Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -4 articles for you...
98
security advisoryRed HatupdateRed Hat 9 RHSA-2022:4795-02 Critical: Rsyslog Memory Leak Vulnerability
An update for rsyslog is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: rsyslog security update Advisory ID: RHSA-2022:4795-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:4795 Issue date: 2022-05-30 CVE Names: CVE-2022-24903 ==================================================================== 1. Summary: An update for rsyslog is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 9) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: The rsyslog packages provide an enhanced, multi-threaded syslog daemon. It supports MySQL, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine-grained control over output format. Security Fix(es): * rsyslog: Heap-based overflow in TCP syslog server (CVE-2022-24903) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2081353 - CVE-2022-24903 rsyslog: Heap-based overflowin TCP syslog server 6. Package List: Red Hat Enterprise Linux AppStream (v.9): Source: rsyslog-8.2102.0-101.el9_0.1.src.rpm aarch64: rsyslog-8.2102.0-101.el9_0.1.aarch64.rpm rsyslog-crypto-8.2102.0-101.el9_0.1.aarch64.rpm rsyslog-crypto-debuginfo-8.2102.0-101.el9_0.1.aarch64.rpm rsyslog-debuginfo-8.2102.0-101.el9_0.1.aarch64.rpm rsyslog-debugsource-8.2102.0-101.el9_0.1.aarch64.rpm rsyslog-elasticsearch-8.2102.0-101.el9_0.1.aarch64.rpm rsyslog-elasticsearch-debuginfo-8.2102.0-101.el9_0.1.aarch64.rpm rsyslog-gnutls-8.2102.0-101.el9_0.1.aarch64.rpm rsyslog-gnutls-debuginfo-8.2102.0-101.el9_0.1.aarch64.rpm rsyslog-gssapi-8.2102.0-101.el9_0.1.aarch64.rpm rsyslog-gssapi-debuginfo-8.2102.0-101.el9_0.1.aarch64.rpm rsyslog-kafka-8.2102.0-101.el9_0.1.aarch64.rpm rsyslog-kafka-debuginfo-8.2102.0-101.el9_0.1.aarch64.rpm rsyslog-logrotate-8.2102.0-101.el9_0.1.aarch64.rpm rsyslog-mmaudit-8.2102.0-101.el9_0.1.aarch64.rpm rsyslog-mmaudit-debuginfo-8.2102.0-101.el9_0.1.aarch64.rpm rsyslog-mmfields-8.2102.0-101.el9_0.1.aarch64.rpm rsyslog-mmfields-debuginfo-8.2102.0-101.el9_0.1.aarch64.rpm rsyslog-mmjsonparse-8.2102.0-101.el9_0.1.aarch64.rpm rsyslog-mmjsonparse-debuginfo-8.2102.0-101.el9_0.1.aarch64.rpm rsyslog-mmkubernetes-8.2102.0-101.el9_0.1.aarch64.rpm rsyslog-mmkubernetes-debuginfo-8.2102.0-101.el9_0.1.aarch64.rpm rsyslog-mmnormalize-8.2102.0-101.el9_0.1.aarch64.rpm rsyslog-mmnormalize-debuginfo-8.2102.0-101.el9_0.1.aarch64.rpm rsyslog-mmsnmptrapd-8.2102.0-101.el9_0.1.aarch64.rpm rsyslog-mmsnmptrapd-debuginfo-8.2102.0-101.el9_0.1.aarch64.rpm rsyslog-mysql-8.2102.0-101.el9_0.1.aarch64.rpm rsyslog-mysql-debuginfo-8.2102.0-101.el9_0.1.aarch64.rpm rsyslog-omamqp1-8.2102.0-101.el9_0.1.aarch64.rpm rsyslog-omamqp1-debuginfo-8.2102.0-101.el9_0.1.aarch64.rpm rsyslog-openssl-8.2102.0-101.el9_0.1.aarch64.rpm