Debian
syslog-ng package

  1. Bug #183389
  2. Comment #3

Comment 3 for bug 183389

Revision history for this message
Cody A.W. Somerville (cody-somerville) wrote :

debdiff syslog-ng_2.0.0-1.dsc syslog-ng_2.0.0-1ubuntu0.1.dsc > syslog-ng_2.0.0-1ubuntu0.1.feisty-security.debdiff

Changes:
 syslog-ng (2.0.0-1ubuntu0.1) feisty-security; urgency=low
 .
   * SECURITY UPDATE: Allows remote attackers to cause a denial of service
       (crash) via a message with a timestamp that does not contain a trailing
       space, which triggers a NULL pointer dereference.
   * src/logmsg.c (log_msg_parse): fixed possible NULL pointer dereference
       in log message parsing, as done in upstream RCS
   * References:
      - http://git.balabit.hu/?p=bazsi/syslog-ng-2.0.git;a=commitdiff;h=3126ebad217e7fd6356f4733ca33f571aa87a170
      - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6437
      - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=457334
   * Closes lp: #183389
Files:
 36995d5b529bbdf5fce5a8ffb8ff0a8b 638 admin extra syslog-ng_2.0.0-1ubuntu0.1.dsc
 6ea55c647dcbd3d58a58b8d90f7ea300 346056 admin extra syslog-ng_2.0.0.orig.tar.gz
 9b8e677769ae974f5a48d7aee3e200d1 10687 admin extra syslog-ng_2.0.0-1ubuntu0.1.diff.gz