CVE-2011-1489

NameCVE-2011-1489
DescriptionA memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages were logged when multiple rulesets were used and some output batches contained messages belonging to more than one ruleset. A local attacker could cause denial of the rsyslogd daemon service via a log message belonging to more than one ruleset.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
rsyslog (PTS)jessie, jessie (lts)8.4.2-1+deb8u3fixed
stretch (security), stretch (lts), stretch8.24.0-1+deb9u3fixed
buster (security), buster, buster (lts)8.1901.0-1+deb10u2fixed
bullseye (security), bullseye8.2102.0-2+deb11u1fixed
bookworm8.2302.0-1fixed
sid, trixie8.2410.0-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
rsyslogsource(unstable)5.7.6-1low

Notes

[squeeze] - rsyslog <no-dsa> (Minor issue)
[lenny] - rsyslog <no-dsa> (Minor issue)

Search for package or bug name: Reporting problems