#include <infodrom.style>
#include <projects.style>

<projectpg project="sysklogd" maxcontrib=5>

<headline>New version 1.5.1 released</headline>

<p>We're pleased to announce a bugfix release of sysklogd that fixes a
recently found vulnerability by Rainer Gerhards:</p>

<p>Many thanks to Rainer Gerhards, rsyslog project lead, for
identifying a problem with how rsyslog's rsyslogd and sysklogd's
syslogd check for invalid priority values (<a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3634">CVE-2014-3634</a>). For details
please refer to Rainer's well-written issue description.</p>

<p>In sysklogd's syslogd, invalid priority values between 192 and 1023
(directly or arrived at via overflow wraparound) can propagate through
code causing out-of-bounds access to the f_pmask array within the
'filed' structure by up to 104 bytes past its end. Though most likely
insufficient to reach unallocated memory because there are around 544
bytes past f_pmask in 'filed' (mod packing and other differences),
incorrect access of fields at higher positions of the 'filed'
structure definition can cause unexpected behavior including message
mis-classification, forwarding issues, message loss, or other.</p>

<author>Joey</author>

</projectpg>

# Local variables:
# mode: html
# mode: auto-fill
# end: