Terra Soft Solutions has released a new version of sysklogd to
fix a denial of service attack recently discovered.
-- Package: sysklogd Date: November 21, 1999 Problem: A denial of service attack exists in the system log daemon.
Due to the syslog daemon using unix stream sockets by default
for retrieving local log connections it is possible for a user to
open a large number of connections to the log daemon. This could
result in the system becoming unresponsive.
Thanks go to Olaf Kirch (okir@monad.swb.de) for noting the
vulnerability and providing patches.
Urgency: HIGH Solution: rpm -Uvh
ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/champion-1.1/RPMS/sysklogd-1.3.31-14.ppc.rpm
—
As always, we advise users to verify the md5 checksum of this
package with the checksums listed below, by running: md5sum
987b0977567e3a4e5781b07df972a2ed
RPMS/sysklogd-1.3.31-14.ppc.rpm
All users of Yellow Dog Linux 1.0 or 1.1 or strongly advised to
upgraded to the new package.
For more information, see the Yellow Dog Linux Errata page
located at: http://www.yellowdoglinux.com/resources/errata.shtml