SUSE-SU-2022:1583-1

UNKNOWN

Security update for rsyslog

Published May 9, 2022

Modified 3 years ago

Fix available

Details

This update for rsyslog fixes the following issues:

CVE-2022-24903: Fixed potential heap buffer overflow in modules for TCP syslog reception (bsc#1199061).

Affected Packages(18 packages)

rsyslog

SUSE Enterprise Storage 7SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOSSUSE Linux Enterprise High Performance Computing 15 SP2-LTSSSUSE Linux Enterprise Module for Basesystem 15 SP3SUSE Linux Enterprise Module for Server Applications 15 SP3

Fixed in:

8.2106.0-150200.4.26.1

rsyslog-module-gssapi

SUSE Enterprise Storage 7SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOSSUSE Linux Enterprise High Performance Computing 15 SP2-LTSSSUSE Linux Enterprise Module for Server Applications 15 SP3SUSE Linux Enterprise Real Time 15 SP2

Fixed in:

8.2106.0-150200.4.26.1

rsyslog-module-gtls

SUSE Enterprise Storage 7SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOSSUSE Linux Enterprise High Performance Computing 15 SP2-LTSSSUSE Linux Enterprise Module for Server Applications 15 SP3SUSE Linux Enterprise Real Time 15 SP2

Fixed in:

8.2106.0-150200.4.26.1

rsyslog-module-mmnormalize

SUSE Enterprise Storage 7SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOSSUSE Linux Enterprise High Performance Computing 15 SP2-LTSSSUSE Linux Enterprise Module for Server Applications 15 SP3SUSE Linux Enterprise Real Time 15 SP2

Fixed in:

8.2106.0-150200.4.26.1

rsyslog-module-mysql

SUSE Enterprise Storage 7SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOSSUSE Linux Enterprise High Performance Computing 15 SP2-LTSSSUSE Linux Enterprise Module for Server Applications 15 SP3SUSE Linux Enterprise Real Time 15 SP2

Fixed in:

8.2106.0-150200.4.26.1

rsyslog-module-pgsql

SUSE Enterprise Storage 7SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOSSUSE Linux Enterprise High Performance Computing 15 SP2-LTSSSUSE Linux Enterprise Module for Server Applications 15 SP3SUSE Linux Enterprise Real Time 15 SP2

Fixed in:

8.2106.0-150200.4.26.1

rsyslog-module-relp

SUSE Enterprise Storage 7SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOSSUSE Linux Enterprise High Performance Computing 15 SP2-LTSSSUSE Linux Enterprise Module for Server Applications 15 SP3SUSE Linux Enterprise Real Time 15 SP2

Fixed in:

8.2106.0-150200.4.26.1

rsyslog-module-snmp

SUSE Enterprise Storage 7SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOSSUSE Linux Enterprise High Performance Computing 15 SP2-LTSSSUSE Linux Enterprise Module for Server Applications 15 SP3SUSE Linux Enterprise Real Time 15 SP2

Fixed in:

8.2106.0-150200.4.26.1

rsyslog-module-udpspoof

SUSE Enterprise Storage 7SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOSSUSE Linux Enterprise High Performance Computing 15 SP2-LTSSSUSE Linux Enterprise Module for Server Applications 15 SP3SUSE Linux Enterprise Real Time 15 SP2

Fixed in:

8.2106.0-150200.4.26.1

rsyslog-diag-tools

openSUSE Leap 15.3

Fixed in:

8.2106.0-150200.4.26.1

References

https://bugzilla.suse.com/1199061

https://www.suse.com/security/cve/CVE-2022-24903

https://www.suse.com/support/update/announcement/2022/suse-su-20221583-1/

Upstream

Related

Ecosystems(13)

SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS SUSE Linux Enterprise Module for Basesystem 15 SP3 SUSE Linux Enterprise Module for Server Applications 15 SP3

Timeline

PublishedMay 9, 2022

ModifiedMay 9, 2022

SUSE-SU-2022:1583-1 | Mondoo Vulnerability Intelligence