| Description: | The rsyslog packages provide an enhanced, multi-threaded syslog daemonthat supports writing to relational databases, syslog/TCP, RFC 3195,permitted sender lists, filtering on any message part, and fine grainedoutput format control.A flaw was found in the way rsyslog handled invalid log message priorityvalues. In certain configurations, a local attacker, or a remote attackerable to connect to the rsyslog port, could use this flaw to crash thersyslog daemon or, potentially, execute arbitrary code as the user runningthe rsyslog daemon. (CVE-2014-3634)Red Hat would like to thank Rainer Gerhards of rsyslog upstream forreporting this issue.All rsyslog users are advised to upgrade to these updated packages, whichcontain a backported patch to correct this issue. After installing theupdate, the rsyslog service will be restarted automatically. |