blob: b4afd675ab4e77b07216f0e13a4a1fe4880d1352 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
|
<define-tag description>LTS security update</define-tag>
<define-tag moreinfo>
<p>The Wheezy patch left an unresolved symbol in the imklog module of
the Squeeze version. rsyslog worked fine except that messages from the
kernel couldn't be submitted any longer. This update fixes this issue.</p>
<p>For reference, the original advisory text follows.</p>
<ul>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2014-3634">CVE-2014-3634</a>
<p>Fix remote syslog vulnerability due to improper handling
of invalid PRI values.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2014-3683">CVE-2014-3683</a>
<p>Followup fix for <a href="https://security-tracker.debian.org/tracker/CVE-2014-3634">CVE-2014-3634</a>. The initial patch was incomplete.
It did not cover cases where PRI values > MAX_INT caused integer
overflows resulting in negative values.</p></li>
</ul>
<p>For Debian 6 <q>Squeeze</q>, these issues have been fixed in rsyslog version 4.6.4-2+deb6u2</p>
</define-tag>
# do not modify the following line
#include "$(ENGLISHDIR)/lts/security/2014/dla-72.data"
# $Id$
|
