File _patchinfo of Package patchinfo.5379
<patchinfo incident="5379">
<issue tracker="cve" id="2019-17041"/>
<issue tracker="cve" id="2019-17042"/>
<issue tracker="bnc" id="1153451">VUL-0: CVE-2019-17041: rsyslog: heap overflow in the parser for AIX log messages which tries to locate a log message delimiter but fails</issue>
<issue tracker="bnc" id="1022804">syslog fails to stop during SLES12SP2 shutdown</issue>
<issue tracker="bnc" id="1153459">VUL-1: CVE-2019-17042: rsyslog: heap overflow in the parser for Cisco log messages which tries to locate a log message delimiter but fails to account for strings that do not satisfy this constraint</issue>
<issue tracker="bnc" id="1015203">rsyslog exits with exit status 1 when imfile module readMode parameter set to non-zero value</issue>
<issue tracker="bnc" id="1087920">rsyslogd SIGABORT crash</issue>
<issue tracker="bnc" id="1084682">Backport upstream rsyslog to ensure output files are regularly flushed</issue>
<packager>tsaupe</packager>
<rating>moderate</rating>
<category>security</category>
<summary>Security update for rsyslog</summary>
<description>This update for rsyslog fixes the following issues:
Security issues fixed:
- CVE-2019-17041: Fixed a heap overflow in the parser for AIX log messages (bsc#1153451).
- CVE-2019-17042: Fixed a heap overflow in the parser for Cisco log messages (bsc#1153459).
Non-security issues fixed:
- Handle multiline messages correctly when using the imfile module. (bsc#1015203)
- Fix a race condition in the shutdown sequence in wtp that was causing rsyslog not to
shutdown properly. (bsc#1022804)
- Fixed a rsyslogd SIGABORT crash if a path does not exists (bsc#1087920).
- Fixed an issue where configuration templates where not consistently flushed (bsc#1084682).
</description>
</patchinfo>