SUSE-SU-2018:2038-1 Security update for rsyslog

This update for rsyslog fixes the following issues: The following security vulnerability was addressed: CVE-2015-3243: Make sure that log files are not created world-readable bsc935393...

Security update for rsyslog (moderate)

This update for rsyslog fixes the following security issue: - CVE-2015-3243: Prevent weak permissions for generated log files, which allowed local users to obtain sensitive information bsc935393. This update was imported from the SUSE:SLE-15:Update update project...

openSUSE Security Update : rsyslog (openSUSE-2018-738)

This update for rsyslog fixes the following security issue : - CVE-2015-3243: Prevent weak permissions for generated log files, which allowed local users to obtain sensitive information bsc935393. This update was imported from the SUSE:SLE-15:Update update project. %NASLMINLEVEL 70300 C Tenable...

SUSE-SU-2018:1937-2 Security update for rsyslog

This update for rsyslog fixes the following security issue: - CVE-2015-3243: Prevent weak permissions for generated log files, which allowed local users to obtain sensitive information bsc935393...

SUSE-SU-2018:1937-1 Security update for rsyslog

This update for rsyslog fixes the following security issue: - CVE-2015-3243: Prevent weak permissions for generated log files, which allowed local users to obtain sensitive information bsc935393...

Security Bulletin: Vulnerability in rsyslog affects SmartCloud Provisioning 2.1 for IBM Provided Software Virtual Appliance (CVE-2014-3634)

Summary Vulnerability in rsyslog package affects SmartCloud Provisioning 2.1 for IBM Provided Software Virtual Appliance CVE-2014-3634. Vulnerability Details CVEID: CVE-2014-3634 DESCRIPTION: RSyslog and sysklogd are vulnerable to a denial of service. By sending a specially-crafted message, a...

librelp security update

CentOS Errata and Security Advisory CESA-2018:1223 An update for librelp is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

Critical: Red Hat Security Advisory: librelp security update

An update for librelp is now available for Red Hat Enterprise Linux 6.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

librelp security update

CentOS Errata and Security Advisory CESA-2018:1225 An update for librelp is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

Critical: Red Hat Security Advisory: librelp security update

An update for librelp is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

Ubuntu 14.04 LTS : librelp vulnerability (USN-3612-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3612-1 advisory. Bas van Schaik and Kevin Backhouse discovered that librelp incorrectly handled checking certain x509 certificates. A remote attacker able to connect to rsyslog...

USN-3612-1: librelp vulnerability

Bas van Schaik and Kevin Backhouse discovered that librelp incorrectly handled checking certain x509 certificates. A remote attacker able to connect to rsyslog could possibly use this issue to execute arbitrary code...

USN-3612-1 librelp vulnerability

Bas van Schaik and Kevin Backhouse discovered that librelp incorrectly handled checking certain x509 certificates. A remote attacker able to connect to rsyslog could possibly use this issue to execute arbitrary code...

SUSE SLES12 Security Update : librelp (SUSE-SU-2018:0828-1)

This update for librelp fixes the following issues: CVE-2018-1000140 bsc1086730: librelp contained a stack-based buffer overflow in the checking of x509 certificates. A remote attacker with an access to the rsyslog logging facility could have exploited it by sending a specially crafted x509...

openSUSE Security Update : librelp (openSUSE-2018-319)

This update for librelp fixes the following issues : - CVE-2018-1000140: A stack-based buffer overflow in the code for checking of x509 certificates allowed a remote attacker with an access to the rsyslog logging facility to potentially execute arbitrary code by sending a specially crafted x509...

rsyslog librelp buffer overflow vulnerability

rsyslog librelp is a RELP protocol library primarily used for network event logging. A buffer overflow vulnerability exists in x509 certificate detection in rsyslog librelp 1.2.14 and earlier versions. A remote attacker can exploit this vulnerability to execute code with a specially crafted x509...

SUSE SLES12 Security Update : librelp (SUSE-SU-2018:0822-1)

This update for librelp fixes the following issues: CVE-2018-1000140 bsc1086730: librelp contained a stack-based buffer overflow in the checking of x509 certificates. A remote attacker with an access to the rsyslog logging facility could have exploited it by sending a specially crafted x509...

[SECURITY] [DSA 4151-1] librelp security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4151-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 26, 2018 https://www.debian.org/security/faq -...

CVE-2018-1000140

rsyslog librelp version 1.2.14 and earlier contains a Buffer Overflow vulnerability in the checking of x509 certificates from a peer that can result in Remote code execution. This attack appear to be exploitable a remote attacker that can connect to rsyslog and trigger a stack buffer overflow by...

Buffer overflow

rsyslog librelp version 1.2.14 and earlier contains a Buffer Overflow vulnerability in the checking of x509 certificates from a peer that can result in Remote code execution. This attack appear to be exploitable a remote attacker that can connect to rsyslog and trigger a stack buffer overflow by...