rsyslog-openssl-debuginfo-8.2102.0-101.el9_0.1.aarch64.rpm rsyslog-pgsql-8.2102.0-101.el9_0.1.aarch64.rpm rsyslog-pgsql-debuginfo-8.2102.0-101.el9_0.1.aarch64.rpm rsyslog-relp-8.2102.0-101.el9_0.1.aarch64.rpm rsyslog-relp-debuginfo-8.2102.0-101.el9_0.1.aarch64.rpm rsyslog-snmp-8.2102.0-101.el9_0.1.aarch64.rpm rsyslog-snmp-debuginfo-8.2102.0-101.el9_0.1.aarch64.rpm rsyslog-udpspoof-8.2102.0-101.el9_0.1.aarch64.rpm rsyslog-udpspoof-debuginfo-8.2102.0-101.el9_0.1.aarch64.rpm noarch: rsyslog-doc-8.2102.0-101.el9_0.1.noarch.rpm ppc64le: rsyslog-8.2102.0-101.el9_0.1.ppc64le.rpm rsyslog-crypto-8.2102.0-101.el9_0.1.ppc64le.rpm rsyslog-crypto-debuginfo-8.2102.0-101.el9_0.1.ppc64le.rpm rsyslog-debuginfo-8.2102.0-101.el9_0.1.ppc64le.rpm rsyslog-debugsource-8.2102.0-101.el9_0.1.ppc64le.rpm rsyslog-elasticsearch-8.2102.0-101.el9_0.1.ppc64le.rpm rsyslog-elasticsearch-debuginfo-8.2102.0-101.el9_0.1.ppc64le.rpm rsyslog-gnutls-8.2102.0-101.el9_0.1.ppc64le.rpm rsyslog-gnutls-debuginfo-8.2102.0-101.el9_0.1.ppc64le.rpm rsyslog-gssapi-8.2102.0-101.el9_0.1.ppc64le.rpm rsyslog-gssapi-debuginfo-8.2102.0-101.el9_0.1.ppc64le.rpm rsyslog-kafka-8.2102.0-101.el9_0.1.ppc64le.rpm rsyslog-kafka-debuginfo-8.2102.0-101.el9_0.1.ppc64le.rpm rsyslog-logrotate-8.2102.0-101.el9_0.1.ppc64le.rpm rsyslog-mmaudit-8.2102.0-101.el9_0.1.ppc64le.rpm rsyslog-mmaudit-debuginfo-8.2102.0-101.el9_0.1.ppc64le.rpm rsyslog-mmfields-8.2102.0-101.el9_0.1.ppc64le.rpm rsyslog-mmfields-debuginfo-8.2102.0-101.el9_0.1.ppc64le.rpm rsyslog-mmjsonparse-8.2102.0-101.el9_0.1.ppc64le.rpm rsyslog-mmjsonparse-debuginfo-8.2102.0-101.el9_0.1.ppc64le.rpm rsyslog-mmkubernetes-8.2102.0-101.el9_0.1.ppc64le.rpm rsyslog-mmkubernetes-debuginfo-8.2102.0-101.el9_0.1.ppc64le.rpm rsyslog-mmnormalize-8.2102.0-101.el9_0.1.ppc64le.rpm rsyslog-mmnormalize-debuginfo-8.2102.0-101.el9_0.1.ppc64le.rpm rsyslog-mmsnmptrapd-8.2102.0-101.el9_0.1.ppc64le.rpm rsyslog-mmsnmptrapd-debuginfo-8.2102.0-101.el9_0.1.ppc64le.rpm rsyslog-mysql-8.2102.0-101.el9_0.1.ppc64le.rpm rsyslog-mysql-debuginfo-8.2102.0-101.el9_0.1.ppc64le.rpm rsyslog-omamqp1-8.2102.0-101.el9_0.1.ppc64le.rpm rsyslog-omamqp1-debuginfo-8.2102.0-101.el9_0.1.ppc64le.rpm rsyslog-openssl-8.2102.0-101.el9_0.1.ppc64le.rpm rsyslog-openssl-debuginfo-8.2102.0-101.el9_0.1.ppc64le.rpm rsyslog-pgsql-8.2102.0-101.el9_0.1.ppc64le.rpm rsyslog-pgsql-debuginfo-8.2102.0-101.el9_0.1.ppc64le.rpm rsyslog-relp-8.2102.0-101.el9_0.1.ppc64le.rpm rsyslog-relp-debuginfo-8.2102.0-101.el9_0.1.ppc64le.rpm rsyslog-snmp-8.2102.0-101.el9_0.1.ppc64le.rpm rsyslog-snmp-debuginfo-8.2102.0-101.el9_0.1.ppc64le.rpm rsyslog-udpspoof-8.2102.0-101.el9_0.1.ppc64le.rpm rsyslog-udpspoof-debuginfo-8.2102.0-101.el9_0.1.ppc64le.rpm s390x: rsyslog-8.2102.0-101.el9_0.1.s390x.rpm rsyslog-crypto-8.2102.0-101.el9_0.1.s390x.rpm rsyslog-crypto-debuginfo-8.2102.0-101.el9_0.1.s390x.rpm