Date:         Tue, 14 Oct 2014 13:38:51 +0000
Reply-To:     scientific-linux-users@listserv.fnal.gov
Sender:       Security Errata for Scientific Linux
              
From:         Bonnie King 
Subject:      Security ERRATA Important: rsyslog on SL7.x x86_64
MIME-Version: 1.0

Synopsis:          Important: rsyslog security update
Advisory ID:       SLSA-2014:1397-1
Issue Date:        2014-10-13
CVE Numbers:       CVE-2014-3634
--

A flaw was found in the way rsyslog handled invalid log message priority
values. In certain configurations, a local attacker, or a remote attacker
able to connect to the rsyslog port, could use this flaw to crash the
rsyslog daemon or, potentially, execute arbitrary code as the user running
the rsyslog daemon. (CVE-2014-3634)

After installing the update, the rsyslog service will be restarted
automatically.
--

SL7
  x86_64
    rsyslog-7.4.7-7.el7_0.x86_64.rpm
    rsyslog-debuginfo-7.4.7-7.el7_0.x86_64.rpm
    rsyslog-gnutls-7.4.7-7.el7_0.x86_64.rpm
    rsyslog-gssapi-7.4.7-7.el7_0.x86_64.rpm
    rsyslog-mmjsonparse-7.4.7-7.el7_0.x86_64.rpm
    rsyslog-relp-7.4.7-7.el7_0.x86_64.rpm
    rsyslog-crypto-7.4.7-7.el7_0.x86_64.rpm
    rsyslog-doc-7.4.7-7.el7_0.x86_64.rpm
    rsyslog-elasticsearch-7.4.7-7.el7_0.x86_64.rpm
    rsyslog-libdbi-7.4.7-7.el7_0.x86_64.rpm
    rsyslog-mmaudit-7.4.7-7.el7_0.x86_64.rpm
    rsyslog-mmnormalize-7.4.7-7.el7_0.x86_64.rpm
    rsyslog-mmsnmptrapd-7.4.7-7.el7_0.x86_64.rpm
    rsyslog-mysql-7.4.7-7.el7_0.x86_64.rpm
    rsyslog-pgsql-7.4.7-7.el7_0.x86_64.rpm
    rsyslog-snmp-7.4.7-7.el7_0.x86_64.rpm
    rsyslog-udpspoof-7.4.7-7.el7_0.x86_64.rpm

- Scientific Linux Development Team

SciLinux: CVE-2014-3634 Important: rsyslog SL7.x x86_64

Important: rsyslog security update

Summary

Important: rsyslog security update



Security Fixes

Severity
Advisory ID: SLSA-2014:1397-1
Issued Date: : 2014-10-13
CVE Numbers: CVE-2014-3634
A flaw was found in the way rsyslog handled invalid log message priority

Related News