Subject: [yellowdog-security] Yellow Dog Security Advisory: sysklogd
From: Dan Burcaw (email@example.com)
Date: Sun Nov 21 1999 - 12:59:40 MST
Terra Soft Solutions has released a new version of sysklogd to fix
a denial of service attack recently discovered.
-- Package: sysklogd Date: November 21, 1999 Problem: A denial of service attack exists in the system log daemon.
Due to the syslog daemon using unix stream sockets by default for retrieving local log connections it is possible for a user to open a large number of connections to the log daemon. This could result in the system becoming unresponsive.
Thanks go to Olaf Kirch (firstname.lastname@example.org) for noting the vulnerability and providing patches.
Urgency: HIGH Solution: rpm -Uvh ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/champion-1.1/RPMS/sysklogd-1.3.31-14.ppc.rpm --
As always, we advise users to verify the md5 checksum of this package with the checksums listed below, by running: md5sum <file>
All users of Yellow Dog Linux 1.0 or 1.1 or strongly advised to upgraded to the new package.
For more information, see the Yellow Dog Linux Errata page located at: http://www.yellowdoglinux.com/resources/errata.shtml
This archive was generated by hypermail 2a24 : Fri Dec 03 1999 - 19:07:49 MST