rsyslog-debuginfo-8.2102.0-101.el9_0.1.s390x.rpm rsyslog-debugsource-8.2102.0-101.el9_0.1.s390x.rpm rsyslog-elasticsearch-8.2102.0-101.el9_0.1.s390x.rpm rsyslog-elasticsearch-debuginfo-8.2102.0-101.el9_0.1.s390x.rpm rsyslog-gnutls-8.2102.0-101.el9_0.1.s390x.rpm rsyslog-gnutls-debuginfo-8.2102.0-101.el9_0.1.s390x.rpm rsyslog-gssapi-8.2102.0-101.el9_0.1.s390x.rpm rsyslog-gssapi-debuginfo-8.2102.0-101.el9_0.1.s390x.rpm rsyslog-kafka-8.2102.0-101.el9_0.1.s390x.rpm rsyslog-kafka-debuginfo-8.2102.0-101.el9_0.1.s390x.rpm rsyslog-logrotate-8.2102.0-101.el9_0.1.s390x.rpm rsyslog-mmaudit-8.2102.0-101.el9_0.1.s390x.rpm rsyslog-mmaudit-debuginfo-8.2102.0-101.el9_0.1.s390x.rpm rsyslog-mmfields-8.2102.0-101.el9_0.1.s390x.rpm rsyslog-mmfields-debuginfo-8.2102.0-101.el9_0.1.s390x.rpm rsyslog-mmjsonparse-8.2102.0-101.el9_0.1.s390x.rpm rsyslog-mmjsonparse-debuginfo-8.2102.0-101.el9_0.1.s390x.rpm rsyslog-mmkubernetes-8.2102.0-101.el9_0.1.s390x.rpm rsyslog-mmkubernetes-debuginfo-8.2102.0-101.el9_0.1.s390x.rpm rsyslog-mmnormalize-8.2102.0-101.el9_0.1.s390x.rpm rsyslog-mmnormalize-debuginfo-8.2102.0-101.el9_0.1.s390x.rpm rsyslog-mmsnmptrapd-8.2102.0-101.el9_0.1.s390x.rpm rsyslog-mmsnmptrapd-debuginfo-8.2102.0-101.el9_0.1.s390x.rpm rsyslog-mysql-8.2102.0-101.el9_0.1.s390x.rpm rsyslog-mysql-debuginfo-8.2102.0-101.el9_0.1.s390x.rpm rsyslog-omamqp1-8.2102.0-101.el9_0.1.s390x.rpm rsyslog-omamqp1-debuginfo-8.2102.0-101.el9_0.1.s390x.rpm rsyslog-openssl-8.2102.0-101.el9_0.1.s390x.rpm rsyslog-openssl-debuginfo-8.2102.0-101.el9_0.1.s390x.rpm rsyslog-pgsql-8.2102.0-101.el9_0.1.s390x.rpm rsyslog-pgsql-debuginfo-8.2102.0-101.el9_0.1.s390x.rpm rsyslog-relp-8.2102.0-101.el9_0.1.s390x.rpm rsyslog-relp-debuginfo-8.2102.0-101.el9_0.1.s390x.rpm rsyslog-snmp-8.2102.0-101.el9_0.1.s390x.rpm rsyslog-snmp-debuginfo-8.2102.0-101.el9_0.1.s390x.rpm rsyslog-udpspoof-8.2102.0-101.el9_0.1.s390x.rpm rsyslog-udpspoof-debuginfo-8.2102.0-101.el9_0.1.s390x.rpm x86_64: rsyslog-8.2102.0-101.el9_0.1.x86_64.rpm rsyslog-crypto-8.2102.0-101.el9_0.1.x86_64.rpm rsyslog-crypto-debuginfo-8.2102.0-101.el9_0.1.x86_64.rpm rsyslog-debuginfo-8.2102.0-101.el9_0.1.x86_64.rpm rsyslog-debugsource-8.2102.0-101.el9_0.1.x86_64.rpm rsyslog-elasticsearch-8.2102.0-101.el9_0.1.x86_64.rpm rsyslog-elasticsearch-debuginfo-8.2102.0-101.el9_0.1.x86_64.rpm rsyslog-gnutls-8.2102.0-101.el9_0.1.x86_64.rpm rsyslog-gnutls-debuginfo-8.2102.0-101.el9_0.1.x86_64.rpm rsyslog-gssapi-8.2102.0-101.el9_0.1.x86_64.rpm rsyslog-gssapi-debuginfo-8.2102.0-101.el9_0.1.x86_64.rpm rsyslog-kafka-8.2102.0-101.el9_0.1.x86_64.rpm rsyslog-kafka-debuginfo-8.2102.0-101.el9_0.1.x86_64.rpm rsyslog-logrotate-8.2102.0-101.el9_0.1.x86_64.rpm rsyslog-mmaudit-8.2102.0-101.el9_0.1.x86_64.rpm rsyslog-mmaudit-debuginfo-8.2102.0-101.el9_0.1.x86_64.rpm rsyslog-mmfields-8.2102.0-101.el9_0.1.x86_64.rpm