Headline
RHSA-2022:4801: Red Hat Security Advisory: rsyslog security update
An update for rsyslog is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-24903: rsyslog: Heap-based overflow in TCP syslog server
Issued:
2022-05-30
Updated:
2022-05-30
RHSA-2022:4801 - Security Advisory
- Overview
- Updated Packages
Synopsis
Important: rsyslog security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for rsyslog is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The rsyslog packages provide an enhanced, multi-threaded syslog daemon. It supports MySQL, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine-grained control over output format.
Security Fix(es):
- rsyslog: Heap-based overflow in TCP syslog server (CVE-2022-24903)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
- Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.1 ppc64le
- Red Hat Enterprise Linux Server for x86_64 - Update Services for SAP Solutions 8.1 x86_64
Fixes
- BZ - 2081353 - CVE-2022-24903 rsyslog: Heap-based overflow in TCP syslog server
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.1
SRPM
rsyslog-8.37.0-13.el8_1.1.src.rpm
SHA-256: 1f249335d38cacf7fd4ef310c01221b1c8355d3f76741b6bddf92bb5b7af890e
ppc64le
rsyslog-8.37.0-13.el8_1.1.ppc64le.rpm
SHA-256: f2d28345ca069a079b73d75a51fdccc295cb95a0c9ab110d0742c53cadc09c93
rsyslog-crypto-8.37.0-13.el8_1.1.ppc64le.rpm
SHA-256: 173e8360f7cd1d6ece7634599012c308fb3d74afebc25c62053073ea381daa3a
rsyslog-crypto-debuginfo-8.37.0-13.el8_1.1.ppc64le.rpm
SHA-256: f8c1ced747403c188ec32cae97c1ee875f58ec8386c47db82a1886273fe425eb
rsyslog-debuginfo-8.37.0-13.el8_1.1.ppc64le.rpm
SHA-256: 072d18ff6a411dfbb1828b077740805849a04eba01af9bd8d4d77fdfb883ca0a
rsyslog-debugsource-8.37.0-13.el8_1.1.ppc64le.rpm
SHA-256: f87287a2ead1c424626993271b18347a6c4f9e4de50f081c5580f9e28ed35aa8
rsyslog-doc-8.37.0-13.el8_1.1.noarch.rpm
SHA-256: ff001f3ed1f2fbc9dd25bfc37a3e9d707707a7e95b20152ec13dc377f6d9462b
rsyslog-elasticsearch-8.37.0-13.el8_1.1.ppc64le.rpm
SHA-256: 2a8000c7d1258f2eaa067bbf4992901b486d5499c871d9d48c6e21742a37998e
rsyslog-elasticsearch-debuginfo-8.37.0-13.el8_1.1.ppc64le.rpm
SHA-256: 70a87291b309092a8b91a1fef8849e4407390cca0584586294f45b10e5fa92eb
rsyslog-gnutls-8.37.0-13.el8_1.1.ppc64le.rpm
SHA-256: f9f7b6e38bc92489fd4c3457dda96d2edaf7693294ec509f07c8ea55900354a3
rsyslog-gnutls-debuginfo-8.37.0-13.el8_1.1.ppc64le.rpm
SHA-256: 2e00b859467115b7e245bf7b3cc3c03d731fb4224c88d22f95817b6e38d48766
rsyslog-gssapi-8.37.0-13.el8_1.1.ppc64le.rpm
SHA-256: 46140be68f486c239fb41197c35ee9cff8a0d44ea833d1f7d8cc1187794b853b
rsyslog-gssapi-debuginfo-8.37.0-13.el8_1.1.ppc64le.rpm
