Summary: | <app-admin/rsyslog-8.26.0-r1: multiple format string vulnerabilities in zmq3 module | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | whissi |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1481335 | ||
Whiteboard: | B3 [noglsa cve] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 660258 | ||
Bug Blocks: |
Description
Agostino Sarubbo
2017-08-15 08:58:19 UTC
Fixed since https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=56373a28a0dff4cb79263b1db8ca3a2930227a15 Original stable request was bug 618836. Only arm needs to catch up (app-admin/rsyslog on arm is currently <8.26.0-r1). The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8831b442e3d08fdc39011c1906edfa071a9af219 commit 8831b442e3d08fdc39011c1906edfa071a9af219 Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2018-08-03 00:44:02 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2018-08-03 01:19:36 +0000 app-admin/rsyslog: drop old Bug: https://bugs.gentoo.org/627912 Package-Manager: Portage-2.3.44, Repoman-2.3.10 app-admin/rsyslog/Manifest | 8 - app-admin/rsyslog/files/8-stable/50-default.conf | 95 ----- .../rsyslog-8.27.0-fix-mmnormalize-tests.patch | 23 - ...yslog-8.32.0-fix-building-without-curl-r3.patch | 137 ------ .../8-stable/rsyslog-8.34.0-fix-issue2612.patch | 13 - app-admin/rsyslog/files/8-stable/rsyslog.logrotate | 37 -- app-admin/rsyslog/rsyslog-8.28.0-r1.ebuild | 451 -------------------- app-admin/rsyslog/rsyslog-8.32.0-r4.ebuild | 459 -------------------- app-admin/rsyslog/rsyslog-8.33.1-r1.ebuild | 457 -------------------- app-admin/rsyslog/rsyslog-8.34.0.ebuild | 464 --------------------- 10 files changed, 2144 deletions(-) downgrading to B3 since no PoC available and report does not specify proper attack's impact. GLSA Vote: NO tree is clean. Thank you all, |