Thursday, May 12, 2022

[USN-5419-1] Rsyslog vulnerabilities

-----BEGIN PGP PUBLIC KEY BLOCK-----

xsDNBGFaURQBDADEy91TinXYUHMtIiD17R9GWDIHaLx1X7AJVMkDJTqEbpHHvzt+
Xc7woGRyT3WwD3GO7zgZAXY5uyjpyD3JIdHhEem5Qo0HObcXGWmJrkT7tZuxyswn
6D/DxWFXT02FuA0OtUeTw5s/bhrjZksDy1fo/fCatyXYHb6xiRNRkCDMUNr4Ft+G
rNxbFuZ23bl/ilk2j39r/VHOzgLY4HaVseuvZNcglMdb6Uv7+eujskrJiJ/qytIN
Iv6w5ErG0EzYTYFAUQJPHsINTfw+F/8h2mR1DWTbr2YSyEF3IaEkD+VwyeLNq+nQ
8D9QXltIwurykshNlgbRxHeqK03F2IbWe0SpgTmgJg2McfM4Q08t4WQL3vFsYgVx
NjUwjQ7My7aq3lwx75HNFHwFCIrHrlpagXl95ofYV+PAOUHfyt09PwR/QWe/jx/J
jbl+HzRUELtIZQddo3+nJzcQwjSIHvRIS9/PyP2T8+ca+jpQw5N1NPdXVi+95vuu
UqTlv4z53hRzgPMAEQEAAc0tSWFuIENvbnN0YW50aW4gPGlhbi5jb25zdGFudGlu
QGNhbm9uaWNhbC5jb20+wsEUBBMBCgA+FiEEcxdv4gCCE8W9nrt5a1+PL+d1/EgF
AmFoOakCGwMFCQPCZwAFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQa1+PL+d1
/Eh6kQv/QEirzB3/yYGAOebonEueqtiI85bOfbPakjWE3kEUIpK62bpE1JjS6tld
qc9ms+S/WrGNmHHofn+Ielz7NSl1fhXjjT+2EFzy8k10H9NZKa3MOJvxpkPB12u+
4F/be9e1NWK4O3jCzX/BrrLh4gqCX8QTYqe+1rRIxWe2wWRRx8v5afdpmsn/BSgF
fVSJkrbXzJSdiBaLEDcVDJUC9r2u9RLIz8oSlOWw9Cl8Zvo67ZB0pFRjyJfRYNPO
FBaez6vCA/wSmtTUI4RK+ulsNY7SitNDsRe4FgebBvVNIOg7b3G5sYMwpbm0gqTu
1lLKJFJrPf8AwPuNV4b1n9or0+j/7YeSiB3L4JCTFu5Assu5WIAWduQ3eUKGqWQT
f2R52O6hbLCVkYISWnq5kStYEF0BpRHZGAhPceA3GEw70rq+CNVeIQEBkGY7ICLO
vgmwrxr+J7VXVamQoT07yqkhH2kNw+1pngArk5tU4Jamw61nFKS8a6nL/UJrx7Cq
YJ0bopQhzsDNBGFaURQBDACrKH35R6CbP9L3yg85xGZmsh2ZwpBCZo7YZLL6YzBk
rFcyaNv5TJsvd3pDF4JvgrNEt5oL45dpiqkrzPjSxfk7MV5ZLQbnBeMFeyNY9hi5
HhLGciTZ2gv8KgTk3uX3vwrwn+HQs993zxSFJZIppbEPGpXkA8GXg7ZLWAKrO2MB
lTLnBydQ+c9MetN3VtWXY60qlWKtpp5o821Rh75mqZRZbxSDU4QTCXdl26EY8/Yo
9Hn2u9nFDvB94EZQ62lHu8uah32y90lDdCqbrJx8F70ZJmhqRyLTtMEJfol349Zs
zwOkK/jyDrOBsgY8I410DTj0jhqBRS+nF8t8+UkYzpzT8D+sIWgiD3fwvb6Z5X4W
70zn/clnOInGxay6cwf6RA2Bvl7I7m43SoLCL8wsmB1/FLiW+ByL6A4FzHcMw+Nb
2hxbHJCc5fdJblFdkuAV47CUCs9iH8QLcFK9bDJi45V86EYzJzFkQsAHWpq0KqSH
AOUVk33VTVOk7kVoyTlF5n8AEQEAAcLA/AQYAQoAJhYhBHMXb+IAghPFvZ67eWtf
jy/ndfxIBQJhWlEUAhsMBQkDwmcAAAoJEGtfjy/ndfxIePEMAMIyupD/2A+HHB1W
KpgDq3w0pmJCfzxtGAB6V6CvZ/Ppy5v6FTY99fIV36rRD3gbdD75qEKaEHZI2phx
ESmZ3zYbMQDKKBj94UTrpufpDTn3QKIqBNz5ZawrZs9XVs8ilpIj5Weearle52Us
6KUxL7dDXe3ZU48788o4gnQ1fb6UKLCTCAf2o+eOlX+v9PD5dZKN2epfa7UF/+ZL
SGrxqj5VpXoembsO34DhjMpVTj7io1PIIv2lBJs73+lPFnudGNWuFp5EFddc7Ns9
Fjlr41CPwKF7HrHiML1+Fg8fc52UXoXbfC7ov1NAY19rJtmfyIsThRHpLfdJCoGU
j+rQi/h/Pra9+R+SOebgpcb3IUUOzL/qQk4LYd6t4HZmMuNALI8nryrS/BPopLRB
2ll2rztAUVvIkBi27+tDVhodsxwn+Qd6krMTsDt/9joHtTYE/sU6JRX2LKIB9Xxw
c3BVMz+rWGZ4nShuCigqLjVEkckop9peeUR2Z+vdPh2TFOgHCA==
=CoJZ
-----END PGP PUBLIC KEY BLOCK-----
==========================================================================
Ubuntu Security Notice USN-5419-1
May 12, 2022

rsyslog vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 ESM

Summary:

Rsyslog could be made to crash if it received specially crafted input.

Software Description:
- rsyslog: Enhanced syslogd

Details:

It was discovered that Rsyslog improperly handled certain invalid input.
An attacker could use this issue to cause Rsyslog to crash.


Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 ESM:
rsyslog 8.16.0-1ubuntu3.1+esm1

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-5419-1
CVE-2018-16881, CVE-2019-17041, CVE-2019-17042

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)