SHA-256: 52954d4030965f63b420b0593c6ae88eb75c3e9f7bd033c8102dd44a9a676103
rsyslog-kafka-8.37.0-13.el8_1.1.ppc64le.rpm
SHA-256: d675502382235e36e74a046543de6de2e31837874e5fe13a9c80697ab5625c3f
rsyslog-kafka-debuginfo-8.37.0-13.el8_1.1.ppc64le.rpm
SHA-256: b0fd1ee5ffc4e4ef32a59c3b367c19a182a195901715d0228233f70ac0a4121d
rsyslog-mmaudit-8.37.0-13.el8_1.1.ppc64le.rpm
SHA-256: a94165d128065815378356263eb6c27c2da4446d9f1ada8aa3e5fb35404d2649
rsyslog-mmaudit-debuginfo-8.37.0-13.el8_1.1.ppc64le.rpm
SHA-256: 9e5fa6b9573c60e72989bcb5fdb796a8e2b74bd644d491f03ce2adefac9d8c41
rsyslog-mmjsonparse-8.37.0-13.el8_1.1.ppc64le.rpm
SHA-256: dd413c1019f8b699be1954e1dc5dac94c3b6bfd5bfde805915de8eee0e73adc9
rsyslog-mmjsonparse-debuginfo-8.37.0-13.el8_1.1.ppc64le.rpm
SHA-256: 5fc5c3f4066a6fe330ad275fb8114375919735a1ba1412688125aa4322e9809b
rsyslog-mmkubernetes-8.37.0-13.el8_1.1.ppc64le.rpm
SHA-256: 9c7cb0cd21679553802a4a22ce5101fe646ceb7872d19c03c4d4701f1507aadb
rsyslog-mmkubernetes-debuginfo-8.37.0-13.el8_1.1.ppc64le.rpm
SHA-256: db75b878d7c77fff649c2dfa92194528d3a4998bc8ce69138be83ede4cb5d088
rsyslog-mmnormalize-8.37.0-13.el8_1.1.ppc64le.rpm
SHA-256: 2e05db75958a115d20d3865b16558037ebb9a30f3bd7bb0927c6888fa379d708
rsyslog-mmnormalize-debuginfo-8.37.0-13.el8_1.1.ppc64le.rpm
SHA-256: c2107c8669c6721eed2a8902313e9a2245216e4499486aa2e41b07b7caa9a75b
rsyslog-mmsnmptrapd-8.37.0-13.el8_1.1.ppc64le.rpm
SHA-256: 449ecf68175c1e7e79c564ddee3dd4870892f9ff502d89fd524804393a67badd
rsyslog-mmsnmptrapd-debuginfo-8.37.0-13.el8_1.1.ppc64le.rpm
SHA-256: d4dc85f2bf688119a8109a64fe2294a462d87728d1cccaadcf75ae1c6ba78c6a
rsyslog-mysql-8.37.0-13.el8_1.1.ppc64le.rpm
SHA-256: cac3f8d4d0333653205a6abbb4cd6af4319ca7d2e392baf9f60d13eea618fc0a
rsyslog-mysql-debuginfo-8.37.0-13.el8_1.1.ppc64le.rpm
SHA-256: fc1e15ec509a98e1f4cd05738f4a911f8b759a2ccb3e06b1c345b0389314fddc
rsyslog-pgsql-8.37.0-13.el8_1.1.ppc64le.rpm
SHA-256: dc28d372161f02fd5e4b768abdd21add5e1d64477323a07b446b6307c6625886
rsyslog-pgsql-debuginfo-8.37.0-13.el8_1.1.ppc64le.rpm
SHA-256: 2f21354a8525867d691babf24eef8da24ae493fba91c82c2246ebefe7887c77c
rsyslog-relp-8.37.0-13.el8_1.1.ppc64le.rpm
SHA-256: 8a3e3f664357fa379328196d0464fd996461498a9ab22f8dada550832ae3d25b
rsyslog-relp-debuginfo-8.37.0-13.el8_1.1.ppc64le.rpm
SHA-256: ef928f4ca2987ce9ea633db2e1251e873709c11c95de49f65b05c59327a811e8
rsyslog-snmp-8.37.0-13.el8_1.1.ppc64le.rpm
SHA-256: 8e26bd8480f2bfc20e309a5e9369bd2437e09a16efe859f9a142f7e20091362e
rsyslog-snmp-debuginfo-8.37.0-13.el8_1.1.ppc64le.rpm
SHA-256: 2889540ef3a2efd6be095575ad695d568484f58cbf2dc140ffd166e24e258a6a
Red Hat Enterprise Linux Server for x86_64 - Update Services for SAP Solutions 8.1
SRPM
