Security update for rsyslog
| Announcement ID: | SUSE-SU-2020:0512-1 |
|---|---|
| Rating: | moderate |
| References: | |
| Cross-References: | |
| CVSS scores: |
|
| Affected Products: |
|
An update that solves two vulnerabilities and has four security fixes can now be installed.
Description:
This update for rsyslog fixes the following issues:
Security issues fixed:
- CVE-2019-17041: Fixed a heap overflow in the parser for AIX log messages (bsc#1153451).
- CVE-2019-17042: Fixed a heap overflow in the parser for Cisco log messages (bsc#1153459).
Non-security issues fixed:
- Handle multiline messages correctly when using the imfile module. (bsc#1015203)
- Fix a race condition in the shutdown sequence in wtp that was causing rsyslog not to shutdown properly. (bsc#1022804)
- Fixed a rsyslogd SIGABORT crash if a path does not exists (bsc#1087920).
- Fixed an issue where configuration templates where not consistently flushed (bsc#1084682).
Patch Instructions:
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
-
SUSE OpenStack Cloud 7
zypper in -t patch SUSE-OpenStack-Cloud-7-2020-512=1 -
SUSE Linux Enterprise Server for SAP Applications 12 SP2
zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-512=1 -
SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2
zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-512=1 -
SUSE Linux Enterprise Server 12 SP2 LTSS 12-SP2
zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-512=1 -
SUSE Enterprise Storage 4
zypper in -t patch SUSE-Storage-4-2020-512=1
Package List:
-
SUSE OpenStack Cloud 7 (x86_64)
- rsyslog-module-pgsql-8.4.0-18.13.1
- rsyslog-module-relp-debuginfo-8.4.0-18.13.1
- rsyslog-8.4.0-18.13.1
- rsyslog-debugsource-8.4.0-18.13.1
- rsyslog-module-udpspoof-8.4.0-18.13.1
- rsyslog-doc-8.4.0-18.13.1
- rsyslog-module-gssapi-debuginfo-8.4.0-18.13.1
- rsyslog-module-snmp-debuginfo-8.4.0-18.13.1
- rsyslog-module-udpspoof-debuginfo-8.4.0-18.13.1
- rsyslog-diag-tools-debuginfo-8.4.0-18.13.1
- rsyslog-debuginfo-8.4.0-18.13.1
- rsyslog-module-mysql-debuginfo-8.4.0-18.13.1
- rsyslog-module-gtls-8.4.0-18.13.1
- rsyslog-module-mysql-8.4.0-18.13.1
- rsyslog-module-pgsql-debuginfo-8.4.0-18.13.1
- rsyslog-module-gssapi-8.4.0-18.13.1
- rsyslog-module-relp-8.4.0-18.13.1
- rsyslog-module-gtls-debuginfo-8.4.0-18.13.1
- rsyslog-module-snmp-8.4.0-18.13.1
- rsyslog-diag-tools-8.4.0-18.13.1
-
SUSE Linux Enterprise Server for SAP Applications 12 SP2 (ppc64le x86_64)
- rsyslog-module-pgsql-8.4.0-18.13.1
- rsyslog-module-relp-debuginfo-8.4.0-18.13.1
- rsyslog-8.4.0-18.13.1
- rsyslog-debugsource-8.4.0-18.13.1
- rsyslog-module-udpspoof-8.4.0-18.13.1
- rsyslog-doc-8.4.0-18.13.1
- rsyslog-module-gssapi-debuginfo-8.4.0-18.13.1
- rsyslog-module-snmp-debuginfo-8.4.0-18.13.1
- rsyslog-module-udpspoof-debuginfo-8.4.0-18.13.1
- rsyslog-diag-tools-debuginfo-8.4.0-18.13.1
- rsyslog-debuginfo-8.4.0-18.13.1
- rsyslog-module-mysql-debuginfo-8.4.0-18.13.1
- rsyslog-module-gtls-8.4.0-18.13.1
- rsyslog-module-mysql-8.4.0-18.13.1
- rsyslog-module-pgsql-debuginfo-8.4.0-18.13.1
- rsyslog-module-gssapi-8.4.0-18.13.1
- rsyslog-module-relp-8.4.0-18.13.1