rsyslog-mmfields-debuginfo-8.2102.0-101.el9_0.1.x86_64.rpm rsyslog-mmjsonparse-8.2102.0-101.el9_0.1.x86_64.rpm rsyslog-mmjsonparse-debuginfo-8.2102.0-101.el9_0.1.x86_64.rpm rsyslog-mmkubernetes-8.2102.0-101.el9_0.1.x86_64.rpm rsyslog-mmkubernetes-debuginfo-8.2102.0-101.el9_0.1.x86_64.rpm rsyslog-mmnormalize-8.2102.0-101.el9_0.1.x86_64.rpm rsyslog-mmnormalize-debuginfo-8.2102.0-101.el9_0.1.x86_64.rpm rsyslog-mmsnmptrapd-8.2102.0-101.el9_0.1.x86_64.rpm rsyslog-mmsnmptrapd-debuginfo-8.2102.0-101.el9_0.1.x86_64.rpm rsyslog-mysql-8.2102.0-101.el9_0.1.x86_64.rpm rsyslog-mysql-debuginfo-8.2102.0-101.el9_0.1.x86_64.rpm rsyslog-omamqp1-8.2102.0-101.el9_0.1.x86_64.rpm rsyslog-omamqp1-debuginfo-8.2102.0-101.el9_0.1.x86_64.rpm rsyslog-openssl-8.2102.0-101.el9_0.1.x86_64.rpm rsyslog-openssl-debuginfo-8.2102.0-101.el9_0.1.x86_64.rpm rsyslog-pgsql-8.2102.0-101.el9_0.1.x86_64.rpm rsyslog-pgsql-debuginfo-8.2102.0-101.el9_0.1.x86_64.rpm rsyslog-relp-8.2102.0-101.el9_0.1.x86_64.rpm rsyslog-relp-debuginfo-8.2102.0-101.el9_0.1.x86_64.rpm rsyslog-snmp-8.2102.0-101.el9_0.1.x86_64.rpm rsyslog-snmp-debuginfo-8.2102.0-101.el9_0.1.x86_64.rpm rsyslog-udpspoof-8.2102.0-101.el9_0.1.x86_64.rpm rsyslog-udpspoof-debuginfo-8.2102.0-101.el9_0.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2022-24903 https://access.redhat.com/security/updates/classification#important https://bugzilla.redhat.com/show_bug.cgi?id=2081353 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYpTSENzjgjWX9erEAQjszA//ZKMpIlpIQbr/N+zsVKTksEJa9ptkbOfQ MDRsSaZKVkp4PkaGQA+pjAZ2fpAthF5pkeWj/S5RQyA3KUQdrn1FywLr/xdSFQUg QJ4iJDdEOWyByZlex8LoIUqXuToxJiHaoXjAdpEMhbM4wRIcp8p7YneHjpJ+tvre FrMr6vXX0//+R1hKzdj0oZKxgWQdYZTTdHNM2IUuK6kQZ1aOsN/uALh97hlm74Sm 6mAb43VdprILWPv1I5Ilmh/RsshvQe84Z0UTv5Q/lRjhBiRWX50lBgy5IQ9U7t55 d7Zew+KwWp5Ylt0wuL4xIWJIPPbLzJSP7ZdS3WvRi3HEUCVPXJOmLKcddgGKKGH4 bimXB8tr0CbbqXEVuy38ETIIdjsJHgB76ClT/0EwA9AT0n1Du+8Mec1Q4rzWsR2y lKPLr21mT9gKMJWH5stcPxmW8OT1DLs3PxclIikdDCEnnpwrtf8QfPgF1IRg1Oxo eszeuv5Jw6vr8DOgABE+wD3p8Xusu286K49E90vkFDc+No6J1iwDaefVAi1W6hfs PjF2w3qlVqTiDsHi7B6mx+J3og7Es82YB2EKss4wVUjBavvgfo2yRpFtFfFxz/I1 a5GbRSZtxIvD6s0/4GTYblOPXP35MzR5ytqXlzlMsJIV1fzIzPnopwPZsjSchdr5 oA7mnMJ+UaA=wQG7 -----END PGP SIGNATURE----- -- RHSA-announce mailing list
May 30, 2022
•Important
Red Hat
89
security advisoryfedoraupdateFedora 35: FEDORA-2022-f796a28a7b Critical: Rsyslog Heap Overflow Threat
Rebase to 8.2204.0-1 Add patch resolving a potential heap buffer overflow, details: https://github.com/rsyslog/rsyslog/security/advisories/GHSA-ggw7-xr6h-mmr8. