Vulnerability CVE-2014-3683: Information
Description
Integer overflow in rsyslog before 7.6.7 and 8.x before 8.4.2 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service (crash) via a large priority (PRI) value. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3634.
Severity: MEDIUM (5.0)
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
rsyslog | sisyphus | 8.4.2-alt1 | 8.2404.0-alt1 | ALT-PU-2014-2253-1 | 131840 | Fixed |
rsyslog | p10 | 8.4.2-alt1 | 8.2304.0-alt1 | ALT-PU-2014-2253-1 | 131840 | Fixed |
rsyslog | p9 | 8.4.2-alt1 | 8.1901.0-alt1 | ALT-PU-2014-2253-1 | 131840 | Fixed |
rsyslog | c10f1 | 8.4.2-alt1 | 8.2304.0-alt1 | ALT-PU-2014-2253-1 | 131840 | Fixed |
rsyslog | c9f2 | 8.4.2-alt1 | 8.2204.1-alt1 | ALT-PU-2014-2253-1 | 131840 | Fixed |