drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Zwei Probleme in rsyslog
Name: |
Zwei Probleme in rsyslog |
|
ID: |
USN-2381-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 10.04 LTS, Ubuntu 12.04 LTS, Ubuntu 14.04 LTS |
|
Datum: |
Fr, 10. Oktober 2014, 08:49 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3634
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3683 |
|
Applikationen: |
rsyslog |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============1384866172389369021== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="RcFhwOrgMGkCtgSGckGwqbHsRcjQlQeoB"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --RcFhwOrgMGkCtgSGckGwqbHsRcjQlQeoB Content-Type: text/plain; charset=utf- Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-2381-1 October 09, 2014
rsyslog vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS - Ubuntu 12.04 LTS - Ubuntu 10.04 LTS
Summary:
Rsyslog could be made to crash if it received specially crafted input.
Software Description: - rsyslog: Enhanced syslogd
Details:
It was discovered that Rsyslog incorrectly handled invalid PRI values. An attacker could use this issue to send malformed messages to the Rsyslog server and cause it to stop responding, resulting in a denial of service and possibly message loss. (CVE-2014-3634, CVE-2014-3683)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.04 LTS: rsyslog 7.4.4-1ubuntu2.3
Ubuntu 12.04 LTS: rsyslog 5.8.6-1ubuntu8.9
Ubuntu 10.04 LTS: rsyslog 4.2.0-2ubuntu8.3
In general, a standard system update will make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-2381-1 CVE-2014-3634, CVE-2014-3683
Package Information: https://launchpad.net/ubuntu/+source/rsyslog/7.4.4-1ubuntu2.3 https://launchpad.net/ubuntu/+source/rsyslog/5.8.6-1ubuntu8.9 https://launchpad.net/ubuntu/+source/rsyslog/4.2.0-2ubuntu8.3
--RcFhwOrgMGkCtgSGckGwqbHsRcjQlQeoB Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIcBAEBCgAGBQJUNr8tAAoJEGVp2FWnRL6TVggQAKbjR7glJknMgK/xYIw7LT7x fCMCfIGjh0gkDHWu/fNBoPXJqMASkCkSDW6v84+lMWa/FlKu0KWMgrxG0hdYdX3g EpgZDqNKGDHJoRjZSih1/15sbHuhP1jWyjzVlyUleZJk8kJxNhgKTFR/fw00Tabz iKLif23utPC9L9Kq4QAie0RmlowoBZxM5W2UjRyExjCLsMCX9GFvyHy/9F5EgPZU o7CUC5U0E6p/EufmV8Jl304uKPkavM5HPnseFWoDL+xxcQEFMbUlPQ8WUcoVzdwo b+mNd8uLxWR1ezbgJeMeVaTQy06ntwbejv+haYU3EreLQVlKSiKYdud1VmEx3bQ5 VV1lK//yPpB63g1oufXhzummtC8ycpHKL2Zqi6pzA9KxblCw8KG5T2R1czljy/0/ 8vCilqudhpLSTB/TG3/1XB1bqKrddEA87yzjzDXs3ncKiMpvj6SeX4AoepzjJRwz 2DVQHjAhtRq3w/1nCvpc2dRB/ssI8dUwvHbG5AOROoY4UCPq4/B+8hot3ZbMmyoi mWqFVsq1ATIIsZ2BdumofjZj4Mncssvn3c8zj3UJrt3Ao9yfyIj29n3OEhGhXnEA xwZ+Zjcql5LE5uJxTzOFPr36FDfK2NHXcXwalrNIblv51rUphVhF1D64B5DIRTMR ttoVCpb0AByprf37f9gH =wmQX -----END PGP SIGNATURE-----
--RcFhwOrgMGkCtgSGckGwqbHsRcjQlQeoB--
--===============1384866172389369021== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============1384866172389369021==--
|
|
|
|