Overview

File _patchinfo of Package patchinfo.12861

<patchinfo incident="12861">
  <issue tracker="cve" id="2019-17042"/>
  <issue tracker="cve" id="2019-17041"/>
  <issue tracker="bnc" id="1141063"> If there is a burst of log messages during a time when rsyslog is unable to output, rsyslog can SEGFAULT due to a mutex double-unlock.</issue>
  <issue tracker="bnc" id="1153459">VUL-1: CVE-2019-17042: rsyslog: heap overflow in the parser for Cisco log messages which tries to locate a log message delimiter but fails to account for strings that do not satisfy this constraint</issue>
  <issue tracker="bnc" id="1153451">VUL-0: CVE-2019-17041: rsyslog: heap overflow in the parser for AIX log messages which tries to locate a log message delimiter  but fails</issue>
  <packager>tsaupe</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for rsyslog</summary>
  <description>This update for rsyslog fixes the following issues:

Security issues fixed:     

- CVE-2019-17041: Fixed a heap overflow in the parser for AIX log messages (bsc#1153451).
- CVE-2019-17042: Fixed a heap overflow in the parser for Cisco log messages (bsc#1153459).

Other issue addressed: 

- Fixed an issue where rsyslog was SEGFAULT due to a mutex double-unlock (bsc#1141063). 
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places