Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20010523153957.A26734@openwall.com>
Date: Wed, 23 May 2001 15:39:57 +0400
From: solar@...nwall.com
To: owl-users@...ts.openwall.com
Subject: Re: sysklogd

On Wed, May 23, 2001 at 11:39:14AM +0300, Jarno Huuskonen wrote:

Hi,

Let's get discussions started here. :-)

> I downloaded the prerelease Owl-Linux a while back and noticed that you
> are using sysklogd-1.3-31.

Yes, this is what our patches are currently based on, and some actually
went into 1.4.

We need to update to 1.4.1 for the newer klogd, but we also need to
switch to an alternative syslogd.

> This version (klogd) has a bug: NULL-byte? can
> cause klogd to consume all available cpu. I think this happens at least with 
> 2.4.x 3c59x-driver.

After about 20 minutes of searching, I actually found that there
really is the bug matching your description.  It's not fixed with 1.4
and I believe was never reported to the proper places despite being
fixed in Debian three months ago (with 1.4.1, which I haven't seen
announced).  I'll bring this to vendor-sec now.  Thanks.

The Debian bug is http://bugs.debian.org/85478

Expect a fix for Owl in a few days (will announce here).  I will also
document our security@ address to be used for reports of this nature.

-- 
/sd

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.