Slackware: 'sysklogd' vunlerability
Summary
Where Find New Packages
MD5 Signatures
Installation Instructions
A string format / buffer overflow bug has been discovered in klogd, the kernel logging daemon. Please upgrade to the new sysklogd 1.4 package available on the Slackware FTP site. ========================================================================sysklogd 1.4 AVAILABLE - (a1/sysklogd.tgz) ======================================================================== PACKAGE INFORMATION: -------------------- a1/sysklogd.tgz: This package contains a new version of klogd (1.4) which is not vulnerable to this string format hole. Most users will have a previous version installed, and should upgrade to the new version on the FTP site. WHERE TO FIND THE NEW PACKAGES: ------------------------------- All new packages can be found in the -current branch: MD5 SIGNATURES AND CHECKSUMS: ----------------------------- Here are the md5sums and checksums for the packages: d2a7c649c19fc14e6668c583feaf62ae a1/sysklogd.tgz 4100951056 58926 a1/sysklogd.tgz INSTALLATION INSTRUCTIONS: -------------------------- The packages above should be upgraded in single user mode (runlevel 1). Bring the system into runlevel 1: # telinit 1 Then upgrade the packages: # upgradepkg.tgz Then bring the system back into multiuser mode: # telinit 3 Remember, it's also a good idea to back up configuration files before upgrading packages. - Slackware Linux Security Team The Slackware Linux Project