Download
| Alert*
oval:org.secpod.oval:def:2000986
The zmq3 input and output modules in rsyslog before 8.28.0 interpreted description fields as format strings, possibly allowing a format string attack with unspecified impact. oval:org.secpod.oval:def:1801606 rsyslog is installed oval:org.secpod.oval:def:503602 The rsyslog packages provide an enhanced, multi-threaded syslog daemon. It supports MySQL, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine-grained control over output format. Security Fix: * rsyslog: heap-based overflow in contrib/pmaixforwardedfrom/pmaixforward ... oval:org.secpod.oval:def:89049663 This update for rsyslog fixes the following security issue: - CVE-2015-3243: Prevent weak permissions for generated log files, which allowed local users to obtain sensitive information . oval:org.secpod.oval:def:89049662 This update for rsyslog fixes the following security issue: - CVE-2015-3243: Prevent weak permissions for generated log files, which allowed local users to obtain sensitive information . oval:org.secpod.oval:def:109298 Rsyslog is an enhanced, multi-threaded syslog daemon. It supports MySQL, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine grain output format control. It is compatible with stock sysklogd and can be used as a drop-in replacement. Rsyslog is simple to set up, with ... oval:org.secpod.oval:def:203248 rsyslog is installed oval:org.secpod.oval:def:702253 rsyslog is installed oval:org.secpod.oval:def:89002083 This update for rsyslog fixes the following issues: The following security vulnerability was addressed: CVE-2015-3243: Make sure that log files are not created world-readable oval:org.secpod.oval:def:1601298 A numeric truncation error, leading to a heap-based buffer overflow, was found in the way the rsyslog imfile module processed text files containing long lines. An attacker could use this flaw to crash the rsyslogd daemon or, possibly, execute arbitrary code with the privileges of rsyslogd, if they a ... oval:org.secpod.oval:def:114929 Rsyslog is an enhanced, multi-threaded syslog daemon. It supports MySQL, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine grain output format control. It is compatible with stock sysklogd and can be used as a drop-in replacement. Rsyslog is simple to set up, with ... oval:org.secpod.oval:def:114977 Rsyslog is an enhanced, multi-threaded syslog daemon. It supports MySQL, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine grain output format control. It is compatible with stock sysklogd and can be used as a drop-in replacement. Rsyslog is simple to set up, with ... oval:org.secpod.oval:def:205307 The rsyslog packages provide an enhanced, multi-threaded syslog daemon. It supports MySQL, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine-grained control over output format. Security Fix: * rsyslog: imptcp: integer overflow when Octet-Counted TCP Framing is ena ... oval:org.secpod.oval:def:2001576 A denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send a specially crafted message to the imptcp socket, which would cause rsyslog to crash. Versions before 8.27.0 are vulnerable. oval:org.secpod.oval:def:503275 The rsyslog packages provide an enhanced, multi-threaded syslog daemon. It supports MySQL, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine-grained control over output format. Security Fix: * rsyslog: imptcp: integer overflow when Octet-Counted TCP Framing is ena ... oval:org.secpod.oval:def:1700279 A denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send a specially crafted message to the imptcp socket, which would cause rsyslog to crash. oval:org.secpod.oval:def:506977 The rsyslog packages provide an enhanced, multi-threaded syslog daemon. It supports MySQL, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine-grained control over output format. Security Fix: * rsyslog: Heap-based overflow in TCP syslog server For more details abo ... oval:org.secpod.oval:def:607811 Peter Agten discovered that several modules for TCP syslog reception in rsyslog, a system and kernel logging daemon, have buffer overflow flaws when octet-counted framing is used, which could result in denial of service or potentially the execution of arbitrary code. oval:org.secpod.oval:def:506960 The rsyslog packages provide an enhanced, multi-threaded syslog daemon. It supports MySQL, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine-grained control over output format. The rsyslog7 packages provide an enhanced, multi-threaded syslog daemon. It supports on ... oval:org.secpod.oval:def:500831 The rsyslog packages provide an enhanced, multi-threaded syslog daemon. A numeric truncation error, leading to a heap-based buffer overflow, was found in the way the rsyslog imfile module processed text files containing long lines. An attacker could use this flaw to crash the rsyslogd daemon or, pos ... oval:org.secpod.oval:def:1503769 Updated rsyslog packages that fix one security issue, multiple bugs, and add two enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives ... oval:org.secpod.oval:def:202371 The rsyslog packages provide an enhanced, multi-threaded syslog daemon. A numeric truncation error, leading to a heap-based buffer overflow, was found in the way the rsyslog imfile module processed text files containing long lines. An attacker could use this flaw to crash the rsyslogd daemon or, pos ... oval:org.secpod.oval:def:89050578 This update for rsyslog fixes the following issues: Security issues fixed: - CVE-2019-17041: Fixed a heap overflow in the parser for AIX log messages . - CVE-2019-17042: Fixed a heap overflow in the parser for Cisco log messages . Other issue addressed: - Fixed an issue where rsyslog was SEGFAULT du ... oval:org.secpod.oval:def:1506012 rsyslog [5.8.10-12.0.2] - Back port fix for heap-based overflow in TCP syslog server - Resolves CVE-2022-24903 [Orabug: 34226447] rsyslog7 [7.4.10-7.0.1] - Back port fix for heap-based overflow in TCP syslog server - Resolves CVE-2022-24903 [Orabug: 34226447] oval:org.secpod.oval:def:1801605 