Debian
syslog-ng package

  1. Bug #183389
  2. Comment #7

Comment 7 for bug 183389

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package syslog-ng - 2.0.0-1ubuntu0.1

---------------
syslog-ng (2.0.0-1ubuntu0.1) feisty-security; urgency=low

  * SECURITY UPDATE: Allows remote attackers to cause a denial of service
      (crash) via a message with a timestamp that does not contain a trailing
      space, which triggers a NULL pointer dereference.
  * src/logmsg.c (log_msg_parse): fixed possible NULL pointer dereference
      in log message parsing, as done in upstream RCS
  * References:
     - http://git.balabit.hu/?p=bazsi/syslog-ng-2.0.git;a=commitdiff;h=3126ebad217e7fd6356f4733ca33f571aa87a170
     - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6437
     - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=457334
  * Closes lp: #183389
  * Updated maintainer fields

 -- <email address hidden> (Cody A.W. Somerville) Tue, 15 Jan 2008 17:30:40 -0800