A string format / buffer overflow bug has been discovered in klogd, the kernel logging daemon.
A string format / buffer overflow bug has been discovered in klogd, the kernel
logging daemon. Please upgrade to the new sysklogd 1.4 package available on
the Slackware FTP site.
=========================================================================
sysklogd 1.4 AVAILABLE - (a1/sysklogd.tgz)
=========================================================================
PACKAGE INFORMATION:
--------------------
a1/sysklogd.tgz:
This package contains a new version of klogd (1.4) which is not vulnerable
to this string format hole. Most users will have a previous version
installed, and should upgrade to the new version on the FTP site.
WHERE TO FIND THE NEW PACKAGES:
-------------------------------
All new packages can be found in the -current branch:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slakware/a1/sysklogd.tgz
MD5 SIGNATURES AND CHECKSUMS:
-----------------------------
Here are the md5sums and checksums for the packages:
d2a7c649c19fc14e6668c583feaf62ae a1/sysklogd.tgz
4100951056 58926 a1/sysklogd.tgz
INSTALLATION INSTRUCTIONS:
--------------------------
The packages above should be upgraded in single user mode (runlevel
1). Bring the system into runlevel 1:
# telinit 1
Then upgrade the packages:
# upgradepkg .tgz
Then bring the system back into multiuser mode:
# telinit 3
Remember, it's also a good idea to back up configuration files before
upgrading packages.
- Slackware Linux Security Team
http://www.slackware.com
A string format / buffer overflow bug has been discovered in klogd, the kernel logging daemon.