You are here
Home > Preporuke > Sigurnosni propusti programskog paketa rsyslog

Sigurnosni propusti programskog paketa rsyslog

by ncert - 0
  • Detalji os-a: LUB
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-2381-1
October 09, 2014

rsyslog vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 14.04 LTS
– Ubuntu 12.04 LTS
– Ubuntu 10.04 LTS

Summary:

Rsyslog could be made to crash if it received specially crafted input.

Software Description:
– rsyslog: Enhanced syslogd

Details:

It was discovered that Rsyslog incorrectly handled invalid PRI values. An
attacker could use this issue to send malformed messages to the Rsyslog
server and cause it to stop responding, resulting in a denial of service
and possibly message loss. (CVE-2014-3634, CVE-2014-3683)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
rsyslog 7.4.4-1ubuntu2.3

Ubuntu 12.04 LTS:
rsyslog 5.8.6-1ubuntu8.9

Ubuntu 10.04 LTS:
rsyslog 4.2.0-2ubuntu8.3

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2381-1
CVE-2014-3634, CVE-2014-3683

Package Information:
https://launchpad.net/ubuntu/+source/rsyslog/7.4.4-1ubuntu2.3
https://launchpad.net/ubuntu/+source/rsyslog/5.8.6-1ubuntu8.9
https://launchpad.net/ubuntu/+source/rsyslog/4.2.0-2ubuntu8.3

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIcBAEBCgAGBQJUNr8tAAoJEGVp2FWnRL6TVggQAKbjR7glJknMgK/xYIw7LT7x
fCMCfIGjh0gkDHWu/fNBoPXJqMASkCkSDW6v84+lMWa/FlKu0KWMgrxG0hdYdX3g
EpgZDqNKGDHJoRjZSih1/15sbHuhP1jWyjzVlyUleZJk8kJxNhgKTFR/fw00Tabz
iKLif23utPC9L9Kq4QAie0RmlowoBZxM5W2UjRyExjCLsMCX9GFvyHy/9F5EgPZU
o7CUC5U0E6p/EufmV8Jl304uKPkavM5HPnseFWoDL+xxcQEFMbUlPQ8WUcoVzdwo
b+mNd8uLxWR1ezbgJeMeVaTQy06ntwbejv+haYU3EreLQVlKSiKYdud1VmEx3bQ5
VV1lK//yPpB63g1oufXhzummtC8ycpHKL2Zqi6pzA9KxblCw8KG5T2R1czljy/0/
8vCilqudhpLSTB/TG3/1XB1bqKrddEA87yzjzDXs3ncKiMpvj6SeX4AoepzjJRwz
2DVQHjAhtRq3w/1nCvpc2dRB/ssI8dUwvHbG5AOROoY4UCPq4/B+8hot3ZbMmyoi
mWqFVsq1ATIIsZ2BdumofjZj4Mncssvn3c8zj3UJrt3Ao9yfyIj29n3OEhGhXnEA
xwZ+Zjcql5LE5uJxTzOFPr36FDfK2NHXcXwalrNIblv51rUphVhF1D64B5DIRTMR
ttoVCpb0AByprf37f9gH
=wmQX
—–END PGP SIGNATURE—–

AutorTomislav Protega
Cert idNCERT-REF-2014-10-0017-ADV
CveCVE-2014-3634 CVE-2014-3683
ID izvornikaUSN-2381-1
Proizvodrsyslog
Izvorhttp://www.ubuntu.com
ncert
Top
More in Preporuke
Sigurnosni propusti programskog paketa bash

Ustanovljeni su novi sigurnosni propusti kod prorgamskog paketa bash koji se nadovezuju na kritičnu ranjivost CVE-2014-6271. Primjenom zakrpi otklanjanju se...

Close