Need to upgrade only rsyslog on Debian system

Question

Just received a notice from apticron:

apticron has detected that some packages need upgrading on:
The following packages are currently pending an upgrade:
rsyslog 5.8.11-3+deb7u1
    ...
Package Details:

Reading changelogs...
--- Changes for rsyslog ---
rsyslog (5.8.11-3+deb7u1) wheezy-security; urgency=high

  * debian/patches/05-pri-vulnerability-fix.patch:
    - CVE-2014-3634: Fix remote syslog vulnerability due to improper handling
      of invalid PRI values.
...
You can perform the upgrade by issuing the command:
apt-get dist-upgrade

Is there any way how to upgrade just rsyslog? I am leaving this server on Saturday and don't want to upgrade all the software that can lead to some problems. Can I upgrade just rsyslog?

If not, how important is to upgrade rsyslog? I don't have other users on the server and ssh access is allowed only from my IP.

Thanks.

score 0 · Accepted Answer · answered Oct 01 '14 at 12:47

apt-get install rsyslog does update it. Yes the command syntax might be a bit misleading.

I guess your rsyslog vulnerability only counts if your rsyslogd is configured to receive log lines from other servers and act thus act as a centralized logging server.

While updating, please make sure you also update bash due the Shellshock.

Need to upgrade only rsyslog on Debian system

1 Answers1