Sicherheit: Ausführen beliebiger Kommandos in rsyslog - Pro-Linux

Name        : rsyslog
Product     : Fedora 20
Version     : 7.4.8
Release     : 2.fc20
URL         : http://www.rsyslog.com/
Summary     : Enhanced system logging and kernel message trapping daemon
Description :
Rsyslog is an enhanced, multi-threaded syslog daemon. It supports MySQL,
syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part,
and fine grain output format control. It is compatible with stock sysklogd
and can be used as a drop-in replacement. Rsyslog is simple to set up, with
advanced features suitable for enterprise-class, encryption-protected syslog
relay chains.

-------------------------------------------------------------------------------
-
Update Information:

Security fix for CVE-2014-3634
-------------------------------------------------------------------------------
-
ChangeLog:

* Tue Oct  7 2014 Tomas Heinrich <theinric@redhat.com> 7.4.8-2
- fix CVE-2014-3634
* Tue Apr 15 2014 Jakub Čajka <jcajka@redhat.com> 7.4.8-1.1
- backport support for platforms without atomic instructions
* Thu Feb 20 2014 Tomas Heinrich <theinric@redhat.com> 7.4.8-1
- rebase to 7.4.8
- add an explicit requirement on the version of libestr
- install the rsyslog-recover-qi.pl tool
- fix a typo in a package description
- add missing defattr directives
- add rsyslog-7.4.8-omjournal-warning.patch to fix
  a condition for issuing a warning in omjournal
- add a patch to allow numeric specification of UIDs/GUIDs
  rsyslog-7.4.8-numeric-uid.patch
- drop the "v5" string from the conf file as it's misleading
- add rsyslog-7.4.8-dont-link-libee.patch to prevent
  linking the main binary with libee
- replace rsyslog-7.3.15-imuxsock-warning.patch
  with rsyslog-7.4.8-imuxsock-wrn.patch
- link to libhiredis explicitly
- add a patch to prevent message loss in imjournal
  rsyslog-7.4.8-bz1026804-imjournal-message-loss.patch
  resolves: #1026804
- move the rscryutil man page to the crypto subpackage
- add a patch to fix connection initialization in ompgsql
  rsyslog-7.4.8-ompgsql-delay-connection.patch
  for more details see:
  http://lists.adiscon.net/pipermail/rsyslog/2014-February/036202.html
- add a patch for not enforcing teplate specification in ommongodb
  rsyslog-7.4.8-ommongodb-dont-require-tpl.patch
  for more details see:
  http://bugzilla.adiscon.com/show_bug.cgi?id=513
-------------------------------------------------------------------------------
-
References:

  [ 1 ] Bug #1142373 - CVE-2014-3634 rsyslog: remote syslog PRI vulnerability
        https://bugzilla.redhat.com/show_bug.cgi?id=1142373
-------------------------------------------------------------------------------
-

This update can be installed with the "yum" update program.  Use
su -c 'yum update rsyslog' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce