[SECURITY] [DLA 72-1] rsylog security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 72-1] rsylog security update
From: Thorsten Alteholz <debian@alteholz.de>
Date: Sun, 19 Oct 2014 18:52:50 +0200 (CEST)
Message-id: <[🔎] alpine.DEB.2.02.1410191849430.5209@jupiter.server.alteholz.net>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : rsylog
Version        : 4.6.4-2+deb6u1
CVE ID         : CVE-2014-3634 CVE-2014-3683


CVE-2014-3634

 Fix remote syslog vulnerability due to improper handling
 of invalid PRI values.


CVE-2014-3683

 Followup fix for CVE-2014-3634. The initial patch was incomplete.
 It did not cover cases where PRI values > MAX_INT caused integer
 overflows resulting in negative values.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQJ8BAEBCgBmBQJUQ+xiXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHZkYP/AulJ8VWZ0wKQcsHjM334o3U
P7DPUue/H17sYBX3NV9LBYnF0/nxFW4L8AJHpXwsxeL7tPJyXvFqGvQm7b89KyJ3
5JUHPnma6hC3/A+lHNc+g7/gN2aeSuK8NuFf35E8PhHlE2cADKrSG0uDWJoG1ThC
VeHHUiTSNp4WfJznKAj4s0JR8lXuD5F/75wOSU0mFmthAU78Kb7jRx7lX5qQ+WpA
Pk15SP/foVwzTOt2BX3u3TOwIrpkBWirILOoHP5kP0zOwgxA+ydd2UhkcGVSlfzb
i42oLKskp6TO23BGFLh3FNY+S4l94hSYO+d7L6OiBa1pRKi+cWMgNq5Ktj+v9aUI
J7GhJ+cH47NhhsDqWtIs1cjsG1/9QJadFt+4lR11VsewGI0/WsMz23c9D55bimDG
L3mk8Cl8IstsqTaiwYnoFY5Bk2kUPtNj4iGu5Nnuey0zEteAqfnXiDHw8BJnFHt7
aWbhDexKRMK+uoMdzqAFsf4F1ZQdOERsbwmZSp+K1LE2MgrhXoT9LFX3k2kjI37/
Lm51gdlxibo3+UDu9CpDGOsxSHYuyhBUw57gA1a7+qH8sdG65zqk+ulqBbN6F8VF
vE6PvXxXlyaZIS/kiGyNTJmTrcIXkDPAyczSM4jc9PDo5QgNXahyNlll0q0Po1hb
dcSmffLPqRaGrnhGTzG5
=qJLa
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 71-1] apache2 security update
Next by Date: [SECURITY] [DLA 72-2] rsyslog regression update
Previous by thread: [SECURITY] [DLA 71-1] apache2 security update
Next by thread: [SECURITY] [DLA 72-2] rsyslog regression update
Index(es):
- Date
- Thread