Date: Sun, 21 Nov 1999 12:59:40 -0700 (MST) From: Dan Burcaw <dburcaw@terraplex.com> To: yellowdog-security@lists.yellowdoglinux.com Subject: Yellow Dog Security Advisory: sysklogd Terra Soft Solutions has released a new version of sysklogd to fix a denial of service attack recently discovered. -- Package: sysklogd Date: November 21, 1999 Problem: A denial of service attack exists in the system log daemon. Due to the syslog daemon using unix stream sockets by default for retrieving local log connections it is possible for a user to open a large number of connections to the log daemon. This could result in the system becoming unresponsive. Thanks go to Olaf Kirch (okir@monad.swb.de) for noting the vulnerability and providing patches. Urgency: HIGH Solution: rpm -Uvh ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/champion-1.1/RPMS/sysklogd-1.3.31-14.ppc.rpm -- As always, we advise users to verify the md5 checksum of this package with the checksums listed below, by running: md5sum <file> 987b0977567e3a4e5781b07df972a2ed RPMS/sysklogd-1.3.31-14.ppc.rpm All users of Yellow Dog Linux 1.0 or 1.1 or strongly advised to upgraded to the new package. For more information, see the Yellow Dog Linux Errata page located at: http://www.yellowdoglinux.com/resources/errata.shtml