| Description: | The rsyslog packages provide an enhanced, multi-threaded syslog daemonthat supports writing to relational databases, syslog/TCP, RFC 3195,permitted sender lists, filtering on any message part, and fine grainedoutput format control.A flaw was found in the way rsyslog handled invalid log message priorityvalues. In certain configurations, a local attacker, or a remote attackerable to connect to the rsyslog port, could use this flaw to crash thersyslog daemon. (CVE-2014-3634)Red Hat would like to thank Rainer Gerhards of rsyslog upstream forreporting this issue.All rsyslog5 and rsyslog users are advised to upgrade to these updatedpackages, which contain a backported patch to correct this issue. Afterinstalling the update, the rsyslog service will be restarted automatically. |