• [SECURITY] [DSA 5150-1] rsyslog security update

    From Salvatore Bonaccorso@21:1/5 to All on Sat May 28 21:30:01 2022
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-5150-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso
    May 28, 2022 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : rsyslog
    CVE ID : CVE-2022-24903
    Debian Bug : 1010619

    Peter Agten discovered that several modules for TCP syslog reception in rsyslog, a system and kernel logging daemon, have buffer overflow flaws
    when octet-counted framing is used, which could result in denial of
    service or potentially the execution of arbitrary code.

    For the oldstable distribution (buster), this problem has been fixed
    in version 8.1901.0-1+deb10u2.

    For the stable distribution (bullseye), this problem has been fixed in
    version 8.2102.0-2+deb11u1.

    We recommend that you upgrade your rsyslog packages.

    For the detailed security status of rsyslog please refer to its security tracker page at:
    https://security-tracker.debian.org/tracker/rsyslog

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org
    -----BEGIN PGP SIGNATURE-----

    iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmKSdpRfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0SP/g//eOtveZA6g5gcFhcyACpQ+u7MKT8QowuuxU4gNAoBzUW30obGR7d8L4gQ GCtT8hH7rekjOf6TcdE62JIt0bxzaOPzRfg1dc1tv7rzvNUfB4qOg8OsPkG0ikRU VJ/nS0dN+LvPkILop3tMDPJwEdm3D31WXjB2wQbOxEAgd1RNllgY0vKSookne898 zOOjzrRM0mAyFuHGhdm0j7jVk2fC/6DSKAqNXuN5ojHv0gpctcg8wARCzP9zzo37 f/hnN4XtsO1Rs2ASAD0l+I/i2+2MCnlpnIDS7ofox25kw6TngYrRLr2F1eDM9rU7 nA6RPyySy2JtsU3ZS09j0+vb5eOBa4OyqF1QkmcVvg5Se8kPAFCkXCtrjjla4lrD SYlU8ewo6h5ByDJbCDxA+XX4SqDH/5T5ZV11ifrnvkuxPUUZpC/dYb3N3AZ+YpTH ZhySCBcUipW9m2kCqxZIK8RP/OXGLTgdRtgRQRN0dstyERMUkYhlK18QcMGwUNcR +8T8a9YFo/YkbSTGCrHhGOuTVtpeXk0xI13bfdokwwbgrU8qZs3tZg9n7tbgESZY 1IsHwA2uTV+UylLZ/B8FNvXUY7OQwAK1Uu+KJg9cMFE5TEuhqpeieq7r+Sbvfi5b jpWIa4hBn4CBGwJdyoujAGvXEENIpTGVzAiSZbf4lOajjLKuO+o=
    =c/R7
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)