Mandriva Update For Rsyslog MDVSA-2011:134 (rsyslog) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

A vulnerability was discovered and corrected in rsyslog: Stack-based buffer overflow in the parseLegacySyslogMsg function in tools/syslogd.c in rsyslogd in rsyslog 4.6.x before 4.6.8 and 5.2.0 through 5.8.4 might allow remote attackers to cause a denial of service (application exit) via a long TAG in a legacy syslog message (CVE-2011-3200). The updated packages have been patched to correct this issue.

Affected

rsyslog on Mandriva Linux 2010.1, Mandriva Linux 2010.1/X86_64

Severity

Classification

CVE CVE-2011-3200
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:133 (irssi)
Mandrake Security Advisory MDVSA-2009:130 (gstreamer0.10-plugins-good)
Mandrake Security Advisory MDVSA-2009:074 (libneon0.27)
Mandrake Security Advisory MDVSA-2009:122 (squirrelmail)
Mandrake Security Advisory MDVSA-2009:011 (virtualbox)

Mandriva Update for rsyslog MDVSA-2011:134 (rsyslog)

Take action and discover your vulnerabilities