[yellowdog-security] Yellow Dog Security Advisory: sysklogd

Subject: [yellowdog-security] Yellow Dog Security Advisory: sysklogd
From: Dan Burcaw (dburcaw@terraplex.com)
Date: Sun Nov 21 1999 - 12:59:40 MST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Previous message: Dan Burcaw: "[yellowdog-security] Yellow Dog Linux Update Advisory: bind"

Terra Soft Solutions has released a new version of sysklogd to fix
a denial of service attack recently discovered.

--
Package: sysklogd
Date: November 21, 1999
Problem:
A denial of service attack exists in the system log daemon.
Due to the syslog daemon using unix stream sockets by default for
retrieving local log connections it is possible for a user to open a 
large number of connections to the log daemon. This could result in the
system becoming unresponsive.
Thanks go to Olaf Kirch (okir@monad.swb.de) for noting the vulnerability
and providing patches. 
Urgency: HIGH Solution: rpm -Uvh
ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/champion-1.1/RPMS/sysklogd-1.3.31-14.ppc.rpm
-- 
As always, we advise users to verify the md5 checksum of this package 
with the checksums listed below, by running: md5sum <file>
987b0977567e3a4e5781b07df972a2ed  RPMS/sysklogd-1.3.31-14.ppc.rpm 
All users of Yellow Dog Linux 1.0 or 1.1 or strongly advised to upgraded
to the new package.
For more information, see the Yellow Dog Linux Errata page located at:
http://www.yellowdoglinux.com/resources/errata.shtml

• Previous message: Dan Burcaw: "[yellowdog-security] Yellow Dog Linux Update Advisory: bind"

This archive was generated by hypermail 2a24 : Fri Dec 03 1999 - 19:07:49 MST