ALAS-2014-445

Amazon Linux 1 Security Advisory: ALAS-2014-445
Advisory Release Date: 2014-11-11 10:26 Pacific
Advisory Updated Date: 2014-11-11 10:34 Pacific

Severity: Medium

References: CVE-2014-3634 RHSA-2014-1671
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

A flaw was found in the way rsyslog handled invalid log message priority values. In certain configurations, a local attacker, or a remote attacker able to connect to the rsyslog port, could use this flaw to crash the rsyslog daemon. (CVE-2014-3634)

Affected Packages:

rsyslog

Issue Correction:
Run yum update rsyslog to update your system.

New Packages:

i686:
    rsyslog-mysql-5.8.10-9.26.amzn1.i686
    rsyslog-debuginfo-5.8.10-9.26.amzn1.i686
    rsyslog-pgsql-5.8.10-9.26.amzn1.i686
    rsyslog-gnutls-5.8.10-9.26.amzn1.i686
    rsyslog-gssapi-5.8.10-9.26.amzn1.i686
    rsyslog-5.8.10-9.26.amzn1.i686
    rsyslog-snmp-5.8.10-9.26.amzn1.i686

src:
    rsyslog-5.8.10-9.26.amzn1.src

x86_64:
    rsyslog-5.8.10-9.26.amzn1.x86_64
    rsyslog-snmp-5.8.10-9.26.amzn1.x86_64
    rsyslog-gssapi-5.8.10-9.26.amzn1.x86_64
    rsyslog-pgsql-5.8.10-9.26.amzn1.x86_64
    rsyslog-mysql-5.8.10-9.26.amzn1.x86_64
    rsyslog-debuginfo-5.8.10-9.26.amzn1.x86_64
    rsyslog-gnutls-5.8.10-9.26.amzn1.x86_64

Additional References

Red Hat: CVE-2014-3634

Mitre: CVE-2014-3634