Security Information / 2014 / Security Information -- DSA-3047-1 rsyslog

Debian Security Advisory

DSA-3047-1 rsyslog -- security update

Date Reported:

08 Oct 2014

Affected Packages:

rsyslog

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2014-3683.

More information:

Mancha discovered a vulnerability in rsyslog, a system for log processing. This vulnerability is an integer overflow that can be triggered by malformed messages to a server, if this one accepts data from untrusted sources, provoking message loss, denial of service and, potentially, remote code execution.

This vulnerability can be seen as an incomplete fix of CVE-2014-3634 (DSA 3040-1).

For more information: http://www.rsyslog.com/remote-syslog-pri-vulnerability-cve-2014-3683/

For the stable distribution (wheezy), this problem has been fixed in version 5.8.11-3+deb7u2.

For the testing distribution (jessie), this problem has been fixed in version 8.4.2-1.

For the unstable distribution (sid), this problem has been fixed in version 8.4.2-1.

We recommend that you upgrade your rsyslog packages.