Updated rsyslog packages that fix one security issue are now available for Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link associated with the description below.
The rsyslog packages provide an enhanced, multi-threaded syslog daemon that supports MySQL, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine grained output format control.
Security Fix
- CVE-2011-3200
A two byte buffer overflow flaw was found in the rsyslog daemon's parseLegacySyslogMsg function. An attacker able to submit log messages to rsyslogd could use this flaw to crash the daemon.
All rsyslog users should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the rsyslog daemon will be restarted automatically.
Updated rsyslog packages that fix multiple bugs and add various enhancements are now available for Red Hat Enterprise Linux 6.
The rsyslog packages provide an enhanced, multi-threaded syslog daemon that supports MySQL, syslog/TCP, RFC 3195, permitted sender list, filtering on any message part, and fine grained output format control.
Bug Fixes
- BZ#661858
Previously, running rsyslog with Transport Layer Security (TLS) and TCP caused extensive memory and CPU consumption. Consequent to this, the system could become unresponsive. The source code has been modified and problems with the memory and CPU consumption no longer occur.
- BZ#698705
Prior to this update, the rsyslog initscript created an invalid lock file named rsyslogd. As a consequence, rsyslog and rsyslogd did not match and the rc daemon did not stop the process when shutting down the system. With this update, the source code is modified so that the initscript creates a valid lock file.
- BZ#701782
On the IBM System z and PowerPC architectures, the rsyslog daemon did not respect the configuration to send messages using TLS encryption. As a consequence, messages were sent as plain text. With this update, rsyslog is modified to send messages encrypted.
- BZ#727208
Previously, the "ActionExecOnlyOnceEveryInterval" directive did not work as expected. If another message came within the time limit, the timeout got reset and would never expire. This problem has been fixed and the timeout now expires as expected.
Enhancements
- BZ#618488
Previously, rsyslog did not build the omsnmp module by default. This update provides the omsnmp module so that users are able to send syslog messages over Simple Network Management Protocol (SNMP).
- BZ#683537
Previously, the rsyslog daemon included /var/log/boot.log in the /etc/logrotate.d/syslog file. The rotation caused a new boot.log file to be created with zero length, while a date was appended to the old one. Eventually, after a certain number of rotations, the boot.log data got lost. With this update, rotation is no longer used for /var/log/boot.log.
- BZ#702314
This update includes the new ommail module in the rsyslog package, which can be used for sending emails based on received syslog events.
- BZ#737096
This update introduces the new "SpaceLFOnReceive" configuration option and the "RSYSLOG_SysklogdFileFormat" format template. These new features allow users to configure rsyslog to behave like the sysklogd daemon, which was available in previous releases.
Users are advised to upgrade to these updated rsyslog packages, which fix these bugs and add these enhancements.
Updated rsyslog packages that add one enhancement are now available for Red Hat Enterprise Linux 6.
The rsyslog packages provide an enhanced, multi-threaded syslog daemon that supports MySQL, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine grained output format control.
- BZ#742275
This update introduces the new configuration option "SpaceLFOnReceive" and the log format template "RSYSLOG_SysklogdFileFormat". These new features allow users to configure rsyslog to behave like the old sysklogd daemon, available in previous releases.
Users that require sysklogd compatibility from rsyslog are advised to upgrade to these updated rsyslog packages, which add this enhancement.
Updated rsyslog packages that fix one bug are now available for Red Hat Enterprise Linux 6.
The rsyslog packages provide an enhanced, multi-threaded syslog daemon that supports MySQL, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine grained output format control.
Bug Fix
- 713139
Prior to this update, the "$ActionSendStreamDriverMode" configuration directive did not have any effect on big-endian platforms. Due to this behavior, the Transport Layer Security (TLS) encryption was not enabled. This update modifies the code to correctly process the configuration directive. Now, TLS encryption works as expected.
All users of rsyslog are advised to upgrade to these updated packages, which fix this bug.
