ALAS-2014-445


Amazon Linux AMI Security Advisory: ALAS-2014-445
Advisory Release Date: 2014-11-11 10:34 Pacific
Severity: Medium

Issue Overview:

A flaw was found in the way rsyslog handled invalid log message priority values. In certain configurations, a local attacker, or a remote attacker able to connect to the rsyslog port, could use this flaw to crash the rsyslog daemon. (CVE-2014-3634 )


Affected Packages:

rsyslog


Issue Correction:
Run yum update rsyslog to update your system.

New Packages:
i686:
    rsyslog-mysql-5.8.10-9.26.amzn1.i686
    rsyslog-debuginfo-5.8.10-9.26.amzn1.i686
    rsyslog-pgsql-5.8.10-9.26.amzn1.i686
    rsyslog-gnutls-5.8.10-9.26.amzn1.i686
    rsyslog-gssapi-5.8.10-9.26.amzn1.i686
    rsyslog-5.8.10-9.26.amzn1.i686
    rsyslog-snmp-5.8.10-9.26.amzn1.i686

src:
    rsyslog-5.8.10-9.26.amzn1.src

x86_64:
    rsyslog-5.8.10-9.26.amzn1.x86_64
    rsyslog-snmp-5.8.10-9.26.amzn1.x86_64
    rsyslog-gssapi-5.8.10-9.26.amzn1.x86_64
    rsyslog-pgsql-5.8.10-9.26.amzn1.x86_64
    rsyslog-mysql-5.8.10-9.26.amzn1.x86_64
    rsyslog-debuginfo-5.8.10-9.26.amzn1.x86_64
    rsyslog-gnutls-5.8.10-9.26.amzn1.x86_64