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-f796a28a7b 2022-05-17 01:55:55.428685 --------------------------------------------------------------------------------Name : rsyslog Product : Fedora 35 Version : 8.2204.0 Release : 1.fc35 URL : https://www.rsyslog.com/ Summary : Enhanced system logging and kernel message trapping daemon Description : Rsyslog is an enhanced, multi-threaded syslog daemon. It supports MySQL, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine grain output format control. It is compatible with stock sysklogd and can be used as a drop-in replacement. Rsyslog is simple to set up, with advanced features suitable for enterprise-class, encryption-protected syslog relay chains. --------------------------------------------------------------------------------Update Information: Rebase to 8.2204.0-1 Add patch resolving a potential heap buffer overflow, details: https://github.com/rsyslog/rsyslog/security/advisories/GHSA-ggw7-xr6h-mmr8 --------------------------------------------------------------------------------ChangeLog: * Mon May 9 2022 Attila Lakatos - 8.2204.0-1 - rebase to 8.2204.0 resolves: rhbz#1951970 - CVE-2022-24903 rsyslog: Heap-based overflow in TCP syslog server resolves: rhbz#2082302 * Wed Aug 25 2021 Attila Lakatos - 8.2102.0-5 - Enable openssl - Do not set default template for omfile resolves: rhbz#1985195 --------------------------------------------------------------------------------References: [ 1 ] Bug #2082302 - CVE-2022-24903 rsyslog: Heap-based overflow in TCP syslog server [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2082302 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-f796a28a7b' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
May 16, 2022
•Critical
Fedora
98
security advisorymoderatebuffer overflowRed Hat 6: RHSA-2011-1247-01 Moderate: Rsyslog Buffer Overflow
Updated rsyslog packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: rsyslog security update Advisory ID: RHSA-2011:1247-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2011:1247.html Issue date: 2011-09-01 CVE Names: CVE-2011-3200 ==================================================================== 1. Summary: Updated rsyslog packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: The rsyslog packages provide an enhanced, multi-threaded syslog daemon that supports MySQL, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine grained output format control. A two byte buffer overflow flaw was found in the rsyslog daemon's parseLegacySyslogMsg function. An attacker able to submit log messages to rsyslogd could use this flaw to crash the daemon. (CVE-2011-3200) All rsyslog users should upgrade to these updated packages, which contain a backported patch tocorrect this issue. After installing this update, the rsyslog daemon will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 727644 - CVE-2011-3200 rsyslog: parseLegacySyslogMsg off-by-two buffer overflow 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: i386: rsyslog-4.6.2-3.el6_1.2.i686.rpm rsyslog-debuginfo-4.6.2-3.el6_1.2.i686.rpm rsyslog-gnutls-4.6.2-3.el6_1.2.i686.rpm rsyslog-gssapi-4.6.2-3.el6_1.2.i686.rpm rsyslog-relp-4.6.2-3.el6_1.2.i686.rpm x86_64: rsyslog-4.6.2-3.el6_1.2.x86_64.rpm rsyslog-debuginfo-4.6.2-3.el6_1.2.x86_64.rpm rsyslog-gnutls-4.6.2-3.el6_1.2.x86_64.rpm rsyslog-gssapi-4.6.2-3.el6_1.2.x86_64.rpm rsyslog-relp-4.6.2-3.el6_1.2.