rsyslog-8.23.0-2.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10498 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z rsyslog-8.23.0-2.1 on GA media These are all security issues fixed in the rsyslog-8.23.0-2.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10498 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:10498 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2011-3200/ SUSE CVE CVE-2011-3200 page https://www.suse.com/security/cve/CVE-2013-4758/ SUSE CVE CVE-2013-4758 page https://www.suse.com/security/cve/CVE-2013-6370/ SUSE CVE CVE-2013-6370 page https://www.suse.com/security/cve/CVE-2013-6371/ SUSE CVE CVE-2013-6371 page https://www.suse.com/security/cve/CVE-2014-3634/ SUSE CVE CVE-2014-3634 page https://www.suse.com/security/cve/CVE-2014-3683/ SUSE CVE CVE-2014-3683 page openSUSE Tumbleweed rsyslog-8.23.0-2.1 rsyslog-diag-tools-8.23.0-2.1 rsyslog-doc-8.23.0-2.1 rsyslog-module-dbi-8.23.0-2.1 rsyslog-module-elasticsearch-8.23.0-2.1 rsyslog-module-gcrypt-8.23.0-2.1 rsyslog-module-gssapi-8.23.0-2.1 rsyslog-module-gtls-8.23.0-2.1 rsyslog-module-guardtime-8.23.0-2.1 rsyslog-module-mmnormalize-8.23.0-2.1 rsyslog-module-mysql-8.23.0-2.1 rsyslog-module-omamqp1-8.23.0-2.1 rsyslog-module-omhttpfs-8.23.0-2.1 rsyslog-module-omtcl-8.23.0-2.1 rsyslog-module-pgsql-8.23.0-2.1 rsyslog-module-relp-8.23.0-2.1 rsyslog-module-snmp-8.23.0-2.1 rsyslog-module-udpspoof-8.23.0-2.1 rsyslog-8.23.0-2.1 as a component of openSUSE Tumbleweed rsyslog-diag-tools-8.23.0-2.1 as a component of openSUSE Tumbleweed rsyslog-doc-8.23.0-2.1 as a component of openSUSE Tumbleweed rsyslog-module-dbi-8.23.0-2.1 as a component of openSUSE Tumbleweed rsyslog-module-elasticsearch-8.23.0-2.1 as a component of openSUSE Tumbleweed rsyslog-module-gcrypt-8.23.0-2.1 as a component of openSUSE Tumbleweed rsyslog-module-gssapi-8.23.0-2.1 as a component of openSUSE Tumbleweed rsyslog-module-gtls-8.23.0-2.1 as a component of openSUSE Tumbleweed rsyslog-module-guardtime-8.23.0-2.1 as a component of openSUSE Tumbleweed rsyslog-module-mmnormalize-8.23.0-2.1 as a component of openSUSE Tumbleweed rsyslog-module-mysql-8.23.0-2.1 as a component of openSUSE Tumbleweed rsyslog-module-omamqp1-8.23.0-2.1 as a component of openSUSE Tumbleweed rsyslog-module-omhttpfs-8.23.0-2.1 as a component of openSUSE Tumbleweed rsyslog-module-omtcl-8.23.0-2.1 as a component of openSUSE Tumbleweed rsyslog-module-pgsql-8.23.0-2.1 as a component of openSUSE Tumbleweed rsyslog-module-relp-8.23.0-2.1 as a component of openSUSE Tumbleweed rsyslog-module-snmp-8.23.0-2.1 as a component of openSUSE Tumbleweed rsyslog-module-udpspoof-8.23.0-2.1 as a component of openSUSE Tumbleweed Stack-based buffer overflow in the parseLegacySyslogMsg function in tools/syslogd.c in rsyslogd in rsyslog 4.6.x before 4.6.8 and 5.2.0 through 5.8.4 might allow remote attackers to cause a denial of service (application exit) via a long TAG in a legacy syslog message. CVE-2011-3200 openSUSE Tumbleweed:rsyslog-8.23.0-2.1 openSUSE Tumbleweed:rsyslog-diag-tools-8.23.0-2.1 openSUSE Tumbleweed:rsyslog-doc-8.23.0-2.1 openSUSE Tumbleweed:rsyslog-module-dbi-8.23.0-2.1 openSUSE Tumbleweed:rsyslog-module-elasticsearch-8.23.0-2.1 openSUSE Tumbleweed:rsyslog-module-gcrypt-8.23.0-2.1 openSUSE Tumbleweed:rsyslog-module-gssapi-8.23.0-2.1 openSUSE Tumbleweed:rsyslog-module-gtls-8.23.0-2.1 openSUSE Tumbleweed:rsyslog-module-guardtime-8.23.0-2.1 openSUSE Tumbleweed:rsyslog-module-mmnormalize-8.23.0-2.1 openSUSE Tumbleweed:rsyslog-module-mysql-8.23.0-2.1 openSUSE Tumbleweed:rsyslog-module-omamqp1-8.23.0-2.1 openSUSE Tumbleweed:rsyslog-module-omhttpfs-8.23.0-2.1 openSUSE Tumbleweed:rsyslog-module-omtcl-8.23.0-2.1 openSUSE Tumbleweed:rsyslog-module-pgsql-8.23.0-2.1 openSUSE Tumbleweed:rsyslog-module-relp-8.23.0-2.1 openSUSE Tumbleweed:rsyslog-module-snmp-8.23.0-2.1 openSUSE Tumbleweed:rsyslog-module-udpspoof-8.23.0-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-3200.html CVE-2011-3200 https://bugzilla.suse.com/714658 SUSE Bug 714658 Double free vulnerability in the writeDataError function in the ElasticSearch plugin (omelasticsearch) in rsyslog before 7.4.2 and before 7.5.2 devel, when errorfile is set to local logging, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted JSON response. CVE-2013-4758 openSUSE Tumbleweed:rsyslog-8.23.0-2.1 openSUSE Tumbleweed:rsyslog-diag-tools-8.23.0-2.1 openSUSE Tumbleweed:rsyslog-doc-8.23.0-2.1 openSUSE Tumbleweed:rsyslog-module-dbi-8.23.0-2.1 openSUSE Tumbleweed:rsyslog-module-elasticsearch-8.23.0-2.1 openSUSE Tumbleweed:rsyslog-module-gcrypt-8.23.0-2.1 openSUSE Tumbleweed:rsyslog-module-gssapi-8.23.0-2.1 openSUSE Tumbleweed:rsyslog-module-gtls-8.23.0-2.1 openSUSE Tumbleweed:rsyslog-module-guardtime-8.23.0-2.1 openSUSE Tumbleweed:rsyslog-module-mmnormalize-8.23.0-2.1 openSUSE Tumbleweed:rsyslog-module-mysql-8.23.0-2.1 openSUSE Tumbleweed:rsyslog-module-omamqp1-8.23.0-2.1 openSUSE Tumbleweed:rsyslog-module-omhttpfs-8.23.0-2.1 openSUSE Tumbleweed:rsyslog-module-omtcl-8.23.0-2.1 openSUSE Tumbleweed:rsyslog-module-pgsql-8.23.0-2.1 openSUSE Tumbleweed:rsyslog-module-relp-8.23.0-2.1 openSUSE Tumbleweed:rsyslog-module-snmp-8.23.0-2.1 openSUSE Tumbleweed:rsyslog-module-udpspoof-8.23.0-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-4758.html CVE-2013-4758 https://bugzilla.suse.com/828140 SUSE Bug 828140 Buffer overflow in the printbuf APIs in json-c before 0.12 allows remote attackers to cause a denial of service via unspecified vectors. CVE-2013-6370 openSUSE Tumbleweed:rsyslog-8.23.0-2.1 openSUSE Tumbleweed:rsyslog-diag-tools-8.23.0-2.1 openSUSE Tumbleweed:rsyslog-doc-8.23.0-2.1 openSUSE Tumbleweed:rsyslog-module-dbi-8.23.0-2.1 openSUSE Tumbleweed:rsyslog-module-elasticsearch-8.23.0-2.1 openSUSE Tumbleweed:rsyslog-module-gcrypt-8.23.0-2.1 openSUSE Tumbleweed:rsyslog-module-gssapi-8.23.0-2.1 openSUSE Tumbleweed:rsyslog-module-gtls-8.23.0-2.1 openSUSE Tumbleweed:rsyslog-module-guardtime-8.23.0-2.1 openSUSE Tumbleweed:rsyslog-module-mmnormalize-8.23.0-2.1 openSUSE Tumbleweed:rsyslog-module-mysql-8.23.0-2.1 openSUSE Tumbleweed:rsyslog-module-omamqp1-8.23.0-2.1 openSUSE Tumbleweed:rsyslog-module-omhttpfs-8.23.0-2.1 openSUSE Tumbleweed:rsyslog-module-omtcl-8.23.0-2.1 openSUSE Tumbleweed:rsyslog-module-pgsql-8.23.0-2.1 openSUSE Tumbleweed:rsyslog-module-relp-8.23.0-2.1 openSUSE Tumbleweed:rsyslog-module-snmp-8.23.0-2.1 openSUSE Tumbleweed:rsyslog-module-udpspoof-8.23.0-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-6370.html CVE-2013-6370 https://bugzilla.suse.com/870147 SUSE Bug 870147 The hash functionality in json-c before 0.12 allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted JSON data, involving collisions. CVE-2013-6371 openSUSE Tumbleweed:rsyslog-8.23.0-2.1 openSUSE Tumbleweed:rsyslog-diag-tools-8.23.0-2.1 openSUSE Tumbleweed:rsyslog-doc-8.23.0-2.1 openSUSE Tumbleweed:rsyslog-module-dbi-8.23.0-2.1 openSUSE Tumbleweed:rsyslog-module-elasticsearch-8.23.0-2.1 openSUSE Tumbleweed:rsyslog-module-gcrypt-8.23.0-2.1 