SecurityHome.eu [USN-1338-1] Rsyslog vulnerability

Home / mailings PDF

[USN-1338-1] Rsyslog vulnerability
Posted on 23 January 2012
Ubuntu Security
==========================
==========================
========================
Ubuntu Security Notice USN-1338-1
January 23, 2012

rsyslog vulnerability
==========================
==========================
========================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 11.04

Summary:

Rsyslog could be made to crash if it processed a specially crafted log
message.

Software Description:
- rsyslog: Enhanced syslogd

Details:

Peter Eisentraut discovered that Rsyslog would not properly perform input
validation when configured to use imfile. If an attacker were able to
craft messages in a file that Rsyslog monitored, an attacker could cause a
denial of service. The imfile module is disabled by default in Ubuntu.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 11.04:
rsyslog 4.6.4-2ubuntu4.2

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1338-1
CVE-2011-4623

Package Information:
https://launchpad.net/ubuntu/+source/rsyslog/4.6.4-2ubuntu4.2

TOP

Mailings :

Last 20

Exploits :

Last 20