Amazon Linux 2022 Security Advisory: ALAS-2022-075
Advisory Release Date: 2022-05-18 00:33 Pacific
Advisory Updated Date: 2022-05-19 18:24 Pacific
Severity:
Important
Issue Overview:
A flaw was found in the way rsyslog handled invalid log message priority values. In certain configurations, a local attacker, or a remote attacker able to connect to the rsyslog port, could use this flaw to crash the rsyslog daemon or, potentially in rsyslog 7.x, execute arbitrary code as the user running the rsyslog daemon. (CVE-2014-3634)
A flaw was found in rsyslog's reception TCP modules. This flaw allows an attacker to craft a malicious message leading to a heap-based buffer overflow. This issue allows the attacker to corrupt or access data stored in memory, leading to a denial of service in the rsyslog or possible remote code execution. (CVE-2022-24903)
Affected Packages:
rsyslog
Issue Correction:
Run dnf update --releasever=2022.0.20220518 rsyslog to update your system.
New Packages:
aarch64:
rsyslog-pgsql-debuginfo-8.2204.0-1.amzn2022.aarch64
rsyslog-udpspoof-debuginfo-8.2204.0-1.amzn2022.aarch64
rsyslog-debugsource-8.2204.0-1.amzn2022.aarch64
rsyslog-mmsnmptrapd-debuginfo-8.2204.0-1.amzn2022.aarch64
rsyslog-hiredis-8.2204.0-1.amzn2022.aarch64
rsyslog-rabbitmq-debuginfo-8.2204.0-1.amzn2022.aarch64
rsyslog-mmaudit-debuginfo-8.2204.0-1.amzn2022.aarch64
rsyslog-gssapi-8.2204.0-1.amzn2022.aarch64
rsyslog-mongodb-8.2204.0-1.amzn2022.aarch64
rsyslog-debuginfo-8.2204.0-1.amzn2022.aarch64
rsyslog-mmnormalize-8.2204.0-1.amzn2022.aarch64
rsyslog-mysql-debuginfo-8.2204.0-1.amzn2022.aarch64
rsyslog-elasticsearch-debuginfo-8.2204.0-1.amzn2022.aarch64
rsyslog-openssl-8.2204.0-1.amzn2022.aarch64
rsyslog-mmfields-debuginfo-8.2204.0-1.amzn2022.aarch64
rsyslog-snmp-debuginfo-8.2204.0-1.amzn2022.aarch64
rsyslog-mmkubernetes-debuginfo-8.2204.0-1.amzn2022.aarch64
rsyslog-hiredis-debuginfo-8.2204.0-1.amzn2022.aarch64
rsyslog-mysql-8.2204.0-1.amzn2022.aarch64
rsyslog-libdbi-8.2204.0-1.amzn2022.aarch64
rsyslog-mmnormalize-debuginfo-8.2204.0-1.amzn2022.aarch64
rsyslog-relp-debuginfo-8.2204.0-1.amzn2022.aarch64
rsyslog-libdbi-debuginfo-8.2204.0-1.amzn2022.aarch64
rsyslog-gnutls-debuginfo-8.2204.0-1.amzn2022.aarch64
rsyslog-omamqp1-debuginfo-8.2204.0-1.amzn2022.aarch64
rsyslog-snmp-8.2204.0-1.amzn2022.aarch64
rsyslog-mongodb-debuginfo-8.2204.0-1.amzn2022.aarch64
rsyslog-relp-8.2204.0-1.amzn2022.aarch64
rsyslog-pgsql-8.2204.0-1.amzn2022.aarch64
rsyslog-udpspoof-8.2204.0-1.amzn2022.aarch64
rsyslog-kafka-8.2204.0-1.amzn2022.aarch64
rsyslog-openssl-debuginfo-8.2204.0-1.amzn2022.aarch64
rsyslog-gnutls-8.2204.0-1.amzn2022.aarch64
rsyslog-crypto-8.2204.0-1.amzn2022.aarch64
rsyslog-omamqp1-8.2204.0-1.amzn2022.aarch64
rsyslog-8.2204.0-1.amzn2022.aarch64
rsyslog-mmaudit-8.2204.0-1.amzn2022.aarch64
rsyslog-mmkubernetes-8.2204.0-1.amzn2022.aarch64
