Advisories » MGASA-2014-0411

Updated rsyslog packages fix CVE-2014-3634

Publication date: 09 Oct 2014
Modification date: 09 Oct 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-3634

Description

Updated rsyslog packages fix security vulnerability:

Rainer Gerhards, the rsyslog project leader, reported a vulnerability in
Rsyslog. As a consequence of this vulnerability an attacker can send
malformed messages to a server, if this one accepts data from untrusted
sources, and trigger a denial of service attack (CVE-2014-3634).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=14206
• http://www.rsyslog.com/remote-syslog-pri-vulnerability/
• http://www.rsyslog.com/remote-syslog-pri-vulnerability-cve-2014-3683/
• https://www.debian.org/security/2014/dsa-3040
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3634

SRPMS

3/core

• rsyslog-5.10.1-2.2.mga3

4/core

• rsyslog-5.10.1-3.2.mga4