Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Mon, 4 Apr 2011 14:23:10 -0400 (EDT)
From: Josh Bressers <bressers@...hat.com>
To: oss-security@...ts.openwall.com
Cc: coley <coley@...re.org>
Subject: Re: CVE Request: rsyslogd memory leaks

It would seem this needs three IDs (due to version differences).

> 
> The $RepeatedMsgReduction option could cause a memory leak:
> http://bugzilla.adiscon.com/show_bug.cgi?id=225
> http://git.adiscon.com/?p=rsyslog.git;a=commitdiff;h=8083bd1433449fd2b1b79bf759f782e0f64c0cd2

The above is fixed in versions 5.6.4 ad 5.7.6
CVE-2011-1488

> 
> Multiple rulesets that are used by multiple inputs could cause a
> memory leak or crash:
> http://bugzilla.adiscon.com/show_bug.cgi?id=226

The above bug claims it's fixed in versions 5.6.3 and 5.7.6
CVE-2011-1489

> http://bugzilla.adiscon.com/show_bug.cgi?id=218
> http://git.adiscon.com/?p=rsyslog.git;a=commitdiff;h=1ef709cc97d54f74d3fdeb83788cc4b01f4c6a2a

The above bug is fixed in versions 5.6.4, 5.7.6, and 6.1.5
CVE-2011-1490

Thanks.

-- 
    JB

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.