rsyslog-8.37.0-13.el8_1.1.src.rpm
SHA-256: 1f249335d38cacf7fd4ef310c01221b1c8355d3f76741b6bddf92bb5b7af890e
x86_64
rsyslog-8.37.0-13.el8_1.1.x86_64.rpm
SHA-256: 4706adf8fb4fe60f48f1487689d61033c906f3414489847197cd58b69706d9cb
rsyslog-crypto-8.37.0-13.el8_1.1.x86_64.rpm
SHA-256: 6abf3afeebfa53dba6a460efad533a954679f71a44f804253e7785258e63f77c
rsyslog-crypto-debuginfo-8.37.0-13.el8_1.1.x86_64.rpm
SHA-256: bbe790948cdbf3a30a32ade1f95eae3bc51bff82fe21609356a8e97a4fe0042c
rsyslog-debuginfo-8.37.0-13.el8_1.1.x86_64.rpm
SHA-256: 86cb50edacaca0a02707af352e4cd7ee5d8840a329235ad9ef304fa5fe89b1a7
rsyslog-debugsource-8.37.0-13.el8_1.1.x86_64.rpm
SHA-256: 006732a24225a800ada087a6072cf50ca84e47fb88c289ddd1c1b55f31cbac61
rsyslog-doc-8.37.0-13.el8_1.1.noarch.rpm
SHA-256: ff001f3ed1f2fbc9dd25bfc37a3e9d707707a7e95b20152ec13dc377f6d9462b
rsyslog-elasticsearch-8.37.0-13.el8_1.1.x86_64.rpm
SHA-256: 4ae6b78a004143d08efc6bde510b0d02c7a31d36f9eea156d791df9f600d41c9
rsyslog-elasticsearch-debuginfo-8.37.0-13.el8_1.1.x86_64.rpm
SHA-256: 856537d8077b373d6ab8fdb8bc98f50d3120f41164dfbb35e545302273b217ce
rsyslog-gnutls-8.37.0-13.el8_1.1.x86_64.rpm
SHA-256: 165ba0d7657ba494aeaccb1dbdf52b372411ea01030c1c7256ca57da84c87769
rsyslog-gnutls-debuginfo-8.37.0-13.el8_1.1.x86_64.rpm
SHA-256: ee2d439c8e193d7ec6359e0a128464f7e561c01adfa852dc88860a7bccea547a
rsyslog-gssapi-8.37.0-13.el8_1.1.x86_64.rpm
SHA-256: e329697e6b1798b4bc84545649ab1b699b40aa5153cbca7962f17c337b613f05
rsyslog-gssapi-debuginfo-8.37.0-13.el8_1.1.x86_64.rpm
SHA-256: 29511f430197acdadbd563f1da4daa0e82a59f18667e716acfa0ec485413f411
rsyslog-kafka-8.37.0-13.el8_1.1.x86_64.rpm
SHA-256: b67855f18a1bde9e1010136d7ef774a520b383838d224f6fdbfdb16bd0fa7123
rsyslog-kafka-debuginfo-8.37.0-13.el8_1.1.x86_64.rpm
SHA-256: 9f7804c46178c4f17fafaf1ef8369e96c467af0bdd8c9567dea8e69ec87545f0
rsyslog-mmaudit-8.37.0-13.el8_1.1.x86_64.rpm
SHA-256: 41e1e37ae024bae5ba44e00f834c219111aa1999b22af75e862a5f3b6327aaed
rsyslog-mmaudit-debuginfo-8.37.0-13.el8_1.1.x86_64.rpm
SHA-256: 51d9ecf044be99e49a081886a2a29f63c6a85310f1477339bffcc69ea21facc4
rsyslog-mmjsonparse-8.37.0-13.el8_1.1.x86_64.rpm
SHA-256: 5ea97dd4fb116e6f8c639a510d2a8d7ab9563f3649453f680aaa3c19a6fe2d83
rsyslog-mmjsonparse-debuginfo-8.37.0-13.el8_1.1.x86_64.rpm
SHA-256: 94996b20f7a082775fa494e6926b0bce54ffdb94ce6f3fcd5afb852343302af3
rsyslog-mmkubernetes-8.37.0-13.el8_1.1.x86_64.rpm
SHA-256: 849c8defaf2c057014d2b7c17ce385ec5e209afb574a614a3ae7f349bbce29e3
rsyslog-mmkubernetes-debuginfo-8.37.0-13.el8_1.1.x86_64.rpm
SHA-256: dc62f147bb2e994ce05d0a30d73be6c4f16f50f097cd671bd3b5540ff559f8fa
rsyslog-mmnormalize-8.37.0-13.el8_1.1.x86_64.rpm
