it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 5150-1] rsyslog security update

From: Salvatore Bonaccorso <carnil AT debian.org>
To: debian-security-announce AT lists.debian.org
Subject: [IT-SecNots] [SECURITY] [DSA 5150-1] rsyslog security update
Date: Sat, 28 May 2022 19:26:20 +0000
List-archive: https://lists.debian.org/msgid-search/E1nv24q-0006Zv-9S AT seger.debian.org
List-id: <debian-security-announce.lists.debian.org>
List-url: <http://lists.debian.org/debian-security-announce/>
Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Date:Message-Id:Subject:To:From:Reply-To:Cc:MIME-Version :Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=LZYvXMzgwqgTG88RfBmMSslgNfi6v71eL1X7xGj3yyw=; b=hB ZnBFc/5BYZ9gjMLbaFCUBr/9q+QCnoGLnF3iGbPPBiPQImbWIXsZVQ1KbPhjARrszUYIr5PH+PJq6 +80+0079rbNP9OEgoIAWJ/a9cLI2e+mMyyEeGCt358pDOxyxJ5tLrqm23Pxvx32nJ0d89IL8E+T2O sk32NYGKcJGZXAFSZK/7JKdgh71enex1vfgz6vEa9RWJCwiS3BbntxDAiQYIOVnNhZICcJVYHSMY8 IBJ4WSEl/WtDBCHwcG8eqycfNwdC10k4WbeWJ+y3aImVXfZ7dyyLb9OOOPvSCmGaLjhhK2ILQPO4o Z24dY42KplS0ucJAaIx5ZckeU0+IfqRA==;
Old-return-path: <carnil AT seger.debian.org>
Priority: urgent
Resent-date: Sat, 28 May 2022 19:26:36 +0000 (UTC)
Resent-from: debian-security-announce AT lists.debian.org
Resent-message-id: <7JHrwe6FvNB.A.4aC.sdnkiB@bendel>
Resent-sender: debian-security-announce-request AT lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5150-1 security AT debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
May 28, 2022 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : rsyslog
CVE ID : CVE-2022-24903
Debian Bug : 1010619

Peter Agten discovered that several modules for TCP syslog reception in
rsyslog, a system and kernel logging daemon, have buffer overflow flaws
when octet-counted framing is used, which could result in denial of
service or potentially the execution of arbitrary code.

For the oldstable distribution (buster), this problem has been fixed
in version 8.1901.0-1+deb10u2.

For the stable distribution (bullseye), this problem has been fixed in
version 8.2102.0-2+deb11u1.

We recommend that you upgrade your rsyslog packages.

For the detailed security status of rsyslog please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/rsyslog

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmKSdpRfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0SP/g//eOtveZA6g5gcFhcyACpQ+u7MKT8QowuuxU4gNAoBzUW30obGR7d8L4gQ
GCtT8hH7rekjOf6TcdE62JIt0bxzaOPzRfg1dc1tv7rzvNUfB4qOg8OsPkG0ikRU
VJ/nS0dN+LvPkILop3tMDPJwEdm3D31WXjB2wQbOxEAgd1RNllgY0vKSookne898
zOOjzrRM0mAyFuHGhdm0j7jVk2fC/6DSKAqNXuN5ojHv0gpctcg8wARCzP9zzo37
f/hnN4XtsO1Rs2ASAD0l+I/i2+2MCnlpnIDS7ofox25kw6TngYrRLr2F1eDM9rU7
nA6RPyySy2JtsU3ZS09j0+vb5eOBa4OyqF1QkmcVvg5Se8kPAFCkXCtrjjla4lrD
SYlU8ewo6h5ByDJbCDxA+XX4SqDH/5T5ZV11ifrnvkuxPUUZpC/dYb3N3AZ+YpTH
ZhySCBcUipW9m2kCqxZIK8RP/OXGLTgdRtgRQRN0dstyERMUkYhlK18QcMGwUNcR
+8T8a9YFo/YkbSTGCrHhGOuTVtpeXk0xI13bfdokwwbgrU8qZs3tZg9n7tbgESZY
1IsHwA2uTV+UylLZ/B8FNvXUY7OQwAK1Uu+KJg9cMFE5TEuhqpeieq7r+Sbvfi5b
jpWIa4hBn4CBGwJdyoujAGvXEENIpTGVzAiSZbf4lOajjLKuO+o=
=c/R7
-----END PGP SIGNATURE-----

[IT-SecNots] [SECURITY] [DSA 5150-1] rsyslog security update, Salvatore Bonaccorso, 28.05.2022

Archiv bereitgestellt durch MHonArc 2.6.24.