Debian
syslog-ng package

  1. Bug #183389
  2. Comment #2

Comment 2 for bug 183389

Revision history for this message
Cody A.W. Somerville (cody-somerville) wrote :

Updated debdiff to include lp bug number.

debdiff syslog-ng_2.0.0-1ubuntu1.dsc syslog-ng_2.0.0-1ubuntu1.1.dsc > syslog-ng_2.0.0-1ubuntu1.1.gutsy-security.debdiff

Changes:
 syslog-ng (2.0.0-1ubuntu1.1) gutsy-security; urgency=low
 .
   * SECURITY UPDATE: Allows remote attackers to cause a denial of service
      (crash) via a message with a timestamp that does not contain a trailing
      space, which triggers a NULL pointer dereference.
   * src/logmsg.c (log_msg_parse): fixed possible NULL pointer dereference
      in log message parsing, as done in upstream RCS
   * References:
     - http://git.balabit.hu/?p=bazsi/syslog-ng-2.0.git;a=commitdiff;h=3126ebad217e7fd6356f4733ca33f571aa87a170
     - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6437
     - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=457334
   * Closes lp: #183389
Files:
 1f40a0b1b665dc5ed9a29a2c27ea32e1 713 admin extra syslog-ng_2.0.0-1ubuntu1.1.dsc
 6ea55c647dcbd3d58a58b8d90f7ea300 346056 admin extra syslog-ng_2.0.0.orig.tar.gz
 c169408b880f0ce182af2d5b795e82fb 11225 admin extra syslog-ng_2.0.0-1ubuntu1.1.diff.gz