Vulnerabilities > CVE-2018-16881 - Integer Overflow or Wraparound vulnerability in multiple products

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
rsyslog
redhat
debian
CWE-190
nessus

Summary

A denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send a specially crafted message to the imptcp socket, which would cause rsyslog to crash. Versions before 8.27.0 are vulnerable.

Vulnerable Configurations

Part Description Count
Application
Rsyslog
423
Application
Redhat
3
OS
Redhat
8
OS
Debian
1

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Forced Integer Overflow
    This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.

Nessus

  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2019-2_0-0134_RSYSLOG.NASL
    descriptionAn update of the rsyslog package has been released.
    last seen2020-06-01
    modified2020-06-02
    plugin id122918
    published2019-03-18
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122918
    titlePhoton OS 2.0: Rsyslog PHSA-2019-2.0-0134
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    # The descriptive text and package checks in this plugin were
    # extracted from VMware Security Advisory PHSA-2019-2.0-0134. The text
    # itself is copyright (C) VMware, Inc.
    
    include("compat.inc");
    
    if (description)
    {
      script_id(122918);
      script_version("1.2");
      script_cvs_date("Date: 2020/02/04");
    
      script_cve_id("CVE-2018-16881");
    
      script_name(english:"Photon OS 2.0: Rsyslog PHSA-2019-2.0-0134");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote PhotonOS host is missing multiple security updates.");
      script_set_attribute(attribute:"description", value:
    "An update of the rsyslog package has been released.");
      script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Updates-2-134.md");
      script_set_attribute(attribute:"solution", value:
    "Update the affected Linux packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-8912");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/11/08");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/02/25");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/03/18");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:rsyslog");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:2.0");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"PhotonOS Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/PhotonOS/release");
    if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS");
    if (release !~ "^VMware Photon (?:Linux|OS) 2\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 2.0");
    
    if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu);
    
    flag = 0;
    
