==========================================================================
Ubuntu Security Notice USN-2381-1
October 09, 2014
rsyslog vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 14.04 LTS
– Ubuntu 12.04 LTS
– Ubuntu 10.04 LTS
Summary:
Rsyslog could be made to crash if it received specially crafted input.
Software Description:
– rsyslog: Enhanced syslogd
Details:
It was discovered that Rsyslog incorrectly handled invalid PRI values. An
attacker could use this issue to send malformed messages to the Rsyslog
server and cause it to stop responding, resulting in a denial of service
and possibly message loss. (CVE-2014-3634, CVE-2014-3683)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 LTS:
rsyslog 7.4.4-1ubuntu2.3
Ubuntu 12.04 LTS:
rsyslog 5.8.6-1ubuntu8.9
Ubuntu 10.04 LTS:
rsyslog 4.2.0-2ubuntu8.3
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2381-1
CVE-2014-3634, CVE-2014-3683
Package Information:
https://launchpad.net/ubuntu/+source/rsyslog/7.4.4-1ubuntu2.3
https://launchpad.net/ubuntu/+source/rsyslog/5.8.6-1ubuntu8.9
https://launchpad.net/ubuntu/+source/rsyslog/4.2.0-2ubuntu8.3
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
iQIcBAEBCgAGBQJUNr8tAAoJEGVp2FWnRL6TVggQAKbjR7glJknMgK/xYIw7LT7x
fCMCfIGjh0gkDHWu/fNBoPXJqMASkCkSDW6v84+lMWa/FlKu0KWMgrxG0hdYdX3g
EpgZDqNKGDHJoRjZSih1/15sbHuhP1jWyjzVlyUleZJk8kJxNhgKTFR/fw00Tabz
iKLif23utPC9L9Kq4QAie0RmlowoBZxM5W2UjRyExjCLsMCX9GFvyHy/9F5EgPZU
o7CUC5U0E6p/EufmV8Jl304uKPkavM5HPnseFWoDL+xxcQEFMbUlPQ8WUcoVzdwo
b+mNd8uLxWR1ezbgJeMeVaTQy06ntwbejv+haYU3EreLQVlKSiKYdud1VmEx3bQ5
VV1lK//yPpB63g1oufXhzummtC8ycpHKL2Zqi6pzA9KxblCw8KG5T2R1czljy/0/
8vCilqudhpLSTB/TG3/1XB1bqKrddEA87yzjzDXs3ncKiMpvj6SeX4AoepzjJRwz
2DVQHjAhtRq3w/1nCvpc2dRB/ssI8dUwvHbG5AOROoY4UCPq4/B+8hot3ZbMmyoi
mWqFVsq1ATIIsZ2BdumofjZj4Mncssvn3c8zj3UJrt3Ao9yfyIj29n3OEhGhXnEA
xwZ+Zjcql5LE5uJxTzOFPr36FDfK2NHXcXwalrNIblv51rUphVhF1D64B5DIRTMR
ttoVCpb0AByprf37f9gH
=wmQX
—–END PGP SIGNATURE—–
—