Package name
Advisory ID
Affected versions
6.1 i586 , 6.0 i586 , 7.0 i586 , 7.1 i586

Problem description

A problem exists with the kernel logging daemon (klogd) in the sysklogd package. A "format bug" makes klogd vulnerable to local root compromise, as well as the possibility for remote vulnerabilities under certain circumstances, which are unprobable. There is also a more probable semi-remote exploit via knfsd. This update provides a patched version of klogd that fixes these vulnerabilities. Update: A patch from Debian is now applied to the package as well which will prevent a kern.emerg log being walled to users due to a logic error in printchopped() that caused it to zero out the wrong portion of the buffer, which left a message of "<" with a priority of 0. This update also fixes a problem with klogd not working properly due to the previous update.

Updated packages

6.1 i586

 c50b305a60dfcd0a18a5c2d518b9e063  6.1/RPMS/sysklogd-1.3.31-16mdk.i586.rpm
274cc146305d9b12df4458422ece1173  6.1/SRPMS/sysklogd-1.3.31-16mdk.src.rpm

6.0 i586

 2806ccd60cf1bd33aff3d68fe30d3122  6.0/RPMS/sysklogd-1.3.31-16mdk.i586.rpm
274cc146305d9b12df4458422ece1173  6.0/SRPMS/sysklogd-1.3.31-16mdk.src.rpm

7.0 i586

 f79f1b8cd6bd92c333e72a6be60aa63c  7.0/RPMS/sysklogd-1.3.31-17mdk.i586.rpm
6bc28534813279598e4d31566ad30a29  7.0/SRPMS/sysklogd-1.3.31-17mdk.src.rpm

7.1 i586

 3dbcfb11c66c9a11a7e1392bcd111739  7.1/RPMS/sysklogd-1.3.31-18mdk.i586.rpm
478913f1eab776f0fcdd34e9c571858b  7.1/SRPMS/sysklogd-1.3.31-18mdk.src.rpm