Mandriva Update For Rsyslog MDVSA-2011:134 (rsyslog) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

A vulnerability was discovered and corrected in rsyslog: Stack-based buffer overflow in the parseLegacySyslogMsg function in tools/syslogd.c in rsyslogd in rsyslog 4.6.x before 4.6.8 and 5.2.0 through 5.8.4 might allow remote attackers to cause a denial of service (application exit) via a long TAG in a legacy syslog message (CVE-2011-3200). The updated packages have been patched to correct this issue.

Affected

rsyslog on Mandriva Linux 2010.1, Mandriva Linux 2010.1/X86_64

Severity

Classification

CVE CVE-2011-3200

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:102 (apache)
Mandrake Security Advisory MDVSA-2009:107 (acpid)
Mandrake Security Advisory MDVSA-2009:048-1 (epiphany)
Mandrake Security Advisory MDVSA-2009:207 (perl-Compress-Raw-Bzip2)
Mandrake Security Advisory MDVSA-2009:002 (bind)

Mandriva Update for rsyslog MDVSA-2011:134 (rsyslog)

Take action and discover your vulnerabilities