empty oval:org.secpod.oval:def:205481 The rsyslog packages provide an enhanced, multi-threaded syslog daemon. It supports MySQL, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine-grained control over output format. Security Fix: * rsyslog: heap-based overflow in contrib/pmaixforwardedfrom/pmaixforward ... oval:org.secpod.oval:def:500215 The rsyslog packages provide an enhanced, multi-threaded syslog daemon that supports MySQL, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine grained output format control. A two byte buffer overflow flaw was found in the rsyslog daemon"s parseLegacySyslogMsg func ... oval:org.secpod.oval:def:1503384 Updated rsyslog packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available ... oval:org.secpod.oval:def:1505731 [8.2102.0-7.1] - Address CVE-2022-24903, Heap-based overflow in TCP syslog server resolves: rhbz#2081400 oval:org.secpod.oval:def:601794 Rainer Gerhards, the rsyslog project leader, reported a vulnerability in Rsyslog, a system for log processing. As a consequence of this vulnerability an attacker can send malformed messages to a server, if this one accepts data from untrusted sources, and trigger a denial of service attack. oval:org.secpod.oval:def:1600119 A flaw was found in the way rsyslog handled invalid log message priority values. In certain configurations, a local attacker, or a remote attacker able to connect to the rsyslog port, could use this flaw to crash the rsyslog daemon oval:org.secpod.oval:def:107828 Rsyslog is an enhanced, multi-threaded syslog daemon. It supports MySQL, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine grain output format control. It is compatible with stock sysklogd and can be used as a drop-in replacement. Rsyslog is simple to set up, with ... oval:org.secpod.oval:def:52313 rsyslog: Enhanced syslogd Rsyslog could be made to crash if it received specially crafted input. oval:org.secpod.oval:def:122169 Rsyslog is an enhanced, multi-threaded syslog daemon. It supports MySQL, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine grain output format control. It is compatible with stock sysklogd and can be used as a drop-in replacement. Rsyslog is simple to set up, with ... oval:org.secpod.oval:def:601793 Mancha discovered a vulnerability in rsyslog, a system for log processing. This vulnerability is an integer overflow that can be triggered by malformed messages to a server, if this one accepts data from untrusted sources, provoking message loss. This vulnerability can be seen as an incomplete fix o ... oval:org.secpod.oval:def:1500776 Updated rsyslog packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available from the ... oval:org.secpod.oval:def:5800048 The rsyslog packages provide an enhanced, multi-threaded syslog daemon. It supports MySQL, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine-grained control over output format. Security Fix: * rsyslog: Heap-based overflow in TCP syslog server For more details abo ... oval:org.secpod.oval:def:501420 The rsyslog packages provide an enhanced, multi-threaded syslog daemon that supports writing to relational databases, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine grained output format control. A flaw was found in the way rsyslog handled invalid log message p ... oval:org.secpod.oval:def:501422 The rsyslog packages provide an enhanced, multi-threaded syslog daemon that supports writing to relational databases, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine grained output format control. A flaw was found in the way rsyslog handled invalid log message p ... oval:org.secpod.oval:def:1500784 Updated rsyslog5 and rsyslog packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6 respectively. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity ... oval:org.secpod.oval:def:88358 Peter Agten discovered that several modules for TCP syslog reception in rsyslog, a system and kernel logging daemon, have buffer overflow flaws when octet-counted framing is used, which could result in denial of service or potentially the execution of arbitrary code. oval:org.secpod.oval:def:89047460 This update for rsyslog fixes the following issues: - CVE-2022-24903: Fixed potential heap buffer overflow in modules for TCP syslog reception . oval:org.secpod.oval:def:19500017 A flaw was found in the way rsyslog handled invalid log message priority values. In certain configurations, a local attacker, or a remote attacker able to connect to the rsyslog port, could use this flaw to crash the rsyslog daemon or, potentially in rsyslog 7.x, execute arbitrary code as the user r ... oval:org.secpod.oval:def:203453 The rsyslog packages provide an enhanced, multi-threaded syslog daemon that supports writing to relational databases, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine grained output format control. A flaw was found in the way rsyslog handled invalid log message p ... oval:org.secpod.oval:def:1505720 [8.24.0-57.0.1.el7_9.3] - added patch to flush the journal state file [Orabug: 32583987] - Reviewed-by: Laurence Rochfort < laurence.rochfort at oracle.com > [8.24.0-57.3] - Address CVE-2022-24903, Heap-based overflow in TCP syslog server resolves: rhbz#2081395 oval:org.secpod.oval:def:204303 The rsyslog packages provide an enhanced, multi-threaded syslog daemon that supports writing to relational databases, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine grained output format control. A flaw was found in the way rsyslog handled invalid log message p ... oval:org.secpod.oval:def:702236 rsyslog: Enhanced syslogd Rsyslog could be made to crash if it received specially crafted input. oval:org.secpod.oval:def:122381 Rsyslog is an enhanced, multi-threaded syslog daemon. It supports MySQL, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine grain output format control. It is compatible with stock sysklogd and can be used as a drop-in replacement. Rsyslog is simple to set up, with ... oval:org.secpod.oval:def:97644 [CLSA-2022:1654717777] Fixed CVE-2022-24903 in rsyslog |