Package: rsyslog Version: 3.14.1-1 Severity: important Tags: security patch
Hi, The following Secunia Advisory (SA) has been published for rsyslog. SA32857[1]: > A vulnerability has been reported in RSyslog, which can be exploited by > malicious people to bypass certain security restrictions. > > The problem is that the "AllowedSender" configuration directive is not > respected, allowing unrestricted network access to the application. > > The vulnerability is reported in versions 3.12.1 through 3.20.0. A patch can be found at [2]. If you fix the vulnerability please also make sure to include the CVE id in the changelog entry, when one is assigned. [1]http://secunia.com/Advisories/32857/ [2]http://git.adiscon.com/?p=rsyslog.git;a=commitdiff;h=f0ddbed44c332391ae6d9bbf6b07e2f06c4dd676 Cheers, -- Raphael Geissert - Debian Maintainer www.debian.org - get.debian.net
signature.asc
Description: This is a digitally signed message part.
