Debian 10260 Published by

Updated rsylog packages are available for Debian 6 LTS



Package : rsylog
Version : 4.6.4-2+deb6u1
CVE ID : CVE-2014-3634 CVE-2014-3683


CVE-2014-3634

Fix remote syslog vulnerability due to improper handling
of invalid PRI values.


CVE-2014-3683

Followup fix for CVE-2014-3634. The initial patch was incomplete.
It did not cover cases where PRI values > MAX_INT caused integer
overflows resulting in negative values.