- rsyslog-module-gtls-debuginfo-8.4.0-18.13.1
- rsyslog-module-snmp-8.4.0-18.13.1
- rsyslog-diag-tools-8.4.0-18.13.1
-
SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (x86_64)
- rsyslog-module-pgsql-8.4.0-18.13.1
- rsyslog-module-relp-debuginfo-8.4.0-18.13.1
- rsyslog-8.4.0-18.13.1
- rsyslog-debugsource-8.4.0-18.13.1
- rsyslog-module-udpspoof-8.4.0-18.13.1
- rsyslog-doc-8.4.0-18.13.1
- rsyslog-module-gssapi-debuginfo-8.4.0-18.13.1
- rsyslog-module-snmp-debuginfo-8.4.0-18.13.1
- rsyslog-module-udpspoof-debuginfo-8.4.0-18.13.1
- rsyslog-diag-tools-debuginfo-8.4.0-18.13.1
- rsyslog-debuginfo-8.4.0-18.13.1
- rsyslog-module-mysql-debuginfo-8.4.0-18.13.1
- rsyslog-module-gtls-8.4.0-18.13.1
- rsyslog-module-mysql-8.4.0-18.13.1
- rsyslog-module-pgsql-debuginfo-8.4.0-18.13.1
- rsyslog-module-gssapi-8.4.0-18.13.1
- rsyslog-module-relp-8.4.0-18.13.1
- rsyslog-module-gtls-debuginfo-8.4.0-18.13.1
- rsyslog-module-snmp-8.4.0-18.13.1
- rsyslog-diag-tools-8.4.0-18.13.1
-
SUSE Linux Enterprise Server 12 SP2 LTSS 12-SP2 (ppc64le s390x x86_64)
- rsyslog-module-pgsql-8.4.0-18.13.1
- rsyslog-module-relp-debuginfo-8.4.0-18.13.1
- rsyslog-8.4.0-18.13.1
- rsyslog-debugsource-8.4.0-18.13.1
- rsyslog-module-udpspoof-8.4.0-18.13.1
- rsyslog-doc-8.4.0-18.13.1
- rsyslog-module-gssapi-debuginfo-8.4.0-18.13.1
- rsyslog-module-snmp-debuginfo-8.4.0-18.13.1
- rsyslog-module-udpspoof-debuginfo-8.4.0-18.13.1
- rsyslog-diag-tools-debuginfo-8.4.0-18.13.1
- rsyslog-debuginfo-8.4.0-18.13.1
- rsyslog-module-mysql-debuginfo-8.4.0-18.13.1
- rsyslog-module-gtls-8.4.0-18.13.1
- rsyslog-module-mysql-8.4.0-18.13.1
- rsyslog-module-pgsql-debuginfo-8.4.0-18.13.1
- rsyslog-module-gssapi-8.4.0-18.13.1
- rsyslog-module-relp-8.4.0-18.13.1
- rsyslog-module-gtls-debuginfo-8.4.0-18.13.1
- rsyslog-module-snmp-8.4.0-18.13.1
- rsyslog-diag-tools-8.4.0-18.13.1
-
SUSE Enterprise Storage 4 (x86_64)
- rsyslog-module-pgsql-8.4.0-18.13.1
- rsyslog-module-relp-debuginfo-8.4.0-18.13.1
- rsyslog-8.4.0-18.13.1
- rsyslog-debugsource-8.4.0-18.13.1
- rsyslog-module-udpspoof-8.4.0-18.13.1
- rsyslog-doc-8.4.0-18.13.1
- rsyslog-module-gssapi-debuginfo-8.4.0-18.13.1
- rsyslog-module-snmp-debuginfo-8.4.0-18.13.1
- rsyslog-module-udpspoof-debuginfo-8.4.0-18.13.1
- rsyslog-diag-tools-debuginfo-8.4.0-18.13.1
- rsyslog-debuginfo-8.4.0-18.13.1
- rsyslog-module-mysql-debuginfo-8.4.0-18.13.1
- rsyslog-module-gtls-8.4.0-18.13.1
- rsyslog-module-mysql-8.4.0-18.13.1
- rsyslog-module-pgsql-debuginfo-8.4.0-18.13.1
- rsyslog-module-gssapi-8.4.0-18.13.1
- rsyslog-module-relp-8.4.0-18.13.1
- rsyslog-module-gtls-debuginfo-8.4.0-18.13.1
- rsyslog-module-snmp-8.4.0-18.13.1
- rsyslog-diag-tools-8.4.0-18.13.1
References:
- https://www.suse.com/security/cve/CVE-2019-17041.html
- https://www.suse.com/security/cve/CVE-2019-17042.html
- https://bugzilla.suse.com/show_bug.cgi?id=1015203
- https://bugzilla.suse.com/show_bug.cgi?id=1022804
- https://bugzilla.suse.com/show_bug.cgi?id=1084682
- https://bugzilla.suse.com/show_bug.cgi?id=1087920
- https://bugzilla.suse.com/show_bug.cgi?id=1153451
- https://bugzilla.suse.com/show_bug.cgi?id=1153459