package/rsyslog: security bump to version 8.2204.1
Fix CVE-2022-24903: Modules for TCP syslog reception have a heap buffer overflow when octet-counted framing is used. The attacker can corrupt heap values, leading to data integrity issues and availability impact. Remote code execution is unlikely to happen but not impossible. https://github.com/rsyslog/rsyslog/security/advisories/GHSA-ggw7-xr6h-mmr8#advisory-comment-72243 https://github.com/rsyslog/rsyslog/blob/v8.2204.1/ChangeLog Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This commit is contained in:
Fabrice Fontaine
Thomas Petazzoni
parent
9eeb5cd96d
commit
bc469ee632
@ -1,5 +1,5 @@
|
|||||||
# From http://www.rsyslog.com/downloads/download-v8-stable/
|
# From http://www.rsyslog.com/downloads/download-v8-stable/
|
||||||
sha256 19b232f765c4ba7a35b91ef1f5f9af775f6ff78ef56bb7737a2ce79ccbb32b98 rsyslog-8.2010.0.tar.gz
|
sha256 a6d731e46ad3d64f6ad4b19bbf1bf56ca4760a44a24bb96823189dc2e71f7028 rsyslog-8.2204.1.tar.gz
|
||||||
|
|
||||||
# Locally calculated
|
# Locally calculated
|
||||||
sha256 054b3a047d9232376a46b87356b19b0c0c2924cb5e6911ab96a01fc4b515f083 COPYING
|
sha256 054b3a047d9232376a46b87356b19b0c0c2924cb5e6911ab96a01fc4b515f083 COPYING
|
||||||
|
|||||||
@ -4,7 +4,7 @@
|
|||||||
#
|
#
|
||||||
################################################################################
|
################################################################################
|
||||||
|
|
||||||
RSYSLOG_VERSION = 8.2010.0
|
RSYSLOG_VERSION = 8.2204.1
|
||||||
RSYSLOG_SITE = http://rsyslog.com/files/download/rsyslog
|
RSYSLOG_SITE = http://rsyslog.com/files/download/rsyslog
|
||||||
RSYSLOG_LICENSE = GPL-3.0, LGPL-3.0, Apache-2.0
|
RSYSLOG_LICENSE = GPL-3.0, LGPL-3.0, Apache-2.0
|
||||||
RSYSLOG_LICENSE_FILES = COPYING COPYING.LESSER COPYING.ASL20
|
RSYSLOG_LICENSE_FILES = COPYING COPYING.LESSER COPYING.ASL20
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user