Mandriva Update For Rsyslog MDVSA-2012:100 (rsyslog) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

A vulnerability has been discovered and corrected in rsyslog: An integer signedness error, leading to heap based buffer overflow was found in the way the imfile module of rsyslog, an enhanced system logging and kernel message trapping daemon, processed text files larger than 64 KB. When the imfile rsyslog module was enabled, a local attacker could use this flaw to cause denial of service (rsyslogd daemon hang) via specially-crafted message, to be logged (CVE-2011-4623). The updated packages have been patched to correct this issue.

Affected

rsyslog on Mandriva Linux 2010.1

Severity

Classification

CVE CVE-2011-4623
CVSS Base Score: 2.1
AV:L/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Mandriva Update for evolution MDVA-2010:047 (evolution)
Mandriva Update for mysql MDVSA-2010:101 (mysql)
Mandriva Update for openldap MDVSA-2012:130 (openldap)
Mandriva Update for cdrecord MDKA-2007:093 (cdrecord)
Mandriva Update for mandriva-doc MDKA-2007:014 (mandriva-doc)

Mandriva Update for rsyslog MDVSA-2012:100 (rsyslog)

Take action and discover your vulnerabilities