{"affected":[{"ecosystem_specific":{"binaries":[{"rsyslog":"8.4.0-13.8.1","rsyslog-diag-tools":"8.4.0-13.8.1","rsyslog-doc":"8.4.0-13.8.1","rsyslog-module-gssapi":"8.4.0-13.8.1","rsyslog-module-gtls":"8.4.0-13.8.1","rsyslog-module-mysql":"8.4.0-13.8.1","rsyslog-module-pgsql":"8.4.0-13.8.1","rsyslog-module-relp":"8.4.0-13.8.1","rsyslog-module-snmp":"8.4.0-13.8.1","rsyslog-module-udpspoof":"8.4.0-13.8.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 12 SP1","name":"rsyslog","purl":"pkg:rpm/suse/rsyslog&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"8.4.0-13.8.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"rsyslog":"8.4.0-13.8.1","rsyslog-diag-tools":"8.4.0-13.8.1","rsyslog-doc":"8.4.0-13.8.1","rsyslog-module-gssapi":"8.4.0-13.8.1","rsyslog-module-gtls":"8.4.0-13.8.1","rsyslog-module-mysql":"8.4.0-13.8.1","rsyslog-module-pgsql":"8.4.0-13.8.1","rsyslog-module-relp":"8.4.0-13.8.1","rsyslog-module-snmp":"8.4.0-13.8.1","rsyslog-module-udpspoof":"8.4.0-13.8.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12 SP1-LTSS","name":"rsyslog","purl":"pkg:rpm/suse/rsyslog&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"8.4.0-13.8.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for rsyslog fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2019-17041: Fixed a heap overflow in the parser for AIX log messages (bsc#1153451).\n- CVE-2019-17042: Fixed a heap overflow in the parser for Cisco log messages (bsc#1153459).\n\nNon-security issues fixed:\n\n- Handle multiline messages correctly when using the imfile module. (bsc#1015203)\n- Fix a race condition in the shutdown sequence in wtp that was causing rsyslog not to\n  shutdown properly. (bsc#1022804)\n","id":"SUSE-SU-2020:0424-1","modified":"2020-02-19T16:07:46Z","published":"2020-02-19T16:07:46Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2020/suse-su-20200424-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1015203"},{"type":"REPORT","url":"https://bugzilla.suse.com/1022804"},{"type":"REPORT","url":"https://bugzilla.suse.com/1153451"},{"type":"REPORT","url":"https://bugzilla.suse.com/1153459"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-17041"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-17042"}],"related":["CVE-2019-17041","CVE-2019-17042"],"summary":"Security update for rsyslog","upstream":["CVE-2019-17041","CVE-2019-17042"]}