drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Zwei Probleme in rsyslog
| Name: |
Zwei Probleme in rsyslog |
|
| ID: |
USN-2381-1 |
|
| Distribution: |
Ubuntu |
|
| Plattformen: |
Ubuntu 10.04 LTS, Ubuntu 12.04 LTS, Ubuntu 14.04 LTS |
|
| Datum: |
Fr, 10. Oktober 2014, 08:49 |
|
| Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3634
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3683 |
|
| Applikationen: |
rsyslog |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============1384866172389369021==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="RcFhwOrgMGkCtgSGckGwqbHsRcjQlQeoB"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--RcFhwOrgMGkCtgSGckGwqbHsRcjQlQeoB
Content-Type: text/plain; charset=utf-
Content-Transfer-Encoding: quoted-printable
==========================================================================
Ubuntu Security Notice USN-2381-1
October 09, 2014
rsyslog vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS
Summary:
Rsyslog could be made to crash if it received specially crafted input.
Software Description:
- rsyslog: Enhanced syslogd
Details:
It was discovered that Rsyslog incorrectly handled invalid PRI values. An
attacker could use this issue to send malformed messages to the Rsyslog
server and cause it to stop responding, resulting in a denial of service
and possibly message loss. (CVE-2014-3634, CVE-2014-3683)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 LTS:
rsyslog 7.4.4-1ubuntu2.3
Ubuntu 12.04 LTS:
rsyslog 5.8.6-1ubuntu8.9
Ubuntu 10.04 LTS:
rsyslog 4.2.0-2ubuntu8.3
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2381-1
CVE-2014-3634, CVE-2014-3683
Package Information:
https://launchpad.net/ubuntu/+source/rsyslog/7.4.4-1ubuntu2.3
https://launchpad.net/ubuntu/+source/rsyslog/5.8.6-1ubuntu8.9
https://launchpad.net/ubuntu/+source/rsyslog/4.2.0-2ubuntu8.3
--RcFhwOrgMGkCtgSGckGwqbHsRcjQlQeoB
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJUNr8tAAoJEGVp2FWnRL6TVggQAKbjR7glJknMgK/xYIw7LT7x
fCMCfIGjh0gkDHWu/fNBoPXJqMASkCkSDW6v84+lMWa/FlKu0KWMgrxG0hdYdX3g
EpgZDqNKGDHJoRjZSih1/15sbHuhP1jWyjzVlyUleZJk8kJxNhgKTFR/fw00Tabz
iKLif23utPC9L9Kq4QAie0RmlowoBZxM5W2UjRyExjCLsMCX9GFvyHy/9F5EgPZU
o7CUC5U0E6p/EufmV8Jl304uKPkavM5HPnseFWoDL+xxcQEFMbUlPQ8WUcoVzdwo
b+mNd8uLxWR1ezbgJeMeVaTQy06ntwbejv+haYU3EreLQVlKSiKYdud1VmEx3bQ5
VV1lK//yPpB63g1oufXhzummtC8ycpHKL2Zqi6pzA9KxblCw8KG5T2R1czljy/0/
8vCilqudhpLSTB/TG3/1XB1bqKrddEA87yzjzDXs3ncKiMpvj6SeX4AoepzjJRwz
2DVQHjAhtRq3w/1nCvpc2dRB/ssI8dUwvHbG5AOROoY4UCPq4/B+8hot3ZbMmyoi
mWqFVsq1ATIIsZ2BdumofjZj4Mncssvn3c8zj3UJrt3Ao9yfyIj29n3OEhGhXnEA
xwZ+Zjcql5LE5uJxTzOFPr36FDfK2NHXcXwalrNIblv51rUphVhF1D64B5DIRTMR
ttoVCpb0AByprf37f9gH
=wmQX
-----END PGP SIGNATURE-----
--RcFhwOrgMGkCtgSGckGwqbHsRcjQlQeoB--
--===============1384866172389369021==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============1384866172389369021==--
|
|
|
|