SHA-256: 900578bf9370f12ef53773caabe9cb647c53cd7f275531933beb4a5e46b8dfac
rsyslog-mmnormalize-debuginfo-8.37.0-13.el8_1.1.x86_64.rpm
SHA-256: ca523745329962efaabd02f62a9420de9319db1522a7c6c713c430f90eec47fc
rsyslog-mmsnmptrapd-8.37.0-13.el8_1.1.x86_64.rpm
SHA-256: 9711397036289d164e2d395c969f5dcce02fef57c066aa29edb42f97a85f910a
rsyslog-mmsnmptrapd-debuginfo-8.37.0-13.el8_1.1.x86_64.rpm
SHA-256: 111ce82f593170393ee585fad1ad49c97f27390141bedcfd48487cc08666280c
rsyslog-mysql-8.37.0-13.el8_1.1.x86_64.rpm
SHA-256: b5709b61a391269d6b1e10cd15d5cabbd277625373719c3b587b03007bb3b95f
rsyslog-mysql-debuginfo-8.37.0-13.el8_1.1.x86_64.rpm
SHA-256: 984cb75072e4efa35a5111137a9f850b0b37b5873eb73d0d4f9879b5a0ddcafc
rsyslog-pgsql-8.37.0-13.el8_1.1.x86_64.rpm
SHA-256: 044b87be3c9a8b91257c1a34b001a509dc5d1f1220abd04d0cbada5520f4a39b
rsyslog-pgsql-debuginfo-8.37.0-13.el8_1.1.x86_64.rpm
SHA-256: ab76c5a53d4bf3495d61a9dec22f796e3eeb9bbfadfb2370da8b160ad99d8350
rsyslog-relp-8.37.0-13.el8_1.1.x86_64.rpm
SHA-256: 1458138713a44dfc112407730b94c50e676c13cfc195ba2798284cc015cdee17
rsyslog-relp-debuginfo-8.37.0-13.el8_1.1.x86_64.rpm
SHA-256: 18d42c52e84dd64312be5b7749d44040978b6bb3e915138eae239089bfd2a8fa
rsyslog-snmp-8.37.0-13.el8_1.1.x86_64.rpm
SHA-256: afa892b4ee04de53322864d3c5c991c3223aa9f132b9db7d4ec3a2673cd710e7
rsyslog-snmp-debuginfo-8.37.0-13.el8_1.1.x86_64.rpm
SHA-256: fe87ddd31aedd7bcc46ce675263415325d559649203df6b075361506585d4010
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Gentoo Linux Security Advisory 202408-28 - A vulnerability has been discovered in rsyslog, which could possibly lead to remote code execution. Versions greater than or equal to 8.2206.0 are affected.
IBM Security Guardium 11.3 could allow an authenticated user to cause a denial of service due to improper input validation. IBM X-Force ID: 240903.
Updated images that include numerous enhancements, security, and bug fixes are now available in Red Hat Container Registry for Red Hat OpenShift Data Foundation 4.13.0 on Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-16250: A flaw was found in Vault and Vault Enterprise (“Vault”). In the affected versions of Vault, with the AWS Auth Method configured and under certain circumstances, the values relied upon by Vault to validate AWS IAM ident...
ISOS firmwares from versions 1.81 to 2.00 contain hardcoded credentials from embedded StreamX installer that integrators are not forced to change.
Red Hat Security Advisory 2022-5069-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.0. Issues addressed include code execution, cross site scripting, denial of service, information leakage, and traversal vulnerabilities.