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: i386: rsyslog-debuginfo-4.6.2-3.el6_1.2.i686.rpm rsyslog-mysql-4.6.2-3.el6_1.2.i686.rpm rsyslog-pgsql-4.6.2-3.el6_1.2.i686.rpm x86_64: rsyslog-debuginfo-4.6.2-3.el6_1.2.x86_64.rpm rsyslog-mysql-4.6.2-3.el6_1.2.x86_64.rpm rsyslog-pgsql-4.6.2-3.el6_1.2.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: x86_64: rsyslog-4.6.2-3.el6_1.2.x86_64.rpm rsyslog-debuginfo-4.6.2-3.el6_1.2.x86_64.rpm rsyslog-gnutls-4.6.2-3.el6_1.2.x86_64.rpm rsyslog-gssapi-4.6.2-3.el6_1.2.x86_64.rpm rsyslog-relp-4.6.2-3.el6_1.2.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: x86_64: rsyslog-debuginfo-4.6.2-3.el6_1.2.x86_64.rpm rsyslog-mysql-4.6.2-3.el6_1.2.x86_64.rpm rsyslog-pgsql-4.6.2-3.el6_1.2.x86_64.rpm Red Hat Enterprise Linux Server (v.6): Source: i386: rsyslog-4.6.2-3.el6_1.2.i686.rpm rsyslog-debuginfo-4.6.2-3.el6_1.2.i686.rpm rsyslog-gnutls-4.6.2-3.el6_1.2.i686.rpm rsyslog-gssapi-4.6.2-3.el6_1.2.i686.rpm rsyslog-mysql-4.6.2-3.el6_1.2.i686.rpm rsyslog-pgsql-4.6.2-3.el6_1.2.i686.rpm rsyslog-relp-4.6.2-3.el6_1.2.i686.rpm ppc64: rsyslog-4.6.2-3.el6_1.2.ppc64.rpm rsyslog-debuginfo-4.6.2-3.el6_1.2.ppc64.rpm rsyslog-gnutls-4.6.2-3.el6_1.2.ppc64.rpm rsyslog-gssapi-4.6.2-3.el6_1.2.ppc64.rpm rsyslog-mysql-4.6.2-3.el6_1.2.ppc64.rpm rsyslog-pgsql-4.6.2-3.el6_1.2.ppc64.rpm rsyslog-relp-4.6.2-3.el6_1.2.ppc64.rpm s390x: rsyslog-4.6.2-3.el6_1.2.s390x.rpm rsyslog-debuginfo-4.6.2-3.el6_1.2.s390x.rpm rsyslog-gnutls-4.6.2-3.el6_1.2.s390x.rpm rsyslog-gssapi-4.6.2-3.el6_1.2.s390x.rpm rsyslog-mysql-4.6.2-3.el6_1.2.s390x.rpm rsyslog-pgsql-4.6.2-3.el6_1.2.s390x.rpm rsyslog-relp-4.6.2-3.el6_1.2.s390x.rpm x86_64: rsyslog-4.6.2-3.el6_1.2.x86_64.rpm rsyslog-debuginfo-4.6.2-3.el6_1.2.x86_64.rpm rsyslog-gnutls-4.6.2-3.el6_1.2.x86_64.rpm rsyslog-gssapi-4.6.2-3.el6_1.2.x86_64.rpm rsyslog-mysql-4.6.2-3.el6_1.2.x86_64.rpm rsyslog-pgsql-4.6.2-3.el6_1.2.x86_64.rpm rsyslog-relp-4.6.2-3.el6_1.2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: i386: rsyslog-4.6.2-3.el6_1.2.i686.rpm rsyslog-debuginfo-4.6.2-3.el6_1.2.i686.rpm rsyslog-gnutls-4.6.2-3.el6_1.2.i686.rpm rsyslog-gssapi-4.6.2-3.el6_1.2.i686.rpm rsyslog-mysql-4.6.2-3.el6_1.2.i686.rpm rsyslog-pgsql-4.6.2-3.el6_1.2.i686.rpm rsyslog-relp-4.6.2-3.el6_1.2.i686.rpm x86_64: rsyslog-4.6.2-3.el6_1.2.x86_64.rpm rsyslog-debuginfo-4.6.2-3.el6_1.2.x86_64.rpm rsyslog-gnutls-4.6.2-3.el6_1.2.x86_64.rpm rsyslog-gssapi-4.6.2-3.el6_1.2.x86_64.rpm rsyslog-mysql-4.6.2-3.el6_1.2.x86_64.rpm rsyslog-pgsql-4.6.2-3.el6_1.2.x86_64.rpm rsyslog-relp-4.6.2-3.el6_1.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7.References: https://access.redhat.com/security/cve/CVE-2011-3200 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOX+ZlXlSAg2UNWIIRAnSfAJsGszEbl6phWeedAWZZGIRkLeu83QCcD5Ta moVeSrnERHtsD29ndhkmjF8=doBl -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
