Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2014-3683

Integer overflow in rsyslog before 7.6.7 and 8.x before 8.4.2 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service (crash) via a large priority (PRI) value. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3634.

Related bugs and status

CVE-2014-3683 (Candidate) is related to these bugs:

Bug #1389700: rsyslogd restarts every few minutes

Summary				In	Importance	Status
	1389700	rsyslogd restarts every few minutes		Fuel for OpenStack	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

MLIST: [oss-security] 2014093...
MLIST: [oss-security] 2014100...
CONFIRM: http://www.rsyslog.com...
SECUNIA: 61494
DEBIAN: DSA-3047
SUSE: SUSE-SU-2014:1294
SUSE: openSUSE-SU-2014:1297
SUSE: openSUSE-SU-2014:1298
UBUNTU: USN-2381-1
CONFIRM: http://www.oracle.com/...