Slackware: 'sysklogd' vunlerability
Posted by LinuxSecurity.com Team   
Slackware A string format / buffer overflow bug has been discovered in klogd, the kernel logging daemon.
A string format / buffer overflow bug has been discovered in klogd, the kernel
logging daemon.  Please upgrade to the new sysklogd 1.4 package available on
the Slackware FTP site.


=========================================================================
sysklogd 1.4 AVAILABLE - (a1/sysklogd.tgz)
=========================================================================


PACKAGE INFORMATION:
--------------------
a1/sysklogd.tgz:
    This package contains a new version of klogd (1.4) which is not vulnerable
    to this string format hole.  Most users will have a previous version
    installed, and should upgrade to the new version on the FTP site.


WHERE TO FIND THE NEW PACKAGES:
-------------------------------
All new packages can be found in the -current branch:
 
ftp://ftp.slackware.com/pub/slackware/slackware-current/slakware/a1/sysklogd.tgz


MD5 SIGNATURES AND CHECKSUMS:
-----------------------------
Here are the md5sums and checksums for the packages:

    d2a7c649c19fc14e6668c583feaf62ae  a1/sysklogd.tgz

    4100951056 58926  a1/sysklogd.tgz


INSTALLATION INSTRUCTIONS:
--------------------------
The packages above should be upgraded in single user mode (runlevel
1).  Bring the system into runlevel 1:

    # telinit 1

Then upgrade the packages:

    # upgradepkg .tgz

Then bring the system back into multiuser mode:

    # telinit 3

Remember, it's also a good idea to back up configuration files before
upgrading packages.

- Slackware Linux Security Team
    http://www.slackware.com