CVE-2014-3410

Cisco ASA Software’s syslog-management subsystem has a vulnerability (CVE-2014-3410) where an unauthenticated, remote attacker can obtain the administrator password during a copy operation by sniffing network traffic or reading syslog messages on a server. Root cause: improper sanitization of sys...

Multiple packages, Multiple vulnerabilities fixed in 2011

Background For more information on the packages listed in this GLSA, please see their homepage referenced in the ebuild. Description Vulnerabilities have been discovered in the packages listed below. Please review the CVE identifiers in the Reference section for details. FMOD Studio PEAR Mail LVM...

Fedora 21 : sysklogd-1.5-18.fc21 (2014-12875)

Added patch for remote syslog PRI vulnerability 1142373 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

Fedora 20 : sysklogd-1.5-18.fc20 (2014-12910)

Added patch for remote syslog PRI vulnerability 1142373 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

Fedora 19 : sysklogd-1.5-18.fc19 (2014-12878)

Added patch for remote syslog PRI vulnerability 1142373 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

Scientific Linux Security Update : openssh on SL6.x i386/x86_64 (20141014)

It was discovered that OpenSSH clients did not correctly verify DNS SSHFP records. A malicious server could use this flaw to force a connecting client to skip the DNS SSHFP record check and require the user to perform manual host verification of the DNS SSHFP record. CVE-2014-2653 It was found th...

CentOS Update for rsyslog5 CESA-2014:1671 centos5

Check the version of rsyslog5 SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882068";...

RedHat Update for rsyslog5 and rsyslog RHSA-2014:1671-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

rsyslog7 security update

CentOS Errata and Security Advisory CESA-2014:1654 Updated rsyslog7 packages that fix one security issue are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, whi...

Moderate: Red Hat Security Advisory: rsyslog5 and rsyslog security update

Updated rsyslog5 and rsyslog packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6 respectively. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

[SECURITY] [DLA 72-1] rsylog security update

Package : rsylog Version : 4.6.4-2+deb6u1 CVE ID : CVE-2014-3634 CVE-2014-3683 CVE-2014-3634 Fix remote syslog vulnerability due to improper handling of invalid PRI values. CVE-2014-3683 Followup fix for CVE-2014-3634. The initial patch was incomplete. It did not cover cases where PRI values MAXI...

DLA-72-1 rsyslog - security update

Bulletin has no description...

RHEL 6 : rsyslog7 (RHSA-2014:1654)

Updated rsyslog7 packages that fix one security issue are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

Important: Red Hat Security Advisory: rsyslog7 security update

Updated rsyslog7 packages that fix one security issue are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

[SECURITY] Fedora 20 Update: rsyslog-7.4.8-2.fc20

Rsyslog is an enhanced, multi-threaded syslog daemon. It supports MySQL, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine grain output format control. It is compatible with stock sysklogd and can be used as a drop-in replacement. Rsyslog is simple to set up,...

[SECURITY] Fedora 21 Update: rsyslog-7.4.10-5.fc21

Rsyslog is an enhanced, multi-threaded syslog daemon. It supports MySQL, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine grain output format control. It is compatible with stock sysklogd and can be used as a drop-in replacement. Rsyslog is simple to set up,...

openSUSE Security Update : rsyslog (openSUSE-SU-2014:1298-1)

Fixed remote PRI DoS vulnerability patch CVE-2014-3683,bnc899756 rsyslog-7.2.7-remote-PRI-DoS-fix-backportCVE-2014-3634. patch - Removed broken, unsupported and dropped by upstream zpipe utility from rsyslog-diag-tools package bnc890228 - Remote syslog PRI DoS vulnerability fix...

openSUSE Security Update : rsyslog (openSUSE-SU-2014:1297-1)

Fixed PRI DoS vulnerability patch CVE-2014-3683,bnc899756 rsyslog-7.4.7-remote-PRI-DoS-fix-backportCVE-2014-3634. patch - Removed broken, unsupported and dropped by upstream zpipe utility from rsyslog-diag-tools package bnc890228 - Remote syslog PRI DoS vulnerability fix CVE-2014-3634,bnc897262 +...

RedHat Update for rsyslog RHSA-2014:1397-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CentOS Update for rsyslog CESA-2014:1397 centos7

Check the version of rsyslog SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882053";...