SUSE-SU-2020:0424-1
See a problem?- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2020:0424-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/SUSE-SU-2020:0424-1
- Related
- Published
- 2020-02-19T16:07:46Z
- Modified
- 2020-02-19T16:07:46Z
- Summary
- Security update for rsyslog
- Details
-
This update for rsyslog fixes the following issues:
Security issues fixed:
- CVE-2019-17041: Fixed a heap overflow in the parser for AIX log messages (bsc#1153451).
- CVE-2019-17042: Fixed a heap overflow in the parser for Cisco log messages (bsc#1153459).
Non-security issues fixed:
- Handle multiline messages correctly when using the imfile module. (bsc#1015203)
- Fix a race condition in the shutdown sequence in wtp that was causing rsyslog not to shutdown properly. (bsc#1022804)
- References
-
- https://www.suse.com/support/update/announcement/2020/suse-su-20200424-1/
- https://bugzilla.suse.com/1015203
- https://bugzilla.suse.com/1022804
- https://bugzilla.suse.com/1153451
- https://bugzilla.suse.com/1153459
- https://www.suse.com/security/cve/CVE-2019-17041
- https://www.suse.com/security/cve/CVE-2019-17042
Affected packages
SUSE:Linux Enterprise Server for SAP Applications 12 SP1 / rsyslog
Package
- Name
- rsyslog
- Purl
- purl:rpm/suse/rsyslog&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed8.4.0-13.8.1
Ecosystem specific
{
"binaries": [
{
"rsyslog-module-gssapi": "8.4.0-13.8.1",
"rsyslog": "8.4.0-13.8.1",
"rsyslog-diag-tools": "8.4.0-13.8.1",
"rsyslog-module-gtls": "8.4.0-13.8.1",
"rsyslog-module-snmp": "8.4.0-13.8.1",
"rsyslog-module-mysql": "8.4.0-13.8.1",
"rsyslog-doc": "8.4.0-13.8.1",
"rsyslog-module-udpspoof": "8.4.0-13.8.1",
"rsyslog-module-pgsql": "8.4.0-13.8.1",
"rsyslog-module-relp": "8.4.0-13.8.1"
}
]
}
SUSE:Linux Enterprise Server 12 SP1-LTSS / rsyslog
Package
- Name
- rsyslog
- Purl
- purl:rpm/suse/rsyslog&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSS
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed8.4.0-13.8.1
Ecosystem specific
{
"binaries": [
{
"rsyslog-module-gssapi": "8.4.0-13.8.1",
"rsyslog": "8.4.0-13.8.1",
"rsyslog-diag-tools": "8.4.0-13.8.1",
"rsyslog-module-gtls": "8.4.0-13.8.1",
"rsyslog-module-snmp": "8.4.0-13.8.1",
"rsyslog-module-mysql": "8.4.0-13.8.1",
"rsyslog-doc": "8.4.0-13.8.1",
"rsyslog-module-udpspoof": "8.4.0-13.8.1",
"rsyslog-module-pgsql": "8.4.0-13.8.1",
"rsyslog-module-relp": "8.4.0-13.8.1"
}
]
}