—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1
Liebe Kolleginnen und Kollegen,
soeben erreichte uns nachfolgendes Fedora Security Advisory. Wir geben
diese Informationen unveraendert an Sie weiter.
SecurityFocus-2011-47800 – Schwachstelle in syslog-ng
Die syslog-Variante syslog-ng vor Version 3.2.4 prueft nicht ausreichend
Daten, die von Nutzern uebergeben wurden. Dies fuehrt dazu, dass ein
entfernter Angreifer einen Denial of Service-Angriff durchfuehren kann,
indem er praeparierte Eingaben verwendet.
Betroffen sind die folgenden Software Pakete und Plattformen:
Paket syslog-ng vor Version 3.2.4
Fedora 15
Vom Hersteller werden ueberarbeitete Pakete zur Verfuegung gestellt.
(c) der deutschen Zusammenfassung bei DFN-CERT Services GmbH; die
Verbreitung, auch auszugsweise, ist nur unter Hinweis auf den Urheber,
DFN-CERT Services GmbH, und nur zu nicht kommerziellen Zwecken
gestattet.
Mit freundlichen Gruessen,
Timo Schulz
– —
Timo Schulz, M.Sc. (Incident Response Team)
DFN-CERT Services GmbH, https://www.dfn-cert.de, Phone +49 40 808077-590
Sitz / Register: Hamburg, AG Hamburg, HRB 88805, Ust-IdNr.: DE 232129737
Sachsenstrasse 5, 20097 Hamburg/Germany, CEO: Dr. Klaus-Peter Kossakowski
Automatische Warnmeldungen: https://www.cert.dfn.de/autowarn
– ——————————————————————————–
Fedora Update Notification
FEDORA-2011-7176
2011-05-18 18:38:12
– ——————————————————————————–
Name : syslog-ng
Product : Fedora 15
Version : 3.2.4
Release : 3.fc15
URL : http://www.balabit.com/network-security/syslog-ng
Summary : Next-generation syslog server
Description :
syslog-ng, as the name shows, is a syslogd replacement, but with new
functionality for the new generation. The original syslogd allows
messages only to be sorted based on priority/facility pairs; syslog-ng
adds the possibility to filter based on message contents using regular
expressions. The new configuration scheme is intuitive and powerful.
Forwarding logs over TCP and remembering all forwarding hops makes it
ideal for firewalled environments.
– ——————————————————————————–
Update Information:
Fixes a PCRE-bug, cf. http://www.securityfocus.com/bid/47800
– ——————————————————————————–
ChangeLog:
* Mon May 16 2011 Jose Pedro Oliveira
– – Updated the homepage URL
– – Syslog-ng data directory in %{_datadir}/%{name}
– – Include the main library header files in the devel subpackage
* Thu May 12 2011 Jose Pedro Oliveira
– – No need to create the directory /etc/syslog-ng in the install section
– – Enable the test suite (but excluding the SQL and SSL tests)
* Wed May 11 2011 Jose Pedro Oliveira
– – Update to 3.2.4
* Mon May 9 2011 Jose Pedro Oliveira
– – Overrided the default _localstatedir value (configure –localstatedir)
(value hardcoded in update-patterndb)
– – Manually created the patterndb.d configuration directory (update-patterndb)
(see also https://bugzilla.balabit.com/show_bug.cgi?id=119 comments >= 4)
– – Dropped support for Vim 7.0 and 7.1
* Mon May 9 2011 Jose Pedro Oliveira
– – Dropped the bison and flex build requirements
– – Corrected a couple of macro references in changelog entries (rpmlint)
* Mon May 9 2011 Jose Pedro Oliveira
– – Added the build requirement systemd-units (macro %_unitdir)
https://fedoraproject.org/wiki/Packaging:Guidelines:Systemd
– – Dropped the redefinition of the %_localstatedir macro
– – Use %global instead of %define
– – Minor modifications of the %post, %preun and %postun scripts
https://fedoraproject.org/wiki/Packaging:ScriptletSnippets#Systemd
– – Expanded tabs to spaces (also added a vim modeline)
* Fri May 6 2011 Jose Pedro Oliveira
– – Fix systemd-related scriptlets (Bill Nottingham)
– – Explicitly add –enable-systemd to configure’s command line
* Mon May 2 2011 Jose Pedro Oliveira
– – updated to 3.2.3 final
– – cleaned the sysconfig file
* Thu Apr 28 2011 Jose Pedro Oliveira
– – downgrade the pcre minimal required version from 7.3 to 6.1 (#651823#c26)
– – better compliance with the package guidelines
(https://fedoