drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebiger Kommandos in rsyslog
Name: |
Ausführen beliebiger Kommandos in rsyslog |
|
ID: |
FEDORA-2014-12503 |
|
Distribution: |
Fedora |
|
Plattformen: |
Fedora 20 |
|
Datum: |
Do, 16. Oktober 2014, 11:17 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3634 |
|
Applikationen: |
rsyslog |
|
Originalnachricht |
Name : rsyslog Product : Fedora 20 Version : 7.4.8 Release : 2.fc20 URL : http://www.rsyslog.com/ Summary : Enhanced system logging and kernel message trapping daemon Description : Rsyslog is an enhanced, multi-threaded syslog daemon. It supports MySQL, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine grain output format control. It is compatible with stock sysklogd and can be used as a drop-in replacement. Rsyslog is simple to set up, with advanced features suitable for enterprise-class, encryption-protected syslog relay chains.
------------------------------------------------------------------------------- - Update Information:
Security fix for CVE-2014-3634 ------------------------------------------------------------------------------- - ChangeLog:
* Tue Oct 7 2014 Tomas Heinrich <theinric@redhat.com> 7.4.8-2 - fix CVE-2014-3634 * Tue Apr 15 2014 Jakub Čajka <jcajka@redhat.com> 7.4.8-1.1 - backport support for platforms without atomic instructions * Thu Feb 20 2014 Tomas Heinrich <theinric@redhat.com> 7.4.8-1 - rebase to 7.4.8 - add an explicit requirement on the version of libestr - install the rsyslog-recover-qi.pl tool - fix a typo in a package description - add missing defattr directives - add rsyslog-7.4.8-omjournal-warning.patch to fix a condition for issuing a warning in omjournal - add a patch to allow numeric specification of UIDs/GUIDs rsyslog-7.4.8-numeric-uid.patch - drop the "v5" string from the conf file as it's misleading - add rsyslog-7.4.8-dont-link-libee.patch to prevent linking the main binary with libee - replace rsyslog-7.3.15-imuxsock-warning.patch with rsyslog-7.4.8-imuxsock-wrn.patch - link to libhiredis explicitly - add a patch to prevent message loss in imjournal rsyslog-7.4.8-bz1026804-imjournal-message-loss.patch resolves: #1026804 - move the rscryutil man page to the crypto subpackage - add a patch to fix connection initialization in ompgsql rsyslog-7.4.8-ompgsql-delay-connection.patch for more details see: http://lists.adiscon.net/pipermail/rsyslog/2014-February/036202.html - add a patch for not enforcing teplate specification in ommongodb rsyslog-7.4.8-ommongodb-dont-require-tpl.patch for more details see: http://bugzilla.adiscon.com/show_bug.cgi?id=513 ------------------------------------------------------------------------------- - References:
[ 1 ] Bug #1142373 - CVE-2014-3634 rsyslog: remote syslog PRI vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=1142373 ------------------------------------------------------------------------------- -
This update can be installed with the "yum" update program. Use su -c 'yum update rsyslog' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ------------------------------------------------------------------------------- - _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-announce
|
|
|
|