Bugtraq mailing list archives

[ MDVSA-2015:130 ] rsyslog


From: security () mandriva com
Date: Sun, 29 Mar 2015 12:54:00 +0200

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:130
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : rsyslog
 Date    : March 29, 2015
 Affected: Business Server 2.0
 _______________________________________________________________________

 Problem Description:

 Updated rsyslog packages fix security vulnerability:
 
 Rainer Gerhards, the rsyslog project leader, reported a vulnerability
 in Rsyslog. As a consequence of this vulnerability an attacker can send
 malformed messages to a server, if this one accepts data from untrusted
 sources, and trigger a denial of service attack (CVE-2014-3634).
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3634
 http://advisories.mageia.org/MGASA-2014-0411.html
 _______________________________________________________________________

 Updated Packages:

 Mandriva Business Server 2/X86_64:
 74a0a6c98ec9cc0bee87aabb9ddb65b8  mbs2/x86_64/rsyslog-5.10.1-3.1.mbs2.x86_64.rpm
 156677bc5490e6f72a8c67f48fdf9650  mbs2/x86_64/rsyslog-dbi-5.10.1-3.1.mbs2.x86_64.rpm
 a8f5eeae2c61df1b6c4d7e7b3a168b8c  mbs2/x86_64/rsyslog-docs-5.10.1-3.1.mbs2.x86_64.rpm
 2d836a6f8fc2426bdfc90d953fd96618  mbs2/x86_64/rsyslog-gnutls-5.10.1-3.1.mbs2.x86_64.rpm
 288c1a732f2f706db3cb40b73d17821b  mbs2/x86_64/rsyslog-gssapi-5.10.1-3.1.mbs2.x86_64.rpm
 66e982c74556babbaea455207cae6292  mbs2/x86_64/rsyslog-mysql-5.10.1-3.1.mbs2.x86_64.rpm
 698785034dfc15a09d6426f1252288b5  mbs2/x86_64/rsyslog-pgsql-5.10.1-3.1.mbs2.x86_64.rpm
 562703f0c7968993ff1b9014c3794bde  mbs2/x86_64/rsyslog-relp-5.10.1-3.1.mbs2.x86_64.rpm
 5adc436da3f26b93fbe8cf4c15803a93  mbs2/x86_64/rsyslog-snmp-5.10.1-3.1.mbs2.x86_64.rpm 
 6e60ceb50bd6662b3db50025e69e0656  mbs2/SRPMS/rsyslog-5.10.1-3.1.mbs2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFVF8vVmqjQ0CJFipgRAiU3AJ42zM0vpSQjIF9RRZOMoxMZwz0IRQCgolmP
tLgf15MgbJzajgbx+0gWbWM=
=H0Sh
-----END PGP SIGNATURE-----


Current thread: