Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Fedora 30: FEDORA-2019-1fb95ae48d Critical: Rsyslog Heap Overflow

fedora
Calendar Grey November 23, 2019
Dist Fedora Esm H88
Rsyslog has been upgraded to version 8.1911.0 in Fedora 30, introducing new functionalities and addressing important vulnerabilities. It is advised to perform this update to enhance security.
rebase to upstream version 8.1911.0 ------------------------------------------------- new modules available: * ClickHouse output * generic REST API http output * docker API input ...

Summary

Rsyslog is an enhanced, multi-threaded syslog daemon. It supports MySQL,

syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part,

and fine grain output format control. It is compatible with stock sysklogd

and can be used as a drop-in replacement. Rsyslog is simple to set up, with

advanced features suitable for enterprise-class, encryption-protected syslog

relay chains.

rebase to upstream version 8.1911.0

ClickHouse output * generic REST API http output * docker API input * misc.

external program input (takes output of specified binary as log source)

* Thu Nov 14 2019 Jiri Vymazal - 8.1911.0-1

- rebase to upstream version 8.1911.0

resolves: rhbz#1771468

* Thu Oct 17 2019 Jiri Vymazal - 8.1910.0-1

- rebase to upstream version 8.1910.0

resolves: rhbz#1743537

* Fri Jul 26 2019 Fedora Release Engineering - 8.1907.0-2

- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild

* Wed Jul 10 2019 Jiri Vymazal - 8.1907.0-1

- rebase to upstream version 8.1905.0

resolves: rhbz#1716391

* Mon May 13 2019 Jiri Vymazal - 8.1904.0-1

- rebase to upstream version 8.1904.0

resolves: rhbz#1668473

[ 1 ] Bug #1766642 - CVE-2019-17040 rsyslog: out-of-bounds read in contrib/pmdb2diag/pmdb2diag.c [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1766642

[ 2 ] Bug #1766694 - CVE-2019-17041 rsyslog: heap-based overflow in contrib/pmaixforwardedfrom/pmaixforwardedfrom.c [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1766694

[ 3 ] Bug #1766701 - CVE-2019-17042 rsyslog: heap-based overflow in contrib/pmcisconames/pmcisconames.c [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1766701

[ 4 ] Bug #1771468 - rsyslog-8.1911.0 is available

https://bugzilla.redhat.com/show_bug.cgi?id=1771468

su -c 'dnf upgrade --advisory FEDORA-2019-1fb95ae48d' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Topics%20covered

Topics Covered

security advisory update critical Fedora heap overflow system logging rsyslog

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 30
Version: 8.1911.0
Release: 1.fc30
URL: https://www.rsyslog.com/
Summary: Enhanced system logging and kernel message trapping daemon

Topics%20covered

Topics Covered

security advisory update critical Fedora heap overflow system logging rsyslog

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here