{ "Definition": [ { "ID": "oval:org.altlinux.errata:def:20141540", "Version": "oval:org.altlinux.errata:def:20141540", "Class": "patch", "Metadata": { "Title": "ALT-PU-2014-1540: package `rsyslog` update to version 8.2.1-alt1", "AffectedList": [ { "Family": "unix", "Platforms": [ "ALT Linux branch p9" ], "Products": [ "ALT Server", "ALT Virtualization Server", "ALT Workstation", "ALT Workstation K", "ALT Education", "Simply Linux", "Starterkit" ] } ], "References": [ { "RefID": "ALT-PU-2014-1540", "RefURL": "https://errata.altlinux.org/ALT-PU-2014-1540", "Source": "ALTPU" }, { "RefID": "CVE-2013-4758", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-4758", "Source": "CVE" } ], "Description": "This update upgrades rsyslog to version 8.2.1-alt1. \nSecurity Fix(es):\n\n * CVE-2013-4758: Double free vulnerability in the writeDataError function in the ElasticSearch plugin (omelasticsearch) in rsyslog before 7.4.2 and before 7.5.2 devel, when errorfile is set to local logging, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted JSON response.", "Advisory": { "From": "errata.altlinux.org", "Severity": "Low", "Rights": "Copyright 2024 BaseALT Ltd.", "Issued": { "Date": "2014-04-25" }, "Updated": { "Date": "2014-04-25" }, "BDUs": null, "CVEs": [ { "ID": "CVE-2013-4758", "CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "CWE": "CWE-399", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-4758", "Impact": "Low", "Public": "20131004" } ], "AffectedCPEs": { "CPEs": [ "cpe:/o:alt:kworkstation:9", "cpe:/o:alt:workstation:9", "cpe:/o:alt:server:9", "cpe:/o:alt:server-v:9", "cpe:/o:alt:education:9", "cpe:/o:alt:slinux:9", "cpe:/o:alt:starterkit:p9", "cpe:/o:alt:kworkstation:9.1", "cpe:/o:alt:workstation:9.1", "cpe:/o:alt:server:9.1", "cpe:/o:alt:server-v:9.1", "cpe:/o:alt:education:9.1", "cpe:/o:alt:slinux:9.1", "cpe:/o:alt:starterkit:9.1", "cpe:/o:alt:kworkstation:9.2", "cpe:/o:alt:workstation:9.2", "cpe:/o:alt:server:9.2", "cpe:/o:alt:server-v:9.2", "cpe:/o:alt:education:9.2", "cpe:/o:alt:slinux:9.2", "cpe:/o:alt:starterkit:9.2" ] } } }, "Criteria": { "Operator": "AND", "Criterions": [ { "TestRef": "oval:org.altlinux.errata:tst:1001", "Comment": "ALT Linux must be installed" } ], "Criterias": [ { "Operator": "OR", "Criterions": [ { "TestRef": "oval:org.altlinux.errata:tst:20141540001", "Comment": "rsyslog is earlier than 0:8.2.1-alt1" }, { "TestRef": "oval:org.altlinux.errata:tst:20141540002", "Comment": "rsyslog-crypto is earlier than 0:8.2.1-alt1" }, { "TestRef": "oval:org.altlinux.errata:tst:20141540003", "Comment": "rsyslog-dbi is earlier than 0:8.2.1-alt1" }, { "TestRef": "oval:org.altlinux.errata:tst:20141540004", "Comment": "rsyslog-elasticsearch is earlier than 0:8.2.1-alt1" }, { "TestRef": "oval:org.altlinux.errata:tst:20141540005", "Comment": "rsyslog-extra is earlier than 0:8.2.1-alt1" }, { "TestRef": "oval:org.altlinux.errata:tst:20141540006", "Comment": "rsyslog-gnutls is earlier than 0:8.2.1-alt1" }, { "TestRef": "oval:org.altlinux.errata:tst:20141540007", "Comment": "rsyslog-hiredis is earlier than 0:8.2.1-alt1" }, { "TestRef": "oval:org.altlinux.errata:tst:20141540008", "Comment": "rsyslog-journal is earlier than 0:8.2.1-alt1" }, { "TestRef": "oval:org.altlinux.errata:tst:20141540009", "Comment": "rsyslog-mmanon is earlier than 0:8.2.1-alt1" }, { "TestRef": "oval:org.altlinux.errata:tst:20141540010", "Comment": "rsyslog-mmaudit is earlier than 0:8.2.1-alt1" }, { "TestRef": "oval:org.altlinux.errata:tst:20141540011", "Comment": "rsyslog-mmjsonparse is earlier than 0:8.2.1-alt1" }, { "TestRef": "oval:org.altlinux.errata:tst:20141540012", "Comment": "rsyslog-mmnormalize is earlier than 0:8.2.1-alt1" }, { "TestRef": "oval:org.altlinux.errata:tst:20141540013", "Comment": "rsyslog-mongo is earlier than 0:8.2.1-alt1" }, { "TestRef": "oval:org.altlinux.errata:tst:20141540014", "Comment": "rsyslog-mysql is earlier than 0:8.2.1-alt1" }, { "TestRef": "oval:org.altlinux.errata:tst:20141540015", "Comment": "rsyslog-pgsql is earlier than 0:8.2.1-alt1" }, { "TestRef": "oval:org.altlinux.errata:tst:20141540016", "Comment": "rsyslog-relp is earlier than 0:8.2.1-alt1" }, { "TestRef": "oval:org.altlinux.errata:tst:20141540017", "Comment": "rsyslog-snmp is earlier than 0:8.2.1-alt1" }, { "TestRef": "oval:org.altlinux.errata:tst:20141540018", "Comment": "rsyslog-udpspoof is earlier than 0:8.2.1-alt1" } ] } ] } } ] }