    if (rpm_check(release:"PhotonOS-2.0", reference:"rsyslog-8.26.0-7.ph2")) flag++;
    if (rpm_check(release:"PhotonOS-2.0", reference:"rsyslog-debuginfo-8.26.0-7.ph2")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "rsyslog");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1058.NASL
    descriptionAccording to the version of the rsyslog packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send a specially crafted message to the imptcp socket, which would cause rsyslog to crash.(CVE-2018-16881) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2019-02-22
    plugin id122385
    published2019-02-22
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122385
    titleEulerOS 2.0 SP2 : rsyslog (EulerOS-SA-2019-1058)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-2439.NASL
    descriptionAn update for rhvm-appliance is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The RHV-M Virtual Appliance automates the process of installing and configuring the Red Hat Virtualization Manager. The appliance is available to download as an OVA file from the Customer Portal. The following packages have been upgraded to a later upstream version: rhvm-appliance (4.3). (BZ#1669364, BZ#1684987, BZ#1697231, BZ#1720255) Security Fix(es) : * rsyslog: imptcp: integer overflow when Octet-Counted TCP Framing is enabled (CVE-2018-16881) * openssl: 0-byte record padding oracle (CVE-2019-1559) * undertow: leak credentials to log files UndertowLogger.REQUEST_LOGGER.undertowRequestFailed (CVE-2019-3888) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id127830
    published2019-08-13
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127830
    titleRHEL 7 : Virtualization Manager (RHSA-2019:2439)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20190806_RSYSLOG_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - rsyslog: imptcp: integer overflow when Octet-Counted TCP Framing is enabled (CVE-2018-16881)
    last seen2020-03-18
    modified2019-08-27
    plugin id128259
    published2019-08-27
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128259
    titleScientific Linux Security Update : rsyslog on SL7.x x86_64 (20190806)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1104.NASL
    descriptionAccording to the version of the rsyslog packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send a specially crafted message to the imptcp socket, which would cause rsyslog to crash.(CVE-2018-16881) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2019-03-26
    plugin id123117
    published2019-03-26
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123117
    titleEulerOS 2.0 SP3 : rsyslog (EulerOS-SA-2019-1104)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1073.NASL
    descriptionAccording to the version of the rsyslog packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send a specially crafted message to the imptcp socket, which would cause rsyslog to crash.(CVE-2018-16881) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2019-03-08
    plugin id122696
    published2019-03-08
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122696
    titleEulerOS 2.0 SP5 : rsyslog (EulerOS-SA-2019-1073)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2019-1_0-0212_RSYSLOG.NASL
    descriptionAn update of the rsyslog package has been released.
    last seen2020-06-01
    modified2020-06-02
    plugin id122925
    published2019-03-18
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122925
    titlePhoton OS 1.0: Rsyslog PHSA-2019-1.0-0212
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-154.NASL
    descriptionThis update for rsyslog fixes the following issues : Security issue fixed : - CVE-2018-16881: Fixed a denial of service when both the imtcp module and Octet-Counted TCP Framing is enabled (bsc#1123164). This update was imported from the SUSE:SLE-12-SP3:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id122090
    published2019-02-11
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122090
    titleopenSUSE Security Update : rsyslog (openSUSE-2019-154)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-2437.NASL
    descriptionAn update for redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host
    last seen2020-06-01
    modified2020-06-02
    plugin id127986
    published2019-08-20
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127986
    titleRHEL 7 : Virtualization Manager (RHSA-2019:2437)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1406.NASL
    descriptionAccording to the versions of the rsyslog packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - Rsyslog is an enhanced, multi-threaded syslog daemon. It supports MySQL, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine grain output format control. It is compatible with stock sysklogd and can be used as a drop-in replacement. Rsyslog is simple to set up, with advanced features suitable for enterprise-class, encryption-protected syslog relay chains. - Security fix(es): - A denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send a specially crafted message to the imptcp socket, which would cause rsyslog to crash.(CVE-2018-16881) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id124909
