[Oraclevm-errata] OVMSA-2023-0010 Important: Oracle VM 3 Extended Lifecycle Support (ELS) rsyslog security update

[Errata Announcements for Oracle VM]

Oracle VM Security Advisory OVMSA-2023-0010

The following updated rpms for Oracle VM 3 Extended Lifecycle Support (ELS) have been uploaded to the Unbreakable Linux Network:

x86_64:
rsyslog-5.8.10-12.0.2.el6.x86_64.rpm



Related CVEs:

CVE-2022-24903




Description of changes:

[5.8.10-12.0.2]
- Back port fix for heap-based overflow in TCP syslog server
- Resolves CVE-2022-24903 [Orabug: 34226447]

[5.8.10-12.0.1]
- use setsid() to get a controlling session and process group [Orabug: 17346261] (Todd Vierling)

[5.8.10-12]
RHEL-6.10 ERRATUM

- added a patch fixing manpages
  resolves: rhbz#1392400

[5.8.10-11]
RHEL-6.10 ERRATUM

- add a patch fixing possible ABRT in DA queues
  resolves: rhbz#1491428

[5.8.10-10]
- add a patch to fix a segfault in the regex module
  resolves: #1109155
- explicitly disable systemd service file generation
- turn on verbose make output

[5.8.10-9]
- fix CVE-2014-3634
  resolves: #1149149

[5.8.10-8]
- drop patch 5 which introduced a regression
  resolves: #927405
  reverts: #847568
- add a patch to prevent 'RepeatedMsgReduction' causing missing hostnames
  resolves: #893197
- add a patch to enable specifying UID/GID as a number
  resolves: #886117
- add a patch to prevent a segfault in gssapi
  resolves: #862517

[5.8.10-7]
- add a patch to support large groups in the $FileGroup directive
  resolves: #924754
- add a patch to fix 'pri-text' property format
  resolves: #951727
- add a patch to fix the behavior of the *QueueMaxFileSize directives
  resolves: #963942

[5.8.10-6]
- the previous patch to enable RFC3339 timestamps revealed a bug
  in the upstream code - adding another patch
  Resolves: #886004

[5.8.10-5]
- add a patch to permit RFC3339 timestamps in messages comming from
  the local log socket, patch taken from upstream - commit:
  bfae69d68b0032a383821a54bc52aeff36a90e52
  Resolves: #886004

[5.8.10-4]
- add patch to correct the order in which selector filters are added
  Resolves: #847568

[5.8.10-3]
- add 'conflicts' on incompatible version of selinux-policy
  Resolves: #838148

[5.8.10-2]
- add patch to update information on debugging in the man page
  Resolves: #820311
- add patch to prevent debug output to stdout after forking
  Resolves: #820996
- add patch to support ssl certificates with domain names longer than 128 chars
  Resolves: #822118

[5.8.10-1]
- rebase to rsyslog 5.8.10
  Resolves: #803550
  Resolves: #805424
  Resolves: #813079
  Resolves: #813084
- consider lock file in 'status' action
  Resolves: #807608
- add impstats and imptcp modules
- include new license text files
- specify which versions of sysklogd are obsoleted

[5.8.7-1]
- rebase to rsyslog-5.8.7
  - change license from 'GPLv3+' to '(GPLv3+ and ASL 2.0)'
    http://blog.gerhards.net/2012/01/rsyslog-licensing-update.html
  - remove patches obsoleted by rebase
  - add patches for better sysklogd compatibility (taken from upstream)
  - update included files for the new major version
  Resolves: #672182
  Resolves: #727380
  Resolves: #756664
  Resolves: #767527
  Resolves: #769025
- add several directories for storing auxiliary data
  Resolves: #740420
- fix source package URL

[4.6.2-12]
- fix typo in RSYSLOG_SysklogdFileFormat documentation
  Resolves: #737096

[4.6.2-11]
- provide configuration directive for sysklogd message format compatibility
- provide log format template for sysklogd message format compatibility
  Resolves: #737096

[4.6.2-10]
- add patch to resolve buffer overflow (CVE-2011-3200)
  Resolves: #733648

[4.6.2-9]
- use proper lock file in 'status' action
  Resolves: #698705

[4.6.2-8]
- workaround the mysql_conf multilib issue by directly using
  the arch-specific script
  Resolves: #694414

