SUSE Linux 12-SP5: SUSE-SU-2022:2314-1 Critical: Rsyslog Heap Overflow

suse

July 7, 2022

An update that solves one vulnerability, contains one feature and has 11 fixes is now available

Summary

This update for rsyslog fixes the following issues: - CVE-2022-24903: fix potential heap buffer overflow in modules for TCP syslog reception (bsc#1199061) Upgrade to rsyslog 8.2106.0 (bsc#1188039) * NOTE: the prime new feature is support for TLS and non-TLS connections via imtcp in parallel. Furthermore, most TLS parameters can now be overriden at the input() level. The notable exceptions are certificate files, something that is due to be implemented as next step. * 2021-06-14: new global option "parser.supportCompressionExtension" This permits to turn off rsyslog's single-message compression extension when it interferes with non-syslog message processing (the parser subsystem expects syslog messages, not generic text) closes https://github.com/rsyslog/rsyslog/issues/4598

Topics Covered

security advisory heap overflow SUSE Linux software enhancements important updates rsyslog fix TCP reception issue

References

#1051798 #1068678 #1080238 #1082318 #1101642

#1110456 #1160414 #1178288 #1178490 #1182653

#1188039 #1199061 SLE-23304

Cross- CVE-2022-24903

CVSS scores:

CVE-2022-24903 (NVD) : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2022-24903 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products:

SUSE Linux Enterprise Server 12-SP5

https://www.suse.com/security/cve/CVE-2022-24903.html

https://bugzilla.suse.com/1051798

https://bugzilla.suse.com/1068678

https://bugzilla.suse.com/1080238

https://bugzilla.suse.com/1082318

https://bugzilla.suse.com/1101642

https://bugzilla.suse.com/1110456

https://bugzilla.suse.com/1160414

https://bugzilla.suse.com/1178288

https://bugzilla.suse.com/1178490

Severity

important

Lowest

Low

Medium

High

Critical

Announcement ID: SUSE-SU-2022:2314-1

Rating: important

Topics Covered

security advisory heap overflow SUSE Linux software enhancements important updates rsyslog fix TCP reception issue

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE Linux 12-SP5: SUSE-SU-2022:2314-1 Critical: Rsyslog Heap Overflow

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE Linux 12-SP5: SUSE-SU-2022:2314-1 Critical: Rsyslog Heap Overflow

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!