Red Hat OpenShift Container Platform release 4.11.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-23566: nanoid: Information disclosure via valueOf() function * CVE-2021-23648: sanitize-url: XSS * CVE-2021-41190: opencontainers: OCI manifest and index parsing confusion * CVE-2021-44906:...
An update for redhat-release-virtualization-host and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2018-25032: zlib: A flaw found in zlib when compressing (not decompressing) certain inputs * CVE-2022-1271: gzip: arbitrary-file-write vulnerability * CVE-2022-1966: kernel: a use-after-free write in the netfilter subsystem can lead to privilege escalation to root * CVE-2...
Red Hat Security Advisory 2022-4896-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include heap overflow, out of bounds write, and use-after-free vulnerabilities.
An update for imgbased, redhat-release-virtualization-host, and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2018-25032: zlib: A flaw found in zlib when compressing (not decompressing) certain inputs * CVE-2021-4028: kernel: use-after-free in RDMA listen() * CVE-2021-4083: kernel: fget: check that the fd still exists after getting a ref to it * CVE-2022-0778: openssl:...
Red Hat Security Advisory 2022-4808-01 - The rsyslog packages provide an enhanced, multi-threaded syslog daemon. It supports MySQL, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine-grained control over output format. The rsyslog7 packages provide an enhanced, multi-threaded syslog daemon. It supports on-demand disk buffering, reliable syslog over TCP, SSL, TLS and RELP, writing to databases, email alerting, fully configurable output formats, the ability to filter on any part of the syslog message, on-the-wire message compression, and the ability to convert text files to syslog. Issues addressed include a heap overflow vulnerability.
Red Hat Security Advisory 2022-4795-01 - The rsyslog packages provide an enhanced, multi-threaded syslog daemon. It supports MySQL, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine-grained control over output format. Issues addressed include a heap overflow vulnerability.
Red Hat Security Advisory 2022-4803-01 - The rsyslog packages provide an enhanced, multi-threaded syslog daemon. It supports MySQL, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine-grained control over output format. Issues addressed include a heap overflow vulnerability.
Red Hat Security Advisory 2022-4801-01 - The rsyslog packages provide an enhanced, multi-threaded syslog daemon. It supports MySQL, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine-grained control over output format. Issues addressed include a heap overflow vulnerability.
An update for rsyslog is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24903: rsyslog: Heap-based overflow in TCP syslog server
An update for rsyslog is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24903: rsyslog: Heap-based overflow in TCP syslog server
An update for rsyslog is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24903: rsyslog: Heap-based overflow in TCP syslog server
An update for rsyslog is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24903: rsyslog: Heap-based overflow in TCP syslog server
An update for rsyslog is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24903: rsyslog: Heap-based overflow in TCP syslog server
Ubuntu Security Notice 5404-2 - USN-5404-1 addressed a vulnerability in Rsyslog. This update provides the corresponding update for Ubuntu 16.04 ESM. Pieter Agten discovered that Rsyslog incorrectly handled certain requests. An attacker could possibly use this issue to cause a crash.
Rsyslog is a rocket-fast system for log processing. Modules for TCP syslog reception have a potential heap buffer overflow when octet-counted framing is used. This can result in a segfault or some other malfunction. As of our understanding, this vulnerability can not be used for remote code execution. But there may still be a slight chance for experts to do that. The bug occurs when the octet count is read. While there is a check for the maximum number of octets, digits are written to a heap buffer even when the octet count is over the maximum, This can be used to overrun the memory buffer. However, once the sequence of digits stop, no additional characters can be added to the buffer. In our opinion, this makes remote exploits impossible or at least highly complex. Octet-counted framing is one of two potential framing modes. It is relatively uncommon, but enabled by default on receivers. Modules `imtcp`, `imptcp`, `imgssapi`, and `imhttp` are used for regular syslog message reception. ...
Integer overflow in the rsCStrExtendBuf function in runtime/stringbuf.c in the imfile module in rsyslog 4.x before 4.6.6, 5.x before 5.7.4, and 6.x before 6.1.4 allows local users to cause a denial of service (daemon hang) via a large file, which triggers a heap-based buffer overflow.