Scientific Linux 7: SLSA-2014:1397-1 Important: Rsyslog Denial of Service

Date: Tue, 14 Oct 2014 13:38:51 +0000
Reply-To: scientific-linux-users@
Sender: Security Errata for Scientific Linux
 
From: Bonnie King 
Subject: Security ERRATA Important: rsyslog on SL7.x x86_64
MIME-Version: 1.0

Synopsis: Important: rsyslog security update
Advisory ID: SLSA-2014:1397-1
Issue Date: 2014-10-13
CVE Numbers: CVE-2014-3634
--

A flaw was found in the way rsyslog handled invalid log message priority
values. In certain configurations, a local attacker, or a remote attacker
able to connect to the rsyslog port, could use this flaw to crash the
rsyslog daemon or, potentially, execute arbitrary code as the user running
the rsyslog daemon. (CVE-2014-3634)

After installing the update, the rsyslog service will be restarted
automatically.
--

SL7
 x86_64
 rsyslog-7.4.7-7.el7_0.x86_64.rpm
 rsyslog-debuginfo-7.4.7-7.el7_0.x86_64.rpm
 rsyslog-gnutls-7.4.7-7.el7_0.x86_64.rpm
 rsyslog-gssapi-7.4.7-7.el7_0.x86_64.rpm
 rsyslog-mmjsonparse-7.4.7-7.el7_0.x86_64.rpm
 rsyslog-relp-7.4.7-7.el7_0.x86_64.rpm
 rsyslog-crypto-7.4.7-7.el7_0.x86_64.rpm
 rsyslog-doc-7.4.7-7.el7_0.x86_64.rpm
 rsyslog-elasticsearch-7.4.7-7.el7_0.x86_64.rpm
 rsyslog-libdbi-7.4.7-7.el7_0.x86_64.rpm
 rsyslog-mmaudit-7.4.7-7.el7_0.x86_64.rpm
 rsyslog-mmnormalize-7.4.7-7.el7_0.x86_64.rpm
 rsyslog-mmsnmptrapd-7.4.7-7.el7_0.x86_64.rpm
 rsyslog-mysql-7.4.7-7.el7_0.x86_64.rpm
 rsyslog-pgsql-7.4.7-7.el7_0.x86_64.rpm
 rsyslog-snmp-7.4.7-7.el7_0.x86_64.rpm
 rsyslog-udpspoof-7.4.7-7.el7_0.x86_64.rpm

- Scientific Linux Development Team