Package: rsyslog Version: 4.6.4-2 Severity: grave Tags: security CVE description: Stack-based buffer overflow in the parseLegacySyslogMsg function in tools/syslogd.c in rsyslogd in rsyslog 4.6.x before 4.6.8 and 5.2.0 through 5.8.4 might allow remote attackers to cause a denial of service (application exit) via a long TAG in a legacy syslog message.
Security Bug Tracker : http://security-tracker.debian.org/tracker/CVE-2011-3200 RedHat bug : https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3200 Ubuntu Bug : http://www.ubuntu.com/usn/usn-1224-1 I've attached the patch based on Ubuntu and RedHat patch.
03-CVE-2011-3200.patch
Description: Binary data
