You are here
Home > Preporuke > Sigurnosni propusti programskog paketa rsyslog

Sigurnosni propusti programskog paketa rsyslog

by ncert - 0

——————————————————————————–
Fedora Update Notification
FEDORA-2014-12503
2014-10-10 14:43:11
——————————————————————————–

Name : rsyslog
Product : Fedora 20
Version : 7.4.8
Release : 2.fc20
URL : http://www.rsyslog.com/
Summary : Enhanced system logging and kernel message trapping daemon
Description :
Rsyslog is an enhanced, multi-threaded syslog daemon. It supports MySQL,
syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part,
and fine grain output format control. It is compatible with stock sysklogd
and can be used as a drop-in replacement. Rsyslog is simple to set up, with
advanced features suitable for enterprise-class, encryption-protected syslog
relay chains.

——————————————————————————–
Update Information:

Security fix for CVE-2014-3634
——————————————————————————–
ChangeLog:

* Tue Oct 7 2014 Tomas Heinrich <theinric@redhat.com> 7.4.8-2
– fix CVE-2014-3634
* Tue Apr 15 2014 Jakub Čajka <jcajka@redhat.com> 7.4.8-1.1
– backport support for platforms without atomic instructions
* Thu Feb 20 2014 Tomas Heinrich <theinric@redhat.com> 7.4.8-1
– rebase to 7.4.8
– add an explicit requirement on the version of libestr
– install the rsyslog-recover-qi.pl tool
– fix a typo in a package description
– add missing defattr directives
– add rsyslog-7.4.8-omjournal-warning.patch to fix
a condition for issuing a warning in omjournal
– add a patch to allow numeric specification of UIDs/GUIDs
rsyslog-7.4.8-numeric-uid.patch
– drop the “v5” string from the conf file as it’s misleading
– add rsyslog-7.4.8-dont-link-libee.patch to prevent
linking the main binary with libee
– replace rsyslog-7.3.15-imuxsock-warning.patch
with rsyslog-7.4.8-imuxsock-wrn.patch
– link to libhiredis explicitly
– add a patch to prevent message loss in imjournal
rsyslog-7.4.8-bz1026804-imjournal-message-loss.patch
resolves: #1026804
– move the rscryutil man page to the crypto subpackage
– add a patch to fix connection initialization in ompgsql
rsyslog-7.4.8-ompgsql-delay-connection.patch
for more details see:
http://lists.adiscon.net/pipermail/rsyslog/2014-February/036202.html
– add a patch for not enforcing teplate specification in ommongodb
rsyslog-7.4.8-ommongodb-dont-require-tpl.patch
for more details see:
http://bugzilla.adiscon.com/show_bug.cgi?id=513
——————————————————————————–
References:

[ 1 ] Bug #1142373 – CVE-2014-3634 rsyslog: remote syslog PRI vulnerability
https://bugzilla.redhat.com/show_bug.cgi?id=1142373
——————————————————————————–

This update can be installed with the “yum” update program. Use
su -c ‘yum update rsyslog’ at the command line.
For more information, refer to “Managing Software with yum”,
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce

ncert
Top
More in Preporuke
Nadogradnja za Adobe Flash Player

Adobe je izdao nadogradnju za otklanjanje tri kritične ranjivosti programskog paketa Adobe Flash Player. Primjenom nadogradnje otklanjanju se ranjivosti narušavanja...

Close