Login
Login-Name Passwort


 
Newsletter
Werbung

Sicherheit: Denial of Service in rsyslog
Aktuelle Meldungen Distributionen
Name: Denial of Service in rsyslog
ID: MDVSA-2015:130
Distribution: Mandriva
Plattformen: Mandriva Business Server 2.0
Datum: So, 29. März 2015, 14:11
Referenzen: http://advisories.mageia.org/MGASA-2014-0411.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3634

Originalnachricht

This is a multi-part message in MIME format...

------------=_1427626692-10360-30

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2015:130
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : rsyslog
Date : March 29, 2015
Affected: Business Server 2.0
_______________________________________________________________________

Problem Description:

Updated rsyslog packages fix security vulnerability:

Rainer Gerhards, the rsyslog project leader, reported a vulnerability
in Rsyslog. As a consequence of this vulnerability an attacker can send
malformed messages to a server, if this one accepts data from untrusted
sources, and trigger a denial of service attack (CVE-2014-3634).
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3634
http://advisories.mageia.org/MGASA-2014-0411.html
_______________________________________________________________________

Updated Packages:

Mandriva Business Server 2/X86_64:
74a0a6c98ec9cc0bee87aabb9ddb65b8
mbs2/x86_64/rsyslog-5.10.1-3.1.mbs2.x86_64.rpm
156677bc5490e6f72a8c67f48fdf9650
mbs2/x86_64/rsyslog-dbi-5.10.1-3.1.mbs2.x86_64.rpm
a8f5eeae2c61df1b6c4d7e7b3a168b8c
mbs2/x86_64/rsyslog-docs-5.10.1-3.1.mbs2.x86_64.rpm
2d836a6f8fc2426bdfc90d953fd96618
mbs2/x86_64/rsyslog-gnutls-5.10.1-3.1.mbs2.x86_64.rpm
288c1a732f2f706db3cb40b73d17821b
mbs2/x86_64/rsyslog-gssapi-5.10.1-3.1.mbs2.x86_64.rpm
66e982c74556babbaea455207cae6292
mbs2/x86_64/rsyslog-mysql-5.10.1-3.1.mbs2.x86_64.rpm
698785034dfc15a09d6426f1252288b5
mbs2/x86_64/rsyslog-pgsql-5.10.1-3.1.mbs2.x86_64.rpm
562703f0c7968993ff1b9014c3794bde
mbs2/x86_64/rsyslog-relp-5.10.1-3.1.mbs2.x86_64.rpm
5adc436da3f26b93fbe8cf4c15803a93
mbs2/x86_64/rsyslog-snmp-5.10.1-3.1.mbs2.x86_64.rpm
6e60ceb50bd6662b3db50025e69e0656 mbs2/SRPMS/rsyslog-5.10.1-3.1.mbs2.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFVF8vVmqjQ0CJFipgRAiU3AJ42zM0vpSQjIF9RRZOMoxMZwz0IRQCgolmP
tLgf15MgbJzajgbx+0gWbWM=
=H0Sh
-----END PGP SIGNATURE-----


------------=_1427626692-10360-30
Content-Type: text/plain; charset="UTF-8";
name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva?
Go to http://store.mandriva.com
_______________________________________________________


------------=_1427626692-10360-30--
Pro-Linux
Traut euch!
Neue Nachrichten
Werbung