ELA-175-1 rsyslog security update

heap overflow

Related CVEs CVE-2019-17041 CVE-2019-17042

Two heap overflow vulnerabilities were discovered in rsyslog, a system and kernel logging daemon, in the AIX and Cisco log messages parsers (not loaded in the default configuration).

For Debian 7 Wheezy, these problems have been fixed in version 5.8.11-3+deb7u3.

We recommend that you upgrade your rsyslog packages.

Further information about Extended LTS security advisories can be found in the dedicated section of our website.