Articles / Ubuntu: New rsyslog package…

Ubuntu: New rsyslog packages fix security vulnerability

Peter Eisentraut discovered that Rsyslog would not properly perform input validation when configured to use imfile. If an attacker were able to craft messages in a file that Rsyslog monitored, an attacker could cause a denial of service. Updated packages are available from security.ubuntu.com.

==========================================================================
Ubuntu Security Notice USN-1338-1
January 23, 2012

rsyslog vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 11.04

Summary:

Rsyslog could be made to crash if it processed a specially crafted log
message.

Software Description:
- rsyslog: Enhanced syslogd

Details:

Peter Eisentraut discovered that Rsyslog would not properly perform input
validation when configured to use imfile. If an attacker were able to
craft messages in a file that Rsyslog monitored, an attacker could cause a
denial of service. The imfile module is disabled by default in Ubuntu.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 11.04:
 rsyslog                         4.6.4-2ubuntu4.2

In general, a standard system update will make all the necessary changes.

References:
 http://www.ubuntu.com/usn/usn-1338-1
 CVE-2011-4623

Package Information:
 https://launchpad.net/ubuntu/+source/rsyslog/4.6.4-2ubuntu4.2
Screenshot

Project Spotlight

Kigo Video Converter Ultimate for Mac

A tool for converting and editing videos.

Screenshot

Project Spotlight

Kid3

An efficient tagger for MP3, Ogg/Vorbis, and FLAC files.