Changelog for 7.6.7 (v7-stable)
Version 7.6.7 [v7.6-stable] 2014-10-02
- bugfix: the fix for CVE-2014-3634 did not handle all cases
This is corrected now. See also: CVE-2014-3683 - fixed a build problem on some platforms
Thanks to Olaf for the patch - behaviour change: “msg” of messages with invalid PRI set to “rawmsg”
When the PRI is invalid, the rest of the header cannot be valid. So
we move all of it to MSG and do not try to parse it out. Note that
this is not directly related to the security issue but rather done
because it makes most sense.
rsyslog 7.6.7 (v7-stable) released
This is primarily a re-release of 7.6.6 because the patch for the PRI vulnerability was incomplete. Special thanks to “mancha” for notifying us and helping to get it right.
For more info, please see: http://www.rsyslog.com/remote-syslog-pri-vulnerability-cve-2014-3683/
Packages are also already available in the package archives.
ChangeLog:
http://www.rsyslog.com/changelog-for-7-6-7-v7-stable/
Download:
http://www.rsyslog.com/downloads/download-v7-stable/
As always, feedback is appreciated.
Best regards,
Tim Eifler