[SECURITY] [DLA 3016-1] rsyslog security update

2022-05-2021:58:25

lists.debian.org

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.107 Low

EPSS

Percentile

95.0%

JSON

Debian LTS Advisory DLA-3016-1 [email protected]
https://www.debian.org/lts/security/ Sylvain Beucler
May 20, 2022 https://wiki.debian.org/LTS

Package : rsyslog
Version : 8.24.0-1+deb9u2
CVE ID : CVE-2018-16881 CVE-2022-24903
Debian Bug : 1010619

Several vulnerabilities were discovered in rsyslog, a system and
kernel logging daemon. When a log server is configured to accept logs
from remote clients through specific modules such as 'imptcp', an
attacker can cause a denial of service (DoS) and possibly execute code
on the server.

CVE-2018-16881

A denial of service vulnerability was found in rsyslog
in the imptcp module. An attacker could send a specially crafted
message to the imptcp socket, which would cause rsyslog to crash.

CVE-2022-24903

Modules for TCP syslog reception have a potential heap buffer
overflow when octet-counted framing is used. This can result in a
segfault or some other malfunction.

For Debian 9 stretch, these problems have been fixed in version
8.24.0-1+deb9u2.

We recommend that you upgrade your rsyslog packages.

For the detailed security status of rsyslog please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/rsyslog

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

OSVersionArchitecturePackageVersionFilename
Debian10mipselrsyslog-elasticsearch< 8.1901.0-1+deb10u2rsyslog-elasticsearch_8.1901.0-1+deb10u2_mipsel.deb
Debian11s390xrsyslog-gnutls< 8.2102.0-2+deb11u1rsyslog-gnutls_8.2102.0-2+deb11u1_s390x.deb
Debian11i386rsyslog-openssl< 8.2102.0-2+deb11u1rsyslog-openssl_8.2102.0-2+deb11u1_i386.deb
Debian9i386rsyslog-gssapi< 8.24.0-1+deb9u2rsyslog-gssapi_8.24.0-1+deb9u2_i386.deb
Debian10mips64elrsyslog-kafka-dbgsym< 8.1901.0-1+deb10u2rsyslog-kafka-dbgsym_8.1901.0-1+deb10u2_mips64el.deb
Debian10amd64rsyslog-hiredis< 8.1901.0-1+deb10u2rsyslog-hiredis_8.1901.0-1+deb10u2_amd64.deb
Debian10mips64elrsyslog-dbgsym< 8.1901.0-1+deb10u2rsyslog-dbgsym_8.1901.0-1+deb10u2_mips64el.deb
Debian11mipselrsyslog-gnutls< 8.2102.0-2+deb11u1rsyslog-gnutls_8.2102.0-2+deb11u1_mipsel.deb
Debian11s390xrsyslog-kafka-dbgsym< 8.2102.0-2+deb11u1rsyslog-kafka-dbgsym_8.2102.0-2+deb11u1_s390x.deb
Debian10i386rsyslog-pgsql-dbgsym< 8.1901.0-1+deb10u2rsyslog-pgsql-dbgsym_8.1901.0-1+deb10u2_i386.deb

OS	Version	Architecture	Package	Version	Filename
Debian	10	mipsel	rsyslog-elasticsearch	< 8.1901.0-1+deb10u2	rsyslog-elasticsearch_8.1901.0-1+deb10u2_mipsel.deb
Debian	11	s390x	rsyslog-gnutls	< 8.2102.0-2+deb11u1	rsyslog-gnutls_8.2102.0-2+deb11u1_s390x.deb
Debian	11	i386	rsyslog-openssl	< 8.2102.0-2+deb11u1	rsyslog-openssl_8.2102.0-2+deb11u1_i386.deb
Debian	9	i386	rsyslog-gssapi	< 8.24.0-1+deb9u2	rsyslog-gssapi_8.24.0-1+deb9u2_i386.deb
Debian	10	mips64el	rsyslog-kafka-dbgsym	< 8.1901.0-1+deb10u2	rsyslog-kafka-dbgsym_8.1901.0-1+deb10u2_mips64el.deb
Debian	10	amd64	rsyslog-hiredis	< 8.1901.0-1+deb10u2	rsyslog-hiredis_8.1901.0-1+deb10u2_amd64.deb
Debian	10	mips64el	rsyslog-dbgsym	< 8.1901.0-1+deb10u2	rsyslog-dbgsym_8.1901.0-1+deb10u2_mips64el.deb
Debian	11	mipsel	rsyslog-gnutls	< 8.2102.0-2+deb11u1	rsyslog-gnutls_8.2102.0-2+deb11u1_mipsel.deb
Debian	11	s390x	rsyslog-kafka-dbgsym	< 8.2102.0-2+deb11u1	rsyslog-kafka-dbgsym_8.2102.0-2+deb11u1_s390x.deb
Debian	10	i386	rsyslog-pgsql-dbgsym	< 8.1901.0-1+deb10u2	rsyslog-pgsql-dbgsym_8.1901.0-1+deb10u2_i386.deb