Slackware: sysklogd Denial of service vulnerability
Posted by LinuxSecurity.com Team   
Slackware New sysklogd packages are available for Slackware 8.1, 9.0, 9.1, and -current to fix a security issue where a user could cause syslogd to crash.

[slackware-security]  sysklogd update (SSA:2004-124-02)

New sysklogd packages are available for Slackware 8.1, 9.0, 9.1, and -current
to fix a security issue where a user could cause syslogd to crash.  Thanks to
Steve Grubb who researched the issue.

Here are the details from the Slackware 9.1 ChangeLog:
+--------------------------+
Sun May  2 17:16:41 PDT 2004
patches/packages/sysklogd-1.4.1-i486-9.tgz:  Patched a bug which could allow
  a user to cause syslogd to write to unallocated memory and crash.
  Thanks to Steve Grubb for finding the bug, and Solar Designer for refining
  the patch.
  (* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

Updated package for Slackware 8.1: 
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/sysklogd-1.4.1-i386-7.tgz

Updated package for Slackware 9.0: 
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/sysklogd-1.4.1-i386-9.tgz

Updated package for Slackware 9.1: 
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/sysklogd-1.4.1-i486-9.tgz

Updated package for Slackware -current: 
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/sysklogd-1.4.1-i486-9.tgz


MD5 signatures:
+-------------+

Slackware 8.1 package:
4bcd73db9029567f73d7131f63421cdd  sysklogd-1.4.1-i386-7.tgz

Slackware 9.0 package:
8e7563c3c060641acc2307b0ab8c1402  sysklogd-1.4.1-i386-9.tgz

Slackware 9.1 package:
f97b852f2202af2ed775a2e0c584bc26  sysklogd-1.4.1-i486-9.tgz

Slackware -current package:
5820b02d24994c1b5fff7a62b59dada0  sysklogd-1.4.1-i486-9.tgz


Installation instructions:
+------------------------+

First, stop syslogd/klogd:
# . /etc/rc.d/rc.syslog stop

Next, upgrade the package as root:
# upgradepkg sysklogd-1.4.1-i486-9.tgz

Finally, restart the logging system:
# . /etc/rc.d/rc.syslog start


+-----+

Slackware Linux Security Team 
http://slackware.com/gpg-key
security@slackware.com