rsyslog, rsyslog5 security update

CentOS Errata and Security Advisory CESA-2014:1671

The rsyslog packages provide an enhanced, multi-threaded syslog daemon
that supports writing to relational databases, syslog/TCP, RFC 3195,
permitted sender lists, filtering on any message part, and fine grained
output format control.

A flaw was found in the way rsyslog handled invalid log message priority
values. In certain configurations, a local attacker, or a remote attacker
able to connect to the rsyslog port, could use this flaw to crash the
rsyslog daemon. (CVE-2014-3634)

Red Hat would like to thank Rainer Gerhards of rsyslog upstream for
reporting this issue.

All rsyslog5 and rsyslog users are advised to upgrade to these updated
packages, which contain a backported patch to correct this issue. After
installing the update, the rsyslog service will be restarted automatically.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2014-October/082861.html
https://lists.centos.org/pipermail/centos-cr-announce/2014-October/027753.html

Affected packages:
rsyslog
rsyslog-gnutls
rsyslog-gssapi
rsyslog-mysql
rsyslog-pgsql
rsyslog-relp
rsyslog-snmp
rsyslog5
rsyslog5-gnutls
rsyslog5-gssapi
rsyslog5-mysql
rsyslog5-pgsql
rsyslog5-snmp

Upstream details at:
https://access.redhat.com/errata/RHSA-2014:1671