openSUSE Tumbleweed:rsyslog-module-gssapi-8.23.0-2.1 openSUSE Tumbleweed:rsyslog-module-gtls-8.23.0-2.1 openSUSE Tumbleweed:rsyslog-module-guardtime-8.23.0-2.1 openSUSE Tumbleweed:rsyslog-module-mmnormalize-8.23.0-2.1 openSUSE Tumbleweed:rsyslog-module-mysql-8.23.0-2.1 openSUSE Tumbleweed:rsyslog-module-omamqp1-8.23.0-2.1 openSUSE Tumbleweed:rsyslog-module-omhttpfs-8.23.0-2.1 openSUSE Tumbleweed:rsyslog-module-omtcl-8.23.0-2.1 openSUSE Tumbleweed:rsyslog-module-pgsql-8.23.0-2.1 openSUSE Tumbleweed:rsyslog-module-relp-8.23.0-2.1 openSUSE Tumbleweed:rsyslog-module-snmp-8.23.0-2.1 openSUSE Tumbleweed:rsyslog-module-udpspoof-8.23.0-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-6371.html CVE-2013-6371 https://bugzilla.suse.com/870147 SUSE Bug 870147 rsyslog before 7.6.6 and 8.x before 8.4.1 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service (crash), possibly execute arbitrary code, or have other unspecified impact via a crafted priority (PRI) value that triggers an out-of-bounds array access. CVE-2014-3634 openSUSE Tumbleweed:rsyslog-8.23.0-2.1 openSUSE Tumbleweed:rsyslog-diag-tools-8.23.0-2.1 openSUSE Tumbleweed:rsyslog-doc-8.23.0-2.1 openSUSE Tumbleweed:rsyslog-module-dbi-8.23.0-2.1 openSUSE Tumbleweed:rsyslog-module-elasticsearch-8.23.0-2.1 openSUSE Tumbleweed:rsyslog-module-gcrypt-8.23.0-2.1 openSUSE Tumbleweed:rsyslog-module-gssapi-8.23.0-2.1 openSUSE Tumbleweed:rsyslog-module-gtls-8.23.0-2.1 openSUSE Tumbleweed:rsyslog-module-guardtime-8.23.0-2.1 openSUSE Tumbleweed:rsyslog-module-mmnormalize-8.23.0-2.1 openSUSE Tumbleweed:rsyslog-module-mysql-8.23.0-2.1 openSUSE Tumbleweed:rsyslog-module-omamqp1-8.23.0-2.1 openSUSE Tumbleweed:rsyslog-module-omhttpfs-8.23.0-2.1 openSUSE Tumbleweed:rsyslog-module-omtcl-8.23.0-2.1 openSUSE Tumbleweed:rsyslog-module-pgsql-8.23.0-2.1 openSUSE Tumbleweed:rsyslog-module-relp-8.23.0-2.1 openSUSE Tumbleweed:rsyslog-module-snmp-8.23.0-2.1 openSUSE Tumbleweed:rsyslog-module-udpspoof-8.23.0-2.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-3634.html CVE-2014-3634 https://bugzilla.suse.com/897262 SUSE Bug 897262 https://bugzilla.suse.com/899756 SUSE Bug 899756 Integer overflow in rsyslog before 7.6.7 and 8.x before 8.4.2 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service (crash) via a large priority (PRI) value. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3634. CVE-2014-3683 openSUSE Tumbleweed:rsyslog-8.23.0-2.1 openSUSE Tumbleweed:rsyslog-diag-tools-8.23.0-2.1 openSUSE Tumbleweed:rsyslog-doc-8.23.0-2.1 openSUSE Tumbleweed:rsyslog-module-dbi-8.23.0-2.1 openSUSE Tumbleweed:rsyslog-module-elasticsearch-8.23.0-2.1 openSUSE Tumbleweed:rsyslog-module-gcrypt-8.23.0-2.1 openSUSE Tumbleweed:rsyslog-module-gssapi-8.23.0-2.1 openSUSE Tumbleweed:rsyslog-module-gtls-8.23.0-2.1 openSUSE Tumbleweed:rsyslog-module-guardtime-8.23.0-2.1 openSUSE Tumbleweed:rsyslog-module-mmnormalize-8.23.0-2.1 openSUSE Tumbleweed:rsyslog-module-mysql-8.23.0-2.1 openSUSE Tumbleweed:rsyslog-module-omamqp1-8.23.0-2.1 openSUSE Tumbleweed:rsyslog-module-omhttpfs-8.23.0-2.1 openSUSE Tumbleweed:rsyslog-module-omtcl-8.23.0-2.1 openSUSE Tumbleweed:rsyslog-module-pgsql-8.23.0-2.1 openSUSE Tumbleweed:rsyslog-module-relp-8.23.0-2.1 openSUSE Tumbleweed:rsyslog-module-snmp-8.23.0-2.1 openSUSE Tumbleweed:rsyslog-module-udpspoof-8.23.0-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-3683.html CVE-2014-3683 https://bugzilla.suse.com/897262 SUSE Bug 897262 https://bugzilla.suse.com/899756 SUSE Bug 899756