[yellowdog-updates] Yellow Dog Linux Security Advisory: YDU-20000925-1

Subject: [yellowdog-updates] Yellow Dog Linux Security Advisory: YDU-20000925-1
dburcaw@terraplex.com
Date: Tue Sep 26 2000 - 16:19:15 MDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: dburcaw@terraplex.com: "[yellowdog-updates] Yellow Dog Linux Security Advisory: YDU-20000926-1"
• Previous message: dburcaw@terraplex.com: "[yellowdog-updates] Yellow Dog Linux Security Advisory: YDU-20000913-4"

Yellow Dog Linux Security Announcement
--------------------------------------

Package: sysklogd
Issue Date: September 25, 2000
Update Date: September 25, 2000
Priority: high
Advisory ID: YDU-20000925-1

1. Topic:

   Various vulnerabilities exist in syslogd/klogd. Exploiting these
   vulnerabilities could lead to possible gain of root access by local
   users.

2. Problem:

   klogd contains instances of the: syslog( LOG_INFO, buffer );
   vulnerability that has been recently been discussed on Bugtraq and similar
   mailing lists. Supplying a string that contains '%' escapes, it is
   possible to have those escapes interpreted. This can make it possible
   for local users to gain root access.

   Additionally, here are a couple of minor buffer overflow/termination problems that
   are also fixed by this errata update.

3. Solution:

   a) Updating via yup...
   We suggest that you use the Yellow Dog Update Program (yup)
   to keep your system up-to-date. The following command will
   automatically retrieve and install the fixed version of
   sysklogd onto your system:

           yup update sysklogd

   b) Updating manually...
   The update can also be retrieved manually from our ftp site
   below along with the rpm command that should be used to install
   the update.

   ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/champion-1.2/ppc/RPMS/
   sysklogd-1.3.31-17.ppc.rpm

        rpm -Fvh sysklogd-1.3.31-17.ppc.rpm

4. Verification

MD5 checksum Package
-------------------------------- ----------------------------
174a7af7603f1076cd1ae0fae68940a1 RPMS/sysklogd-1.3.31-17.ppc.rpm
cbf60d488c51b551d24b323ca94935dc SRPMS/sysklogd-1.3.31-17.src.rpm

If you wish to verify that each package has not been corrupted or tampered with,
examine the md5sum with the following command: rpm --checksig --nogpg filename

5. Misc.

Terra Soft has setup a moderated mailing list where these security, bugfix, and package
enhancement announcements will be posted. See http://lists.yellowdoglinux.com/ for more
information.

For information regarding the usage of yup, the Yellow Dog Update Program, see
http://devel.yellowdoglinux.com/rp_yup.shtml

• Next message: dburcaw@terraplex.com: "[yellowdog-updates] Yellow Dog Linux Security Advisory: YDU-20000926-1"
• Previous message: dburcaw@terraplex.com: "[yellowdog-updates] Yellow Dog Linux Security Advisory: YDU-20000913-4"

This archive was generated by hypermail 2a24 : Tue Sep 26 2000 - 16:20:24 MDT