Candidate: CVE-2018-16881
PublicDate: 2019-01-25 18:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16881
 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16881
 https://github.com/rsyslog/rsyslog/commit/6c52f29d593a27f934a1871d40eed84ebde3f3a6 (introduced in)
Description:
 A denial of service vulnerability was found in rsyslog in the imptcp
 module. An attacker could send a specially crafted message to the imptcp
 socket, which would cause rsyslog to crash. Versions before 8.27.0 are
 vulnerable.
Ubuntu-Description:
Notes:
 sbeattie> requires imptcp module to be loaded, which is not enabled in
   the default configuration
Bugs:
Priority: low
Discovered-by: Joel Miller
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]


Patches_rsyslog:
 upstream: https://github.com/rsyslog/rsyslog/commit/0381a0de64a5a048c3d48b79055bd9848d0c7fc2
upstream_rsyslog: released (8.27.0-2)
precise/esm_rsyslog: ignored (end of ESM support, was needs-triage)
trusty_rsyslog: ignored (reached end-of-life)
trusty/esm_rsyslog: needs-triage
xenial_rsyslog: ignored (end of standard support, was needed)
esm-infra/xenial_rsyslog: needed
bionic_rsyslog: not-affected (8.32.0-1ubuntu4)
cosmic_rsyslog: not-affected
disco_rsyslog: not-affected
eoan_rsyslog: not-affected
focal_rsyslog: not-affected
groovy_rsyslog: not-affected
hirsute_rsyslog: not-affected
impish_rsyslog: not-affected
jammy_rsyslog: not-affected
devel_rsyslog: not-affected