Overview

File _patchinfo of Package patchinfo.6132

<patchinfo incident="6132">
  <issue tracker="cve" id="2019-17041"/>
  <issue tracker="cve" id="2019-17042"/>
  <issue tracker="bnc" id="1153451">VUL-0: CVE-2019-17041: rsyslog: heap overflow in the parser for AIX log messages which tries to locate a log message delimiter  but fails</issue>
  <issue tracker="bnc" id="1153459">VUL-1: CVE-2019-17042: rsyslog: heap overflow in the parser for Cisco log messages which tries to locate a log message delimiter but fails to account for strings that do not satisfy this constraint</issue>
  <issue id="1015203" tracker="bnc">rsyslog exits with exit status 1 when imfile module readMode parameter set to non-zero value</issue>
  <issue id="1022804" tracker="bnc">syslog fails to stop during SLES12SP2 shutdown</issue>
  <packager>tsaupe</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for rsyslog</summary>
  <description>This update for rsyslog fixes the following issues:

Security issues fixed:

- CVE-2019-17041: Fixed a heap overflow in the parser for AIX log messages (bsc#1153451).
- CVE-2019-17042: Fixed a heap overflow in the parser for Cisco log messages (bsc#1153459).

Non-security issues fixed:

- Handle multiline messages correctly when using the imfile module. (bsc#1015203)
- Fix a race condition in the shutdown sequence in wtp that was causing rsyslog not to
  shutdown properly. (bsc#1022804)
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places