    published2019-05-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124909
    titleEulerOS Virtualization for ARM 64 3.0.1.0 : rsyslog (EulerOS-SA-2019-1406)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-2110.NASL
    descriptionAn update for rsyslog is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The rsyslog packages provide an enhanced, multi-threaded syslog daemon. It supports MySQL, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine-grained control over output format. Security Fix(es) : * rsyslog: imptcp: integer overflow when Octet-Counted TCP Framing is enabled (CVE-2018-16881) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id127673
    published2019-08-12
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127673
    titleRHEL 7 : rsyslog (RHSA-2019:2110)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-0209-1.NASL
    descriptionThis update for rsyslog fixes the following issues : Security issue fixed : CVE-2018-16881: Fixed a denial of service when both the imtcp module and Octet-Counted TCP Framing is enabled (bsc#1123164). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-18
    modified2019-02-01
    plugin id121539
    published2019-02-01
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121539
    titleSUSE SLED12 / SLES12 Security Update : rsyslog (SUSE-SU-2019:0209-1)
  • NASL familyAmazon Linux Local Security Checks
    NASL idAL2_ALAS-2019-1369.NASL
    descriptionA denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send a specially crafted message to the imptcp socket, which would cause rsyslog to crash.(CVE-2018-16881)
    last seen2020-06-01
    modified2020-06-02
    plugin id131238
    published2019-11-25
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131238
    titleAmazon Linux 2 : rsyslog (ALAS-2019-1369)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1245.NASL
    descriptionAccording to the version of the rsyslog packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - A denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send a specially crafted message to the imptcp socket, which would cause rsyslog to crash.i1/4^CVE-2018-16881i1/4%0 Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-19
    modified2019-04-04
    plugin id123713
    published2019-04-04
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123713
    titleEulerOS Virtualization 2.5.4 : rsyslog (EulerOS-SA-2019-1245)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0209_RSYSLOG.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has rsyslog packages installed that are affected by a vulnerability: - A denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send a specially crafted message to the imptcp socket, which would cause rsyslog to crash. Versions before 8.27.0 are vulnerable. (CVE-2018-16881) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id129897
    published2019-10-15
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129897
    titleNewStart CGSL CORE 5.04 / MAIN 5.04 : rsyslog Vulnerability (NS-SA-2019-0209)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2019-2110.NASL
    descriptionAn update for rsyslog is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The rsyslog packages provide an enhanced, multi-threaded syslog daemon. It supports MySQL, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine-grained control over output format. Security Fix(es) : * rsyslog: imptcp: integer overflow when Octet-Counted TCP Framing is enabled (CVE-2018-16881) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id128353
    published2019-08-30
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128353
    titleCentOS 7 : rsyslog (CESA-2019:2110)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0259_RSYSLOG.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has rsyslog packages installed that are affected by a vulnerability: - A denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send a specially crafted message to the imptcp socket, which would cause rsyslog to crash. Versions before 8.27.0 are vulnerable. (CVE-2018-16881) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id132463
    published2019-12-31
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132463
    titleNewStart CGSL CORE 5.05 / MAIN 5.05 : rsyslog Vulnerability (NS-SA-2019-0259)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1243.NASL
    descriptionAccording to the version of the rsyslog packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - A denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send a specially crafted message to the imptcp socket, which would cause rsyslog to crash.i1/4^CVE-2018-16881i1/4%0 Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-19
    modified2019-04-04
    plugin id123711
    published2019-04-04
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123711
    titleEulerOS Virtualization 2.5.3 : rsyslog (EulerOS-SA-2019-1243)

