Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Debian LTS: DLA-3016-1 Critical: Rsyslog DoS and Buffer Overflow

debian lts
Calendar Grey May 20, 2022
Dist Debian Esm H88
Enhance your rsyslog installations to address Denial-of-Service and buffer overflow vulnerabilities in line with Debian's security notification DLA-3016-1.
Several vulnerabilities were discovered in rsyslog, a system and kernel logging daemon
Topics%20covered

Topics Covered

security advisory denial of service buffer overflow debian critical advisory rsyslog

Summary

CVE-2018-16881

A denial of service vulnerability was found in rsyslog
in the imptcp module. An attacker could send a specially crafted
message to the imptcp socket, which would cause rsyslog to crash.

CVE-2022-24903

Modules for TCP syslog reception have a potential heap buffer
overflow when octet-counted framing is used. This can result in a
segfault or some other malfunction.

For Debian 9 stretch, these problems have been fixed in version
8.24.0-1+deb9u2.

We recommend that you upgrade your rsyslog packages.

For the detailed security status of rsyslog please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/source-package/rsyslog

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


Severity
critical
Lowest
Low
Medium
High
Critical

Package: rsyslog
Version: 8.24.0-1+deb9u2
CVE ID: CVE-2018-16881 CVE-2022-24903
Debian Bug: 1010619

Topics%20covered

Topics Covered

security advisory denial of service buffer overflow debian critical advisory rsyslog

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here