ELSA-2019-2110

Опубликовано: 13 авг. 2019

Источник: oracle-oval

Платформа: Oracle Linux 7

Описание

ELSA-2019-2110: rsyslog security and bug fix update (MODERATE)

[8.24.0-38.0.2]

Newer gcc complains about implicit declaration of prctl. Added header file to quiesce the compiler

[8.24.0-38] RHEL 7.7 ERRATUM

added patch increasing max path size preventing buffer overflow with too long paths resolves: rhbz#1656860

[8.24.0-37] RHEL 7.7 ERRATUM

edited patch fixing mmkubernetes halt after pod deletition (covscan found an issue in previous version) resolves: rhbz#1622767
added patch stopping flooding logs with journald errors resolves: rhbz#1632211
added patch stopping flooding logs with symlink false-positives resolves: rhbz#1685901
added patch stopping memory leak when processing internal msgs resolves: rhbz#1666365
added documentation patch with info about CRI-O to mmkubernetes resolves: rhbz#1625935

[8.24.0-36] RHEL 7.7 ERRATUM

added patch fixing mmkubernetes halt after pod deletition resolves: rhbz#1622767

[8.24.0-35] RHEL 7.7 ERRATUM

added patch fixing memory corruption in omfwd module resolves: rhbz#1632659
added patch fixing imfile sopping monitor after rotation resolves: rhbz#1649250
added patch addressing imptcp CVE-2018-16881 resolves: rhbz#1658288

Обновленные пакеты

Oracle Linux 7

Oracle Linux aarch64

rsyslog

8.24.0-38.0.2.el7

rsyslog-crypto

8.24.0-38.0.2.el7

rsyslog-elasticsearch

8.24.0-38.0.2.el7

rsyslog-gnutls

8.24.0-38.0.2.el7

rsyslog-gssapi

8.24.0-38.0.2.el7

rsyslog-kafka

8.24.0-38.0.2.el7

rsyslog-libdbi

8.24.0-38.0.2.el7

rsyslog-mmaudit

8.24.0-38.0.2.el7

rsyslog-mmjsonparse

8.24.0-38.0.2.el7

rsyslog-mmkubernetes

8.24.0-38.0.2.el7

rsyslog-mmnormalize

8.24.0-38.0.2.el7

rsyslog-mmsnmptrapd

8.24.0-38.0.2.el7

rsyslog-mysql

8.24.0-38.0.2.el7

rsyslog-pgsql

8.24.0-38.0.2.el7

rsyslog-relp

8.24.0-38.0.2.el7

rsyslog-snmp

8.24.0-38.0.2.el7

rsyslog-udpspoof

8.24.0-38.0.2.el7

Oracle Linux x86_64

rsyslog

8.24.0-38.el7

rsyslog-crypto

8.24.0-38.el7

rsyslog-doc

8.24.0-38.el7

rsyslog-elasticsearch

8.24.0-38.el7

rsyslog-gnutls

8.24.0-38.el7

rsyslog-gssapi

8.24.0-38.el7

rsyslog-kafka

8.24.0-38.el7

rsyslog-libdbi

8.24.0-38.el7

rsyslog-mmaudit

8.24.0-38.el7

rsyslog-mmjsonparse

8.24.0-38.el7

rsyslog-mmkubernetes

8.24.0-38.el7

rsyslog-mmnormalize

8.24.0-38.el7

rsyslog-mmsnmptrapd

8.24.0-38.el7

rsyslog-mysql

8.24.0-38.el7

rsyslog-pgsql

8.24.0-38.el7

rsyslog-relp

8.24.0-38.el7

rsyslog-snmp

8.24.0-38.el7

rsyslog-udpspoof

8.24.0-38.el7

Связанные CVE

CVE-2018-16881

Ссылки на источники

Связанные уязвимости

CVE-2018-16881

CVSS3: 7.5

ubuntu

около 7 лет назад

A denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send a specially crafted message to the imptcp socket, which would cause rsyslog to crash. Versions before 8.27.0 are vulnerable.