[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ MDVSA-2014:196 ] rsyslog



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2014:196
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : rsyslog
 Date    : October 21, 2014
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Updated rsyslog packages fix security vulnerability:
 
 Rainer Gerhards, the rsyslog project leader, reported a vulnerability
 in Rsyslog. As a consequence of this vulnerability an attacker can send
 malformed messages to a server, if this one accepts data from untrusted
 sources, and trigger a denial of service attack (CVE-2014-3634).
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3634
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3683
 http://advisories.mageia.org/MGASA-2014-0411.html
 _______________________________________________________________________

 Updated Packages:

 Mandriva Business Server 1/X86_64:
 47cebc3906b07f75d29367f639b37839  mbs1/x86_64/rsyslog-5.8.10-6.2.mbs1.x86_64.rpm
 090c8cd3d9a4cde449663a398ca37a8b  mbs1/x86_64/rsyslog-dbi-5.8.10-6.2.mbs1.x86_64.rpm
 f5273d9304494018da3f98ad3bbc241d  mbs1/x86_64/rsyslog-docs-5.8.10-6.2.mbs1.x86_64.rpm
 b1ccf27e176355f2abe248dae8638484  mbs1/x86_64/rsyslog-gnutls-5.8.10-6.2.mbs1.x86_64.rpm
 a3d9704b1539551fa0a24149551cdfad  mbs1/x86_64/rsyslog-gssapi-5.8.10-6.2.mbs1.x86_64.rpm
 68b73405d1c7a373cb8dd59454e4fe7c  mbs1/x86_64/rsyslog-mysql-5.8.10-6.2.mbs1.x86_64.rpm
 399e14820e60dd27fc69ced31277d730  mbs1/x86_64/rsyslog-pgsql-5.8.10-6.2.mbs1.x86_64.rpm
 81996e698e8bdfad33da6763cbad05cd  mbs1/x86_64/rsyslog-relp-5.8.10-6.2.mbs1.x86_64.rpm
 4b090855fd4090b42e7871aa76f26335  mbs1/x86_64/rsyslog-snmp-5.8.10-6.2.mbs1.x86_64.rpm 
 588cf3e0d9244cb41b50f93fc7925f81  mbs1/SRPMS/rsyslog-5.8.10-6.2.mbs1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFURgW1mqjQ0CJFipgRAs+tAKC4r2DaMjwwBzas6ZsEzKlKNFYMjACfZD71
3/o6/dw9sqhE5YxA5INvZEE=
=iKPV
-----END PGP SIGNATURE-----