-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5150-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso May 28, 2022 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : rsyslog CVE ID : CVE-2022-24903 Debian Bug : 1010619 Peter Agten discovered that several modules for TCP syslog reception in rsyslog, a system and kernel logging daemon, have buffer overflow flaws when octet-counted framing is used, which could result in denial of service or potentially the execution of arbitrary code. For the oldstable distribution (buster), this problem has been fixed in version 8.1901.0-1+deb10u2. For the stable distribution (bullseye), this problem has been fixed in version 8.2102.0-2+deb11u1. We recommend that you upgrade your rsyslog packages. For the detailed security status of rsyslog please refer to its security tracker page at: https://security-tracker.debian.org/tracker/rsyslog Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmKSdpRfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0SP/g//eOtveZA6g5gcFhcyACpQ+u7MKT8QowuuxU4gNAoBzUW30obGR7d8L4gQ GCtT8hH7rekjOf6TcdE62JIt0bxzaOPzRfg1dc1tv7rzvNUfB4qOg8OsPkG0ikRU VJ/nS0dN+LvPkILop3tMDPJwEdm3D31WXjB2wQbOxEAgd1RNllgY0vKSookne898 zOOjzrRM0mAyFuHGhdm0j7jVk2fC/6DSKAqNXuN5ojHv0gpctcg8wARCzP9zzo37 f/hnN4XtsO1Rs2ASAD0l+I/i2+2MCnlpnIDS7ofox25kw6TngYrRLr2F1eDM9rU7 nA6RPyySy2JtsU3ZS09j0+vb5eOBa4OyqF1QkmcVvg5Se8kPAFCkXCtrjjla4lrD SYlU8ewo6h5ByDJbCDxA+XX4SqDH/5T5ZV11ifrnvkuxPUUZpC/dYb3N3AZ+YpTH ZhySCBcUipW9m2kCqxZIK8RP/OXGLTgdRtgRQRN0dstyERMUkYhlK18QcMGwUNcR +8T8a9YFo/YkbSTGCrHhGOuTVtpeXk0xI13bfdokwwbgrU8qZs3tZg9n7tbgESZY 1IsHwA2uTV+UylLZ/B8FNvXUY7OQwAK1Uu+KJg9cMFE5TEuhqpeieq7r+Sbvfi5b jpWIa4hBn4CBGwJdyoujAGvXEENIpTGVzAiSZbf4lOajjLKuO+o= =c/R7 -----END PGP SIGNATURE-----