[SECURITY] [DSA 5150-1] rsyslog security update

To: debian-security-announce@lists.debian.org
Subject: [SECURITY] [DSA 5150-1] rsyslog security update
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Sat, 28 May 2022 19:26:20 +0000
Message-id: <[🔎] E1nv24q-0006Zv-9S@seger.debian.org>
Reply-to: debian-security-announce-request@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5150-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
May 28, 2022                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : rsyslog
CVE ID         : CVE-2022-24903
Debian Bug     : 1010619

Peter Agten discovered that several modules for TCP syslog reception in
rsyslog, a system and kernel logging daemon, have buffer overflow flaws
when octet-counted framing is used, which could result in denial of
service or potentially the execution of arbitrary code.

For the oldstable distribution (buster), this problem has been fixed
in version 8.1901.0-1+deb10u2.

For the stable distribution (bullseye), this problem has been fixed in
version 8.2102.0-2+deb11u1.

We recommend that you upgrade your rsyslog packages.

For the detailed security status of rsyslog please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/rsyslog

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmKSdpRfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0SP/g//eOtveZA6g5gcFhcyACpQ+u7MKT8QowuuxU4gNAoBzUW30obGR7d8L4gQ
GCtT8hH7rekjOf6TcdE62JIt0bxzaOPzRfg1dc1tv7rzvNUfB4qOg8OsPkG0ikRU
VJ/nS0dN+LvPkILop3tMDPJwEdm3D31WXjB2wQbOxEAgd1RNllgY0vKSookne898
zOOjzrRM0mAyFuHGhdm0j7jVk2fC/6DSKAqNXuN5ojHv0gpctcg8wARCzP9zzo37
f/hnN4XtsO1Rs2ASAD0l+I/i2+2MCnlpnIDS7ofox25kw6TngYrRLr2F1eDM9rU7
nA6RPyySy2JtsU3ZS09j0+vb5eOBa4OyqF1QkmcVvg5Se8kPAFCkXCtrjjla4lrD
SYlU8ewo6h5ByDJbCDxA+XX4SqDH/5T5ZV11ifrnvkuxPUUZpC/dYb3N3AZ+YpTH
ZhySCBcUipW9m2kCqxZIK8RP/OXGLTgdRtgRQRN0dstyERMUkYhlK18QcMGwUNcR
+8T8a9YFo/YkbSTGCrHhGOuTVtpeXk0xI13bfdokwwbgrU8qZs3tZg9n7tbgESZY
1IsHwA2uTV+UylLZ/B8FNvXUY7OQwAK1Uu+KJg9cMFE5TEuhqpeieq7r+Sbvfi5b
jpWIa4hBn4CBGwJdyoujAGvXEENIpTGVzAiSZbf4lOajjLKuO+o=
=c/R7
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DSA 5149-1] cups security update
Next by Date: [SECURITY] [DSA 5151-1] smarty3 security update
Previous by thread: [SECURITY] [DSA 5149-1] cups security update
Next by thread: [SECURITY] [DSA 5151-1] smarty3 security update
Index(es):
- Date
- Thread