rsyslog-kafka-debuginfo-8.2204.0-1.amzn2022.aarch64
rsyslog-rabbitmq-8.2204.0-1.amzn2022.aarch64
rsyslog-mmfields-8.2204.0-1.amzn2022.aarch64
rsyslog-mmjsonparse-debuginfo-8.2204.0-1.amzn2022.aarch64
rsyslog-elasticsearch-8.2204.0-1.amzn2022.aarch64
rsyslog-gssapi-debuginfo-8.2204.0-1.amzn2022.aarch64
rsyslog-mmsnmptrapd-8.2204.0-1.amzn2022.aarch64
rsyslog-mmjsonparse-8.2204.0-1.amzn2022.aarch64
rsyslog-crypto-debuginfo-8.2204.0-1.amzn2022.aarch64
rsyslog-logrotate-8.2204.0-1.amzn2022.aarch64
noarch:
rsyslog-doc-8.2204.0-1.amzn2022.noarch
src:
rsyslog-8.2204.0-1.amzn2022.src
x86_64:
rsyslog-crypto-debuginfo-8.2204.0-1.amzn2022.x86_64
rsyslog-mmkubernetes-debuginfo-8.2204.0-1.amzn2022.x86_64
rsyslog-mmsnmptrapd-debuginfo-8.2204.0-1.amzn2022.x86_64
rsyslog-openssl-debuginfo-8.2204.0-1.amzn2022.x86_64
rsyslog-omamqp1-8.2204.0-1.amzn2022.x86_64
rsyslog-hiredis-debuginfo-8.2204.0-1.amzn2022.x86_64
rsyslog-gssapi-debuginfo-8.2204.0-1.amzn2022.x86_64
rsyslog-udpspoof-debuginfo-8.2204.0-1.amzn2022.x86_64
rsyslog-mmfields-debuginfo-8.2204.0-1.amzn2022.x86_64
rsyslog-mongodb-8.2204.0-1.amzn2022.x86_64
rsyslog-gnutls-8.2204.0-1.amzn2022.x86_64
rsyslog-mongodb-debuginfo-8.2204.0-1.amzn2022.x86_64
rsyslog-mmnormalize-debuginfo-8.2204.0-1.amzn2022.x86_64
rsyslog-crypto-8.2204.0-1.amzn2022.x86_64
rsyslog-debuginfo-8.2204.0-1.amzn2022.x86_64
rsyslog-gnutls-debuginfo-8.2204.0-1.amzn2022.x86_64
rsyslog-kafka-8.2204.0-1.amzn2022.x86_64
rsyslog-omamqp1-debuginfo-8.2204.0-1.amzn2022.x86_64
rsyslog-elasticsearch-8.2204.0-1.amzn2022.x86_64
rsyslog-pgsql-debuginfo-8.2204.0-1.amzn2022.x86_64
rsyslog-kafka-debuginfo-8.2204.0-1.amzn2022.x86_64
rsyslog-relp-debuginfo-8.2204.0-1.amzn2022.x86_64
rsyslog-relp-8.2204.0-1.amzn2022.x86_64
rsyslog-openssl-8.2204.0-1.amzn2022.x86_64
rsyslog-debugsource-8.2204.0-1.amzn2022.x86_64
rsyslog-mmkubernetes-8.2204.0-1.amzn2022.x86_64
rsyslog-libdbi-debuginfo-8.2204.0-1.amzn2022.x86_64
rsyslog-rabbitmq-debuginfo-8.2204.0-1.amzn2022.x86_64
rsyslog-gssapi-8.2204.0-1.amzn2022.x86_64
rsyslog-mmaudit-debuginfo-8.2204.0-1.amzn2022.x86_64
rsyslog-mysql-debuginfo-8.2204.0-1.amzn2022.x86_64
rsyslog-snmp-debuginfo-8.2204.0-1.amzn2022.x86_64
rsyslog-8.2204.0-1.amzn2022.x86_64
rsyslog-elasticsearch-debuginfo-8.2204.0-1.amzn2022.x86_64
rsyslog-mmjsonparse-debuginfo-8.2204.0-1.amzn2022.x86_64
rsyslog-rabbitmq-8.2204.0-1.amzn2022.x86_64
rsyslog-snmp-8.2204.0-1.amzn2022.x86_64
rsyslog-mysql-8.2204.0-1.amzn2022.x86_64
rsyslog-pgsql-8.2204.0-1.amzn2022.x86_64
rsyslog-udpspoof-8.2204.0-1.amzn2022.x86_64
rsyslog-libdbi-8.2204.0-1.amzn2022.x86_64
rsyslog-mmnormalize-8.2204.0-1.amzn2022.x86_64
rsyslog-mmjsonparse-8.2204.0-1.amzn2022.x86_64
rsyslog-hiredis-8.2204.0-1.amzn2022.x86_64
rsyslog-mmsnmptrapd-8.2204.0-1.amzn2022.x86_64
rsyslog-mmfields-8.2204.0-1.amzn2022.x86_64
rsyslog-mmaudit-8.2204.0-1.amzn2022.x86_64
rsyslog-logrotate-8.2204.0-1.amzn2022.x86_64