You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa rsyslog

Sigurnosni nedostaci programskog paketa rsyslog

——————————————————————————–
Fedora Update Notification
FEDORA-2019-1fb95ae48d
2019-11-24 01:14:34.457359
——————————————————————————–

Name : rsyslog
Product : Fedora 30
Version : 8.1911.0
Release : 1.fc30
URL : http://www.rsyslog.com/
Summary : Enhanced system logging and kernel message trapping daemon
Description :
Rsyslog is an enhanced, multi-threaded syslog daemon. It supports MySQL,
syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part,
and fine grain output format control. It is compatible with stock sysklogd
and can be used as a drop-in replacement. Rsyslog is simple to set up, with
advanced features suitable for enterprise-class, encryption-protected syslog
relay chains.

——————————————————————————–
Update Information:

rebase to upstream version 8.1911.0
————————————————- new modules available: *
ClickHouse output * generic REST API http output * docker API input * misc.
external program input (takes output of specified binary as log source)
——————————————————————————–
ChangeLog:

* Thu Nov 14 2019 Jiri Vymazal <jvymazal@redhat.com> – 8.1911.0-1
– rebase to upstream version 8.1911.0
resolves: rhbz#1771468
* Thu Oct 17 2019 Jiri Vymazal <jvymazal@redhat.com> – 8.1910.0-1
– rebase to upstream version 8.1910.0
resolves: rhbz#1743537
* Fri Jul 26 2019 Fedora Release Engineering <releng@fedoraproject.org> – 8.1907.0-2
– Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Wed Jul 10 2019 Jiri Vymazal <jvymazal@redhat.com> – 8.1907.0-1
– rebase to upstream version 8.1905.0
resolves: rhbz#1716391
* Mon May 13 2019 Jiri Vymazal <jvymazal@redhat.com> – 8.1904.0-1
– rebase to upstream version 8.1904.0
resolves: rhbz#1668473
——————————————————————————–
References:

[ 1 ] Bug #1766642 – CVE-2019-17040 rsyslog: out-of-bounds read in contrib/pmdb2diag/pmdb2diag.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1766642
[ 2 ] Bug #1766694 – CVE-2019-17041 rsyslog: heap-based overflow in contrib/pmaixforwardedfrom/pmaixforwardedfrom.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1766694
[ 3 ] Bug #1766701 – CVE-2019-17042 rsyslog: heap-based overflow in contrib/pmcisconames/pmcisconames.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1766701
[ 4 ] Bug #1771468 – rsyslog-8.1911.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1771468
——————————————————————————–

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2019-1fb95ae48d’ at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list — package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org

——————————————————————————–
Fedora Update Notification
FEDORA-2019-ea7d5876a4
2019-11-22 00:46:48.107031
——————————————————————————–

Name : rsyslog
Product : Fedora 31
Version : 8.1911.0
Release : 1.fc31
URL : http://www.rsyslog.com/
Summary : Enhanced system logging and kernel message trapping daemon
Description :
Rsyslog is an enhanced, multi-threaded syslog daemon. It supports MySQL,
syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part,
and fine grain output format control. It is compatible with stock sysklogd
and can be used as a drop-in replacement. Rsyslog is simple to set up, with
advanced features suitable for enterprise-class, encryption-protected syslog
relay chains.

——————————————————————————–
Update Information:

rebase to upstream version 8.1911.0
————————————————- new modules available: *
ClickHouse output * generic REST API http output * docker API input * misc.
external program input (takes output of specified binary as log source)
——————————————————————————–
ChangeLog:

* Thu Nov 14 2019 Jiri Vymazal <jvymazal@redhat.com> – 8.1911.0-1
– rebase to upstream version 8.1911.0
resolves: rhbz#1771468
* Thu Oct 17 2019 Jiri Vymazal <jvymazal@redhat.com> – 8.1910.0-1
– rebase to upstream version 8.1910.0
resolves: rhbz#1743537
——————————————————————————–
References:

[ 1 ] Bug #1766642 – CVE-2019-17040 rsyslog: out-of-bounds read in contrib/pmdb2diag/pmdb2diag.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1766642
[ 2 ] Bug #1766694 – CVE-2019-17041 rsyslog: heap-based overflow in contrib/pmaixforwardedfrom/pmaixforwardedfrom.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1766694
[ 3 ] Bug #1766701 – CVE-2019-17042 rsyslog: heap-based overflow in contrib/pmcisconames/pmcisconames.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1766701
[ 4 ] Bug #1771468 – rsyslog-8.1911.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1771468
——————————————————————————–

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2019-ea7d5876a4’ at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list — package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org

Top
More in Preporuke
Sigurnosni nedostatak programske biblioteke dpdk

Otkriven je sigurnosni nedostatak programske biblioteke dpdk za operacijski sustav Fedora. Otkriveni nedostatak potencijalnim udaljenim napadačima omogućuje izazivanje DoS stanja....

Close