Security update for rsyslog
| Announcement ID: | SUSE-SU-2020:0424-1 |
|---|---|
| Rating: | moderate |
| References: | |
| Cross-References: | |
| CVSS scores: |
|
| Affected Products: |
|
An update that solves two vulnerabilities and has two security fixes can now be installed.
Description:
This update for rsyslog fixes the following issues:
Security issues fixed:
- CVE-2019-17041: Fixed a heap overflow in the parser for AIX log messages (bsc#1153451).
- CVE-2019-17042: Fixed a heap overflow in the parser for Cisco log messages (bsc#1153459).
Non-security issues fixed:
- Handle multiline messages correctly when using the imfile module. (bsc#1015203)
- Fix a race condition in the shutdown sequence in wtp that was causing rsyslog not to shutdown properly. (bsc#1022804)
Patch Instructions:
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
-
SUSE OpenStack Cloud 6
zypper in -t patch SUSE-OpenStack-Cloud-6-2020-424=1 -
SUSE Linux Enterprise Server for SAP Applications 12 SP1
zypper in -t patch SUSE-SLE-SAP-12-SP1-2020-424=1 -
SUSE Linux Enterprise Server 12 SP1 LTSS 12-SP1
zypper in -t patch SUSE-SLE-SERVER-12-SP1-2020-424=1
Package List:
-
SUSE OpenStack Cloud 6 (x86_64)
- rsyslog-module-relp-debuginfo-8.4.0-13.8.1
- rsyslog-module-relp-8.4.0-13.8.1
- rsyslog-module-gssapi-8.4.0-13.8.1
- rsyslog-module-snmp-8.4.0-13.8.1
- rsyslog-8.4.0-13.8.1
- rsyslog-module-gtls-8.4.0-13.8.1
- rsyslog-module-udpspoof-debuginfo-8.4.0-13.8.1
- rsyslog-module-snmp-debuginfo-8.4.0-13.8.1
- rsyslog-debuginfo-8.4.0-13.8.1
- rsyslog-module-pgsql-8.4.0-13.8.1
- rsyslog-module-gtls-debuginfo-8.4.0-13.8.1
- rsyslog-module-mysql-debuginfo-8.4.0-13.8.1
- rsyslog-module-pgsql-debuginfo-8.4.0-13.8.1
- rsyslog-module-mysql-8.4.0-13.8.1
- rsyslog-module-udpspoof-8.4.0-13.8.1
- rsyslog-module-gssapi-debuginfo-8.4.0-13.8.1
- rsyslog-doc-8.4.0-13.8.1
- rsyslog-diag-tools-8.4.0-13.8.1
- rsyslog-diag-tools-debuginfo-8.4.0-13.8.1
- rsyslog-debugsource-8.4.0-13.8.1
-
SUSE Linux Enterprise Server for SAP Applications 12 SP1 (ppc64le x86_64)
- rsyslog-module-relp-debuginfo-8.4.0-13.8.1
- rsyslog-module-relp-8.4.0-13.8.1
- rsyslog-module-gssapi-8.4.0-13.8.1
- rsyslog-module-snmp-8.4.0-13.8.1
- rsyslog-8.4.0-13.8.1
- rsyslog-module-gtls-8.4.0-13.8.1
- rsyslog-module-udpspoof-debuginfo-8.4.0-13.8.1
- rsyslog-module-snmp-debuginfo-8.4.0-13.8.1
- rsyslog-debuginfo-8.4.0-13.8.1
- rsyslog-module-pgsql-8.4.0-13.8.1
- rsyslog-module-gtls-debuginfo-8.4.0-13.8.1
- rsyslog-module-mysql-debuginfo-8.4.0-13.8.1
- rsyslog-module-pgsql-debuginfo-8.4.0-13.8.1
- rsyslog-module-mysql-8.4.0-13.8.1
- rsyslog-module-udpspoof-8.4.0-13.8.1
- rsyslog-module-gssapi-debuginfo-8.4.0-13.8.1
- rsyslog-doc-8.4.0-13.8.1
- rsyslog-diag-tools-8.4.0-13.8.1
- rsyslog-diag-tools-debuginfo-8.4.0-13.8.1
- rsyslog-debugsource-8.4.0-13.8.1
-
SUSE Linux Enterprise Server 12 SP1 LTSS 12-SP1 (ppc64le s390x x86_64)
- rsyslog-module-relp-debuginfo-8.4.0-13.8.1
- rsyslog-module-relp-8.4.0-13.8.1
- rsyslog-module-gssapi-8.4.0-13.8.1
- rsyslog-module-snmp-8.4.0-13.8.1
- rsyslog-8.4.0-13.8.1
- rsyslog-module-gtls-8.4.0-13.8.1
- rsyslog-module-udpspoof-debuginfo-8.4.0-13.8.1
- rsyslog-module-snmp-debuginfo-8.4.0-13.8.1
- rsyslog-debuginfo-8.4.0-13.8.1
- rsyslog-module-pgsql-8.4.0-13.8.1
- rsyslog-module-gtls-debuginfo-8.4.0-13.8.1
- rsyslog-module-mysql-debuginfo-8.4.0-13.8.1
- rsyslog-module-pgsql-debuginfo-8.4.0-13.8.1
- rsyslog-module-mysql-8.4.0-13.8.1
- rsyslog-module-udpspoof-8.4.0-13.8.1
- rsyslog-module-gssapi-debuginfo-8.4.0-13.8.1
- rsyslog-doc-8.4.0-13.8.1
- rsyslog-diag-tools-8.4.0-13.8.1
- rsyslog-diag-tools-debuginfo-8.4.0-13.8.1
- rsyslog-debugsource-8.4.0-13.8.1
References:
- https://www.suse.com/security/cve/CVE-2019-17041.html
- https://www.suse.com/security/cve/CVE-2019-17042.html
- https://bugzilla.suse.com/show_bug.cgi?id=1015203
- https://bugzilla.suse.com/show_bug.cgi?id=1022804
- https://bugzilla.suse.com/show_bug.cgi?id=1153451
- https://bugzilla.suse.com/show_bug.cgi?id=1153459