[4.6.2-7]
- add patch to correct the behavior of the ActionExecOnlyOnceEveryInterval
  configuration directive
  Resolves: #727208

[4.6.2-6]
- add patch to prevent tight loop when using TLS
  Resolves: #661858

[4.6.2-5]
- provide omsnmp module in rsyslog-snmp subpackage
  Resolves: #618488
- modify logrotate configuration to omit boot.log
  Resolves: #683537
- use correct lock file name
  Resolves: #698705
- provide ommail module
  Resolves: #702314

[4.6.2-4]
- add patch to resolve short int overflow
  Resolves: #701782

[4.6.2-3]
- build rsyslog with PIE and RELRO
  Resolves: #642994
- add ChangeLog file to documentation
- add /etc/pki/rsyslog directory

[4.6.2-2]
- Fix a potential segfault upon SIGHUP induced restart
  Resolves: #598421
- Add Obsoletes: sysklogd
  Resolves: #513277

[4.6.2-1]
- upgrade to new upstream stable version 4.6.2
  Resolves: #554998
- correct the default value of the OMFileFlushOnTXEnd directive
- add upstream fix for message-induced off-by-one error
- change the default value of the HUPisRestart directive to enabled
- remove autoconf, automake, libtool from BuildRequires
- change exec-prefix to nil
- redefine _libdir as it doesn't use _exec_prefix
  Resolves: #591860

[4.4.2-4]
- change init script error code
  Resolves: #539065

[4.4.2-3]
- remove '_smp_mflags' make argument as it seems to be
  producing corrupted builds
  Resolves: #556522

[4.4.2-2]
- rebuild for #556522

[4.4.2-1]
- upgrade to new upstream stable version 4.4.2
  Resolves: #554998
- add support for arbitrary number of open file descriptors
- run libtoolize to avoid errors due mismatching libtool version
- change exec-prefix to /

[4.4.1-2.1]
- Rebuilt for RHEL 6

[4.4.1-2]
- adjust init script according to guidelines (#522071)

[4.4.1-1]
- upgrade to new upstream stable version

[4.2.0-3]
- rebuilt with new openssl

[4.2.0-2]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild

[4.2.0-1]
- upgrade

[3.21.11-1]
- upgrade

[3.21.10-4]
- Backport HUPisRestart option

[3.21.10-3]
- fix variables' type conversion in expression-based filters (#485937)

[3.21.10-2]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild

[3.21.10-1]
- upgrade

[3.21.9-3]
- rebuild for dependencies

[3.21.9-2]
- fix several legacy options handling
- fix internal message output (#478612)

[3.21.9-1]
- update is fixing $AllowedSender security issue

[3.21.3-4]
- use RPM_OPT_FLAGS
- use same pid file and logrotate file as syslog-ng (#441664)
- mark config files as noreplace (#428155)

[3.21.3-3]
- fix a wrong module name in the rsyslog.conf manual page (#455086)
- expand the rsyslog.conf manual page (#456030)

[3.21.3-2]
- fix clock rollback issue (#460230)

[3.21.3-1]
- upgrade to bugfix release

[3.21.0-1]
- upgrade

[3.19.9-2]
- adjust default config file

[3.19.9-1]
- upgrade

[3.19.7-3]
- rebuild because of new gnutls

[3.19.7-2]
- do not translate Oopses (#450329)

[3.19.7-1]
- upgrade

[3.19.4-1]
- upgrade

[3.19.3-1]
- upgrade to new upstream release

[3.16.1-1]
- upgrade

[3.14.1-5]
- prevent undesired error description in legacy
  warning messages

[3.14.1-4]
- adjust symbol lookup method to 2.6 kernel

[3.14.1-3]
- fix segfault of expression based filters

[3.14.1-2]
- init script fixes (#441170,#440968)

[3.14.1-1]
- upgrade

[3.12.4-1]
- upgrade

[3.12.3-1]
- upgrade
- fix some significant memory leaks

[3.12.1-2]
- init script fixes (#436854)
- fix config file parsing (#436722)

[3.12.1-1]
- upgrade

[3.12.0-1]
- upgrade

[3.11.5-1]
- upgrade

[3.11.0-1]
- upgrade to the latests development release
- provide PostgresSQL support
- provide GSSAPI support