{"id":"SUSE-RU-2019:2816-1","summary":"Recommended update for rsyslog","details":"This update for rsyslog fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2019-17041: Fixed a heap overflow in the parser for AIX log messages (bsc#1153451).\n- CVE-2019-17042: Fixed a heap overflow in the parser for Cisco log messages (bsc#1153459).\n\nNon-security issue fixed:\n\n- imudp: fix segfault in ratelimit code (bsc#1149094)\n  \n","modified":"2026-03-11T05:55:30.601603Z","published":"2019-10-29T14:14:43Z","related":["CVE-2019-17041","CVE-2019-17042"],"upstream":["CVE-2019-17041","CVE-2019-17042"],"references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/-2019-2816/suse-ru-20192816-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1149094"},{"type":"REPORT","url":"https://bugzilla.suse.com/1153451"},{"type":"REPORT","url":"https://bugzilla.suse.com/1153459"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-17041"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-17042"}],"affected":[{"package":{"name":"rsyslog","ecosystem":"SUSE:Linux Enterprise Desktop 12 SP4","purl":"pkg:rpm/suse/rsyslog&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"8.24.0-3.33.2"}]}],"ecosystem_specific":{"binaries":[{"rsyslog":"8.24.0-3.33.2"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-RU-2019:2816-1.json"}},{"package":{"name":"rsyslog","ecosystem":"SUSE:Linux Enterprise Server 12 SP4","purl":"pkg:rpm/suse/rsyslog&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"8.24.0-3.33.2"}]}],"ecosystem_specific":{"binaries":[{"rsyslog-module-pgsql":"8.24.0-3.33.2","rsyslog-diag-tools":"8.24.0-3.33.2","rsyslog-doc":"8.24.0-3.33.2","rsyslog-module-mmnormalize":"8.24.0-3.33.2","rsyslog-module-udpspoof":"8.24.0-3.33.2","rsyslog-module-snmp":"8.24.0-3.33.2","rsyslog-module-gtls":"8.24.0-3.33.2","rsyslog":"8.24.0-3.33.2","rsyslog-module-gssapi":"8.24.0-3.33.2","rsyslog-module-relp":"8.24.0-3.33.2","rsyslog-module-mysql":"8.24.0-3.33.2"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-RU-2019:2816-1.json"}},{"package":{"name":"rsyslog","ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 12 SP4","purl":"pkg:rpm/suse/rsyslog&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"8.24.0-3.33.2"}]}],"ecosystem_specific":{"binaries":[{"rsyslog-module-pgsql":"8.24.0-3.33.2","rsyslog-diag-tools":"8.24.0-3.33.2","rsyslog-doc":"8.24.0-3.33.2","rsyslog-module-mmnormalize":"8.24.0-3.33.2","rsyslog-module-udpspoof":"8.24.0-3.33.2","rsyslog-module-snmp":"8.24.0-3.33.2","rsyslog-module-gtls":"8.24.0-3.33.2","rsyslog":"8.24.0-3.33.2","rsyslog-module-gssapi":"8.24.0-3.33.2","rsyslog-module-relp":"8.24.0-3.33.2","rsyslog-module-mysql":"8.24.0-3.33.2"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-RU-2019:2816-1.json"}},{"package":{"name":"rsyslog","ecosystem":"SUSE:Linux Enterprise Server 12 SP5","purl":"pkg:rpm/suse/rsyslog&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"8.24.0-3.33.2"}]}],"ecosystem_specific":{"binaries":[{"rsyslog-module-pgsql":"8.24.0-3.33.2","rsyslog-diag-tools":"8.24.0-3.33.2","rsyslog-doc":"8.24.0-3.33.2","rsyslog-module-mmnormalize":"8.24.0-3.33.2","rsyslog-module-udpspoof":"8.24.0-3.33.2","rsyslog-module-snmp":"8.24.0-3.33.2","rsyslog-module-gtls":"8.24.0-3.33.2","rsyslog":"8.24.0-3.33.2","rsyslog-module-gssapi":"8.24.0-3.33.2","rsyslog-module-relp":"8.24.0-3.33.2","rsyslog-module-mysql":"8.24.0-3.33.2"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-RU-2019:2816-1.json"}},{"package":{"name":"rsyslog","ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 12 SP5","purl":"pkg:rpm/suse/rsyslog&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"8.24.0-3.33.2"}]}],"ecosystem_specific":{"binaries":[{"rsyslog-module-pgsql":"8.24.0-3.33.2","rsyslog-diag-tools":"8.24.0-3.33.2","rsyslog-doc":"8.24.0-3.33.2","rsyslog-module-mmnormalize":"8.24.0-3.33.2","rsyslog-module-udpspoof":"8.24.0-3.33.2","rsyslog-module-snmp":"8.24.0-3.33.2","rsyslog-module-gtls":"8.24.0-3.33.2","rsyslog":"8.24.0-3.33.2","rsyslog-module-gssapi":"8.24.0-3.33.2","rsyslog-module-relp":"8.24.0-3.33.2","rsyslog-module-mysql":"8.24.0-3.33.2"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-RU-2019:2816-1.json"}}],"schema_version":"1.7.5"}