Sep 01, 2011
Red Hat
98
security advisoryRed Hat PowertoolscriticalRed Hat Powertools: RHSA-2001:151-06 Critical: Format String Flaw
These packages fix a possible format-string vulnerability in the defaultlogging callback function provided by libsasl.. ` --------------------------------------------------------------------- Red Hat, Inc. Red Hat Security Advisory Synopsis: Updated Cyrus SASL packages available Advisory ID: RHSA-2001:151-06 Issue date: 2001-11-02 Updated on: 2001-11-29 Product: Red Hat Powertools Keywords: cyrus sasl syslog format string Cross references: RHSA-2001:150 Obsoletes: --------------------------------------------------------------------- 1. Topic: Updated Cyrus-SASL packages are now available for Red Hat Power Tools 6.2. These packages fix a possible format-string vulnerability in the default logging callback function provided by libsasl. 2. Relevant releases/architectures: Red Hat Powertools 6.2 - alpha, i386, sparc 3. Problem description: The default logging callback function supplied by the Cyrus SASL library suffers from a format-string vulnerability. This function is used when a server which uses Cyrus SASL attempts to set or change a user's secrets. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2001-0869 to this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactiveprocess that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed ( for more info): 6. RPMs required: Red Hat Powertools 6.2: SRPMS: alpha: i386: sparc: 7. Verification: MD5 sum Package Name -------------------------------------------------------------------------- 58815b353b9903171c71ed27c5453c47 6.2/en/powertools/SRPMS/cyrus-sasl-1.5.24-22.6.src.rpm b7c6aa9328181c301bc1b4787d0345e4 6.2/en/powertools/alpha/cyrus-sasl-1.5.24-22.6.alpha.rpm bfc51530e88dbd005f1d7f0f83585ad6 6.2/en/powertools/alpha/cyrus-sasl-devel-1.5.24-22.6.alpha.rpm 2c5152154ce70cad31f3f35589a82f25 6.2/en/powertools/alpha/cyrus-sasl-gssapi-1.5.24-22.6.alpha.rpm 29824544efd19001da08a3040ec07932 6.2/en/powertools/i386/cyrus-sasl-1.5.24-22.6.i386.rpm eaf2f39c854e8b36ecb3bcd13dd8e064 6.2/en/powertools/i386/cyrus-sasl-devel-1.5.24-22.6.i386.rpm b3f4886cf69a22846d403b11040ab718 6.2/en/powertools/i386/cyrus-sasl-gssapi-1.5.24-22.6.i386.rpm 128167f42bb1543c9c5eb17a90b6a204 6.2/en/powertools/sparc/cyrus-sasl-1.5.24-22.6.sparc.rpm 752949756234de6adaeb2bedc8f073a9 6.2/en/powertools/sparc/cyrus-sasl-devel-1.5.24-22.6.sparc.rpm 218774230544b6a8d2f4de1a731afebf 6.2/en/powertools/sparc/cyrus-sasl-gssapi-1.5.24-22.6.sparc.rpm These packages are GPG signed by Red Hat, Inc. for