[LWN Logo]
[Timeline]
Date: Mon, 18 Sep 2000 19:32:01 -0300
To: lwn@lwn.net, bugtraq@securityfocus.com, security-alert@linuxsecurity.com,
Subject: Conectiva Linux Security Announcement - sysklogd
From: secure@conectiva.com.br

-----------------------------------------------------------------------
CONECTIVA LINUX SECURITY ANNOUNCEMENT 
-----------------------------------------------------------------------

PACKAGE   : sysklogd
SUMMARY   : Format bug in klogd and other issues
DATE      : 2000-09-18 19:31:00
RELEVANT
RELEASES  : 4.0, 4.0es, 4.1, 4.2, 5.0, prg gráficos, ecommerce, 5.1

----------------------------------------------------------------------

DESCRIPTION
 Vulnerabilities have been found in the sysklogd package that, if
 exploited, would allow local users to obtain root access. It is also
 possible that a remote exploit could be used under certain
 circumstances.
 The main issue are two calls to Syslog in klogd.c which are
 vulnerable to a format string attack.


SOLUTION
 All users must upgrade immediately. Please note that the syslog
 service must be restarted in order for the new version to be used. As
 root, issue the following command:
 
 /etc/rc.d/init.d/syslog restart
 
 We would like to thank Jouko Pynnönen for warning the linux
 distributions, Solar Designer for providing the main security fixes
 and Daniel Jacobowitz and the sysklogd maintainers and contributors
 for providing other fixes.


DIRECT DOWNLOAD LINKS TO THE UPDATED PACKAGES
ftp://atualizacoes.conectiva.com.br/4.0/SRPMS/sysklogd-1.4-1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/4.0/i386/sysklogd-1.4-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.0es/SRPMS/sysklogd-1.4-1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/4.0es/i386/sysklogd-1.4-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.1/SRPMS/sysklogd-1.4-1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/4.1/i386/sysklogd-1.4-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.2/SRPMS/sysklogd-1.4-1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/4.2/i386/sysklogd-1.4-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.0/SRPMS/sysklogd-1.4-1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/sysklogd-1.4-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/SRPMS/sysklogd-1.4-1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/sysklogd-1.4-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/SRPMS/sysklogd-1.4-1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/sysklogd-1.4-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/SRPMS/sysklogd-1.4-1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/sysklogd-1.4-1cl.i386.rpm


----------------------------------------------------------------------

All packages are signed with Conectiva's GPG key. The key can be 
obtained at http://www.conectiva.com.br/contato

----------------------------------------------------------------------
subscribe: atualizacoes-anuncio-subscribe@bazar.conectiva.com.br
unsubscribe: atualizacoes-anuncio-unsubscribe@bazar.conectiva.com.br