Oracle Linux Local Security Checks : Oracle: Security Advisory (ELSA-2012-0796)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.123881

Categoría: Oracle Linux Local Security Checks

Título: Oracle: Security Advisory (ELSA-2012-0796)

Resumen: The remote host is missing an update for the 'rsyslog' package(s) announced via the ELSA-2012-0796 advisory.

Descripción: Summary:
The remote host is missing an update for the 'rsyslog' package(s) announced via the ELSA-2012-0796 advisory.

Vulnerability Insight:
[5.8.10-2]
- add patch to update information on debugging in the man page
Resolves: #820311
- add patch to prevent debug output to stdout after forking
Resolves: #820996
- add patch to support ssl certificates with domain names longer than 128 chars
Resolves: #822118

[5.8.10-1]
- rebase to rsyslog 5.8.10
Resolves: #803550
Resolves: #805424
Resolves: #813079
Resolves: #813084
- consider lock file in 'status' action
Resolves: #807608
- add impstats and imptcp modules
- include new license text files
- specify which versions of sysklogd are obsoleted

[5.8.7-1]
- rebase to rsyslog-5.8.7
- change license from 'GPLv3+' to '(GPLv3+ and ASL 2.0)'
[link moved to references]
- remove patches obsoleted by rebase
- add patches for better sysklogd compatibility (taken from upstream)
- update included files for the new major version
Resolves: #672182
Resolves: #727380
Resolves: #756664
Resolves: #767527
Resolves: #769025
- add several directories for storing auxiliary data
Resolves: #740420
- fix source package URL

Affected Software/OS:
'rsyslog' package(s) on Oracle Linux 6.

Solution:
Please install the updated package(s).

CVSS Score:
2.1

CVSS Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2011-4623
1026556
http://www.securitytracker.com/id?1026556
45848
http://secunia.com/advisories/45848
47698
http://secunia.com/advisories/47698
51171
http://www.securityfocus.com/bid/51171
USN-1338-1
http://www.ubuntu.com/usn/USN-1338-1
[oss-security] 20111222 Re: CVE Request -- rsyslog -- DoS due integer signedness error while extending rsyslog counted string buffer
http://www.openwall.com/lists/oss-security/2011/12/22/2
http://bugzilla.adiscon.com/show_bug.cgi?id=221
http://git.adiscon.com/?p=rsyslog.git%3Ba=commit%3Bh=6bad782f154b7f838c7371bf99c13f6dc4ec4101
http://rsyslog.com/changelog-for-4-6-6-v4-stable/
http://rsyslog.com/changelog-for-5-7-4-v5-beta/
http://rsyslog.com/changelog-for-6-1-4-devel/
https://bugzilla.redhat.com/show_bug.cgi?id=769822

Copyright Copyright (C) 2015 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.123881
Categoría:	Oracle Linux Local Security Checks
Título:	Oracle: Security Advisory (ELSA-2012-0796)
Resumen:	The remote host is missing an update for the 'rsyslog' package(s) announced via the ELSA-2012-0796 advisory.
Descripción:	Summary: The remote host is missing an update for the 'rsyslog' package(s) announced via the ELSA-2012-0796 advisory. Vulnerability Insight: [5.8.10-2] - add patch to update information on debugging in the man page Resolves: #820311 - add patch to prevent debug output to stdout after forking Resolves: #820996 - add patch to support ssl certificates with domain names longer than 128 chars Resolves: #822118 [5.8.10-1] - rebase to rsyslog 5.8.10 Resolves: #803550 Resolves: #805424 Resolves: #813079 Resolves: #813084 - consider lock file in 'status' action Resolves: #807608 - add impstats and imptcp modules - include new license text files - specify which versions of sysklogd are obsoleted [5.8.7-1] - rebase to rsyslog-5.8.7 - change license from 'GPLv3+' to '(GPLv3+ and ASL 2.0)' [link moved to references] - remove patches obsoleted by rebase - add patches for better sysklogd compatibility (taken from upstream) - update included files for the new major version Resolves: #672182 Resolves: #727380 Resolves: #756664 Resolves: #767527 Resolves: #769025 - add several directories for storing auxiliary data Resolves: #740420 - fix source package URL Affected Software/OS: 'rsyslog' package(s) on Oracle Linux 6. Solution: Please install the updated package(s). CVSS Score: 2.1 CVSS Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-4623 1026556 http://www.securitytracker.com/id?1026556 45848 http://secunia.com/advisories/45848 47698 http://secunia.com/advisories/47698 51171 http://www.securityfocus.com/bid/51171 USN-1338-1 http://www.ubuntu.com/usn/USN-1338-1 [oss-security] 20111222 Re: CVE Request -- rsyslog -- DoS due integer signedness error while extending rsyslog counted string buffer http://www.openwall.com/lists/oss-security/2011/12/22/2 http://bugzilla.adiscon.com/show_bug.cgi?id=221 http://git.adiscon.com/?p=rsyslog.git%3Ba=commit%3Bh=6bad782f154b7f838c7371bf99c13f6dc4ec4101 http://rsyslog.com/changelog-for-4-6-6-v4-stable/ http://rsyslog.com/changelog-for-5-7-4-v5-beta/ http://rsyslog.com/changelog-for-6-1-4-devel/ https://bugzilla.redhat.com/show_bug.cgi?id=769822
Copyright	Copyright (C) 2015 Greenbone AG