Security update for rsyslog
This update for rsyslog fixes the following issues:
Security issues fixed:
- CVE-2019-17041: Fixed a heap overflow in the parser for AIX log messages (bsc#1153451).
- CVE-2019-17042: Fixed a heap overflow in the parser for Cisco log messages (bsc#1153459).
Other issue addressed:
- Fixed an issue where rsyslog was SEGFAULT due to a mutex double-unlock (bsc#1141063).
This update was imported from the SUSE:SLE-15:Update update project.
-
Submitted by
Thomas Blume (tsaupe)
Fixed bugs
bnc#1141063
If there is a burst of log messages during a time when rsyslog is unable to output, rsyslog can SEGFAULT due to a mutex double-unlock.
bnc#1153459
VUL-1: CVE-2019-17042: rsyslog: heap overflow in the parser for Cisco log messages which tries to locate a log message delimiter but fails to account for strings that do not satisfy this constraint
bnc#1153451
VUL-0: CVE-2019-17041: rsyslog: heap overflow in the parser for AIX log messages which tries to locate a log message delimiter but fails
