openSUSE Security Update : rsyslog (openSUSE-SU-2014:1298-1)

high Nessus Plugin ID 78497

Synopsis

The remote openSUSE host is missing a security update.

Description

- Fixed remote PRI DoS vulnerability patch (CVE-2014-3683,bnc#899756) [* rsyslog-7.2.7-remote-PRI-DoS-fix-backport_CVE-2014-3634.
patch]

- Removed broken, unsupported and dropped by upstream zpipe utility from rsyslog-diag-tools package (bnc#890228)

- Remote syslog PRI DoS vulnerability fix (CVE-2014-3634,bnc#897262) [+ rsyslog-7.2.7-remote-PRI-DoS-fix-backport_CVE-2014-3634.
patch]

Solution

Update the affected rsyslog packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=890228

https://bugzilla.opensuse.org/show_bug.cgi?id=897262

https://bugzilla.opensuse.org/show_bug.cgi?id=899756

https://lists.opensuse.org/opensuse-updates/2014-10/msg00021.html

Plugin Details

Severity: High

ID: 78497

File Name: openSUSE-2014-591.nasl

Version: 1.5

Type: local

Agent: unix

Published: 10/16/2014

Updated: 1/19/2021

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:rsyslog-module-pgsql-debuginfo, p-cpe:/a:novell:opensuse:rsyslog-module-relp, p-cpe:/a:novell:opensuse:rsyslog-module-gtls, p-cpe:/a:novell:opensuse:rsyslog-module-udpspoof-debuginfo, p-cpe:/a:novell:opensuse:rsyslog, p-cpe:/a:novell:opensuse:rsyslog-diag-tools, p-cpe:/a:novell:opensuse:rsyslog-module-mmnormalize-debuginfo, p-cpe:/a:novell:opensuse:rsyslog-module-mysql-debuginfo, p-cpe:/a:novell:opensuse:rsyslog-module-mmnormalize, p-cpe:/a:novell:opensuse:rsyslog-module-gssapi, p-cpe:/a:novell:opensuse:rsyslog-module-relp-debuginfo, p-cpe:/a:novell:opensuse:rsyslog-module-udpspoof, p-cpe:/a:novell:opensuse:rsyslog-module-gtls-debuginfo, p-cpe:/a:novell:opensuse:rsyslog-module-gssapi-debuginfo, p-cpe:/a:novell:opensuse:rsyslog-module-dbi, p-cpe:/a:novell:opensuse:rsyslog-module-snmp-debuginfo, p-cpe:/a:novell:opensuse:rsyslog-debugsource, p-cpe:/a:novell:opensuse:rsyslog-module-elasticsearch, p-cpe:/a:novell:opensuse:rsyslog-debuginfo, p-cpe:/a:novell:opensuse:rsyslog-module-mysql, p-cpe:/a:novell:opensuse:rsyslog-module-snmp, p-cpe:/a:novell:opensuse:rsyslog-diag-tools-debuginfo, p-cpe:/a:novell:opensuse:rsyslog-module-elasticsearch-debuginfo, cpe:/o:novell:opensuse:12.3, p-cpe:/a:novell:opensuse:rsyslog-module-pgsql, p-cpe:/a:novell:opensuse:rsyslog-module-dbi-debuginfo

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 10/6/2014

Reference Information

CVE: CVE-2014-3634, CVE-2014-3683