lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1XgURB-000788-C6@titan.mandriva.com>
Date: Tue, 21 Oct 2014 10:05:01 +0200
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDVSA-2014:196 ] rsyslog

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2014:196
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : rsyslog
 Date    : October 21, 2014
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Updated rsyslog packages fix security vulnerability:
 
 Rainer Gerhards, the rsyslog project leader, reported a vulnerability
 in Rsyslog. As a consequence of this vulnerability an attacker can send
 malformed messages to a server, if this one accepts data from untrusted
 sources, and trigger a denial of service attack (CVE-2014-3634).
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3634
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3683
 http://advisories.mageia.org/MGASA-2014-0411.html
 _______________________________________________________________________

 Updated Packages:

 Mandriva Business Server 1/X86_64:
 47cebc3906b07f75d29367f639b37839  mbs1/x86_64/rsyslog-5.8.10-6.2.mbs1.x86_64.rpm
 090c8cd3d9a4cde449663a398ca37a8b  mbs1/x86_64/rsyslog-dbi-5.8.10-6.2.mbs1.x86_64.rpm
 f5273d9304494018da3f98ad3bbc241d  mbs1/x86_64/rsyslog-docs-5.8.10-6.2.mbs1.x86_64.rpm
 b1ccf27e176355f2abe248dae8638484  mbs1/x86_64/rsyslog-gnutls-5.8.10-6.2.mbs1.x86_64.rpm
 a3d9704b1539551fa0a24149551cdfad  mbs1/x86_64/rsyslog-gssapi-5.8.10-6.2.mbs1.x86_64.rpm
 68b73405d1c7a373cb8dd59454e4fe7c  mbs1/x86_64/rsyslog-mysql-5.8.10-6.2.mbs1.x86_64.rpm
 399e14820e60dd27fc69ced31277d730  mbs1/x86_64/rsyslog-pgsql-5.8.10-6.2.mbs1.x86_64.rpm
 81996e698e8bdfad33da6763cbad05cd  mbs1/x86_64/rsyslog-relp-5.8.10-6.2.mbs1.x86_64.rpm
 4b090855fd4090b42e7871aa76f26335  mbs1/x86_64/rsyslog-snmp-5.8.10-6.2.mbs1.x86_64.rpm 
 588cf3e0d9244cb41b50f93fc7925f81  mbs1/SRPMS/rsyslog-5.8.10-6.2.mbs1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFURgW1mqjQ0CJFipgRAs+tAKC4r2DaMjwwBzas6ZsEzKlKNFYMjACfZD71
3/o6/dw9sqhE5YxA5INvZEE=
=iKPV
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