Описание
Security update for rsyslog
This update for rsyslog fixes the following issues:
Security issue fixed:
- CVE-2018-16881: Fixed a denial of service when both the imtcp module and Octet-Counted TCP Framing is enabled (bsc#1123164).
This update was imported from the SUSE:SLE-12-SP3:Update update project.
Список пакетов
openSUSE Leap 42.3
rsyslog-8.24.0-2.10.1
rsyslog-diag-tools-8.24.0-2.10.1
rsyslog-doc-8.24.0-2.10.1
rsyslog-module-dbi-8.24.0-2.10.1
rsyslog-module-elasticsearch-8.24.0-2.10.1
rsyslog-module-gcrypt-8.24.0-2.10.1
rsyslog-module-gssapi-8.24.0-2.10.1
rsyslog-module-gtls-8.24.0-2.10.1
rsyslog-module-guardtime-8.24.0-2.10.1
rsyslog-module-mmnormalize-8.24.0-2.10.1
rsyslog-module-mysql-8.24.0-2.10.1
rsyslog-module-omamqp1-8.24.0-2.10.1
rsyslog-module-omhttpfs-8.24.0-2.10.1
rsyslog-module-omtcl-8.24.0-2.10.1
rsyslog-module-pgsql-8.24.0-2.10.1
rsyslog-module-relp-8.24.0-2.10.1
rsyslog-module-snmp-8.24.0-2.10.1
rsyslog-module-udpspoof-8.24.0-2.10.1
Ссылки
- E-Mail link for openSUSE-SU-2019:0154-1
- SUSE Security Ratings
Описание
A denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send a specially crafted message to the imptcp socket, which would cause rsyslog to crash. Versions before 8.27.0 are vulnerable.
Затронутые продукты
openSUSE Leap 42.3:rsyslog-8.24.0-2.10.1
openSUSE Leap 42.3:rsyslog-diag-tools-8.24.0-2.10.1
openSUSE Leap 42.3:rsyslog-doc-8.24.0-2.10.1
openSUSE Leap 42.3:rsyslog-module-dbi-8.24.0-2.10.1
Ссылки
- CVE-2018-16881
- SUSE Bug 1123164