|Category:||Red Hat Local Security Checks|
|Title:||RedHat Update for rsyslog RHSA-2014:1397-01|
|Summary:||The remote host is missing an update for the 'rsyslog'; package(s) announced via the referenced advisory.|
The remote host is missing an update for the 'rsyslog'
package(s) announced via the referenced advisory.
The rsyslog packages provide an enhanced, multi-threaded syslog daemon
that supports writing to relational databases, syslog/TCP, RFC 3195,
permitted sender lists, filtering on any message part, and fine grained
output format control.
A flaw was found in the way rsyslog handled invalid log message priority
values. In certain configurations, a local attacker, or a remote attacker
able to connect to the rsyslog port, could use this flaw to crash the
rsyslog daemon or, potentially, execute arbitrary code as the user running
the rsyslog daemon. (CVE-2014-3634)
Red Hat would like to thank Rainer Gerhards of rsyslog upstream for
reporting this issue.
All rsyslog users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. After installing the
update, the rsyslog service will be restarted automatically.
rsyslog on Red Hat Enterprise Linux Server (v. 7)
Please Install the Updated Packages.
Common Vulnerability Exposure (CVE) ID: CVE-2014-3634|
Debian Security Information: DSA-3040 (Google Search)
RedHat Security Advisories: RHSA-2014:1397
RedHat Security Advisories: RHSA-2014:1654
RedHat Security Advisories: RHSA-2014:1671
SuSE Security Announcement: SUSE-SU-2014:1294 (Google Search)
SuSE Security Announcement: openSUSE-SU-2014:1297 (Google Search)
SuSE Security Announcement: openSUSE-SU-2014:1298 (Google Search)
|Copyright||Copyright (C) 2014 Greenbone Networks GmbH|
|This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.