Bug#669349: rsyslog: Denial of service vulnerabilities

[Henri Salo]

Package: rsyslog
Version: 4.6.4-2
Severity: important, security

Please fix three security vulnerabilities: 
http://www.rsyslog.com/changelog-for-5-6-4-v5-stable/

"RepeatedMsgReduction Function Memory Exhaustion Local DoS"
http://security-tracker.debian.org/tracker/CVE-2011-1488
http://osvdb.org/show/osvdb/75190

"Multiple Ruleset Message Handling Memory Exhaustion Local DoS"
http://security-tracker.debian.org/tracker/CVE-2011-1489
http://osvdb.org/show/osvdb/75191

"Multiple Ruleset Message Handling Memory Exhaustion Local DoS"
http://security-tracker.debian.org/tracker/CVE-2011-1490
http://osvdb.org/show/osvdb/75192

-- System Information:
Debian Release: 6.0.4
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL 
set to en_US.UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages rsyslog depends on:
ii  libc6                   2.11.3-3         Embedded GNU C Library: Shared lib
ii  lsb-base                3.2-23.2squeeze1 Linux Standard Base 3.2 init scrip
ii  zlib1g                  1:1.2.3.4.dfsg-3 compression library - runtime

Versions of packages rsyslog recommends:
ii  logrotate                     3.7.8-6    Log rotation utility

Versions of packages rsyslog suggests:
pn  rsyslog-doc                   <none>     (no description available)
pn  rsyslog-gnutls                <none>     (no description available)
pn  rsyslog-gssapi                <none>     (no description available)
pn  rsyslog-mysql | rsyslog-pgsql <none>     (no description available)
pn  rsyslog-relp                  <none>     (no description available)

-- no debconf information



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org