.5.alpha.rpm 
     Sparc: Upgrade to: 
     rpm -Uvh
ftp://updates.redhat.com/5.2/sparc/sysklogd-1.3.31-0.5.sparc.rpm

Reply to:

Prev by Date: Re: kde
Next by Date: Re: floppy too slow during bootup (fwd)
Previous by thread: Re: debian-user-digest Digest V99 #706
Next by thread: GDB & memory access failure
Index(es):
- Date
- Thread