security. Our key is available at: About You can verify each package with the following command: rpm --checksig If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg 8. References: CVE -CVE-2001-0869 Copyright(c) 2000, 2001 Red Hat, Inc. `. Updated OpenSSL packages for CentOS Extras resolve a significant security flaw, enhancing the overall resilience of the system.. Red Hat Powertools, Format String Flaw, Cyrus SASL, Security Update. . Severity: Critical. LinuxSecurity.com Team
Nov 29, 2001
•Critical
Red Hat
98
security advisoryRed HatcriticalRed Hat 7.0: RHSA-2000:065-04 Critical: LPRng Root Access Risk
LPRng has a string format bug in the use_syslog function which could lead to root compromise.. ` --------------------------------------------------------------------- Red Hat, Inc. Security Advisory Synopsis: LPRng contains a critical string format bug Advisory ID: RHSA-2000:065-04 Issue date: 2000-09-26 Updated on: 2000-10-04 Product: Red Hat Linux Keywords: LPRng security lpd printing lpr syslog Cross references: N/A --------------------------------------------------------------------- 1. Topic: LPRng has a string format bug in the use_syslog function which could lead to root compromise. 2. Relevant releases/architectures: Red Hat Linux 7.0 - i386 3. Problem description: LPRng has a string format bug in the use_syslog function. This function returns user input in a string that is passed to the syslog() function as the format string. It is possible to corrupt the print daemon's execution with unexpected format specifiers, thus gaining root access to the computer. The vulnerability is theoretically exploitable both locally and remotely. 4. Solution: For each RPM for your particular architecture, run: rpm -Fvh [filename] where filename is the name of the RPM. 5. Bug IDs fixed ( for more info): 17756 - Critical security hole in LPRng, remote root 6. RPMs required: Red Hat Linux 7.0: i386: sources: 7. Verification: MD5 sum Package Name -------------------------------------------------------------------------- c1fc795122b067dd9549aceb75bf5694 7.0/SRPMS/LPRng-3.6.24-2.src.rpm 05251e71ae5f2d2fdbc6611eea6f8651 7.0/i386/LPRng-3.6.24-2.i386.rpm These packages are GPG signed by Red Hat, Inc. for security. Our key is available at: You can verify each package with the following command: rpm --checksig If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg 8.References: Originally reported to bugtraq by Chris Evans on 25 Sep, 2000. Copyright(c) 2000 Red Hat, Inc. `. A critical weakness has been identified in LPRng, marked by a string manipulation issue that may allow elevation to root permissions via syslog tampering.. LPRng Security, Red Hat Security, String Format Bug. . Severity: Critical. LinuxSecurity.com Team
Oct 04, 2000
•Critical
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!