Debian
syslog-ng package

  1. Bug #183389
  2. Comment #1

Comment 1 for bug 183389

Revision history for this message
Cody A.W. Somerville (cody-somerville) wrote :

debdiff syslog-ng_2.0.0-1ubuntu1.dsc syslog-ng_2.0.0-1ubuntu1.1.dsc > syslog-ng_2.0.0-1ubuntu1.1.gutsy-security.debdiff

Changes:
 syslog-ng (2.0.0-1ubuntu1.1) gutsy-security; urgency=low
 .
   * SECURITY UPDATE: Allows remote attackers to cause a denial of service
      (crash) via a message with a timestamp that does not contain a trailing
      space, which triggers a NULL pointer dereference.
   * src/logmsg.c (log_msg_parse): fixed possible NULL pointer dereference
      in log message parsing, as done in upstream RCS
   * References:
     - http://git.balabit.hu/?p=bazsi/syslog-ng-2.0.git;a=commitdiff;h=3126ebad217e7fd6356f4733ca33f571aa87a170
     - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6437
     - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=457334
Files:
 1506917867abfe4f565f1c3a758bfd48 713 admin extra syslog-ng_2.0.0-1ubuntu1.1.dsc
 6ea55c647dcbd3d58a58b8d90f7ea300 346056 admin extra syslog-ng_2.0.0.orig.tar.gz
 aa1cd8d197f63ce1f9ce5fe432615bde 11211 admin extra syslog-ng_2.0.0-1ubuntu1.1.diff.gz