Redhat

advisories
  • bugzilla
    id1685901
    titlersyslog floods log files when watching files through a symlink
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 7 is installed
        ovaloval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • commentrsyslog-mmjsonparse is earlier than 0:8.24.0-38.el7
            ovaloval:com.redhat.rhsa:tst:20192110001
          • commentrsyslog-mmjsonparse is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20141397020
        • AND
          • commentrsyslog-gnutls is earlier than 0:8.24.0-38.el7
            ovaloval:com.redhat.rhsa:tst:20192110003
          • commentrsyslog-gnutls is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20111247008
        • AND
          • commentrsyslog-relp is earlier than 0:8.24.0-38.el7
            ovaloval:com.redhat.rhsa:tst:20192110005
          • commentrsyslog-relp is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20111247010
        • AND
          • commentrsyslog is earlier than 0:8.24.0-38.el7
            ovaloval:com.redhat.rhsa:tst:20192110007
          • commentrsyslog is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20111247012
        • AND
          • commentrsyslog-gssapi is earlier than 0:8.24.0-38.el7
            ovaloval:com.redhat.rhsa:tst:20192110009
          • commentrsyslog-gssapi is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20111247006
        • AND
          • commentrsyslog-kafka is earlier than 0:8.24.0-38.el7
            ovaloval:com.redhat.rhsa:tst:20192110011
          • commentrsyslog-kafka is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20192110012
        • AND
          • commentrsyslog-doc is earlier than 0:8.24.0-38.el7
            ovaloval:com.redhat.rhsa:tst:20192110013
          • commentrsyslog-doc is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20141397002
        • AND
          • commentrsyslog-pgsql is earlier than 0:8.24.0-38.el7
            ovaloval:com.redhat.rhsa:tst:20192110015
          • commentrsyslog-pgsql is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20111247002
        • AND
          • commentrsyslog-mmsnmptrapd is earlier than 0:8.24.0-38.el7
            ovaloval:com.redhat.rhsa:tst:20192110017
          • commentrsyslog-mmsnmptrapd is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20141397014
        • AND
          • commentrsyslog-snmp is earlier than 0:8.24.0-38.el7
            ovaloval:com.redhat.rhsa:tst:20192110019
          • commentrsyslog-snmp is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20120796002
        • AND
          • commentrsyslog-mysql is earlier than 0:8.24.0-38.el7
            ovaloval:com.redhat.rhsa:tst:20192110021
          • commentrsyslog-mysql is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20111247004
        • AND
          • commentrsyslog-elasticsearch is earlier than 0:8.24.0-38.el7
            ovaloval:com.redhat.rhsa:tst:20192110023
          • commentrsyslog-elasticsearch is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20141397012
        • AND
          • commentrsyslog-crypto is earlier than 0:8.24.0-38.el7
            ovaloval:com.redhat.rhsa:tst:20192110025
          • commentrsyslog-crypto is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20141397010
        • AND
          • commentrsyslog-libdbi is earlier than 0:8.24.0-38.el7
            ovaloval:com.redhat.rhsa:tst:20192110027
          • commentrsyslog-libdbi is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20141397016
        • AND
          • commentrsyslog-mmkubernetes is earlier than 0:8.24.0-38.el7
            ovaloval:com.redhat.rhsa:tst:20192110029
          • commentrsyslog-mmkubernetes is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20192110030
        • AND
          • commentrsyslog-mmnormalize is earlier than 0:8.24.0-38.el7
            ovaloval:com.redhat.rhsa:tst:20192110031
          • commentrsyslog-mmnormalize is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20141397018
        • AND
          • commentrsyslog-udpspoof is earlier than 0:8.24.0-38.el7
            ovaloval:com.redhat.rhsa:tst:20192110033
          • commentrsyslog-udpspoof is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20141397006
        • AND
          • commentrsyslog-mmaudit is earlier than 0:8.24.0-38.el7
            ovaloval:com.redhat.rhsa:tst:20192110035
          • commentrsyslog-mmaudit is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20141397008
    rhsa
    idRHSA-2019:2110
    released2019-08-06
    severityModerate
    titleRHSA-2019:2110: rsyslog security and bug fix update (Moderate)
  • rhsa
    idRHBA-2019:2501
  • rhsa
    idRHSA-2019:2437
  • rhsa
    idRHSA-2019:2439
rpms
  • rsyslog-0:8.24.0-41.el7_7
  • rsyslog-debuginfo-0:8.24.0-41.el7_7
  • rsyslog-elasticsearch-0:8.24.0-41.el7_7
  • rsyslog-mmjsonparse-0:8.24.0-41.el7_7
  • rsyslog-mmnormalize-0:8.24.0-41.el7_7
  • rsyslog-0:8.24.0-38.el7
  • rsyslog-crypto-0:8.24.0-38.el7
  • rsyslog-debuginfo-0:8.24.0-38.el7
  • rsyslog-doc-0:8.24.0-38.el7
  • rsyslog-elasticsearch-0:8.24.0-38.el7
  • rsyslog-gnutls-0:8.24.0-38.el7
  • rsyslog-gssapi-0:8.24.0-38.el7
  • rsyslog-kafka-0:8.24.0-38.el7
  • rsyslog-libdbi-0:8.24.0-38.el7
  • rsyslog-mmaudit-0:8.24.0-38.el7
  • rsyslog-mmjsonparse-0:8.24.0-38.el7
  • rsyslog-mmkubernetes-0:8.24.0-38.el7
  • rsyslog-mmnormalize-0:8.24.0-38.el7
  • rsyslog-mmsnmptrapd-0:8.24.0-38.el7
  • rsyslog-mysql-0:8.24.0-38.el7
  • rsyslog-pgsql-0:8.24.0-38.el7
  • rsyslog-relp-0:8.24.0-38.el7
  • rsyslog-snmp-0:8.24.0-38.el7
  • rsyslog-udpspoof-0:8.24.0-38.el7
  • imgbased-0:1.1.9-0.1.el7ev
  • ovirt-node-ng-nodectl-0:4.3.5-0.20190717.0.el7ev
  • python-imgbased-0:1.1.9-0.1.el7ev
  • python2-ovirt-node-ng-nodectl-0:4.3.5-0.20190717.0.el7ev
  • redhat-release-virtualization-host-0:4.3.5-2.el7ev
  • redhat-virtualization-host-image-update-0:4.3.5-20190722.0.el7_7
  • redhat-virtualization-host-image-update-placeholder-0:4.3.5-2.el7ev
  • rhvm-appliance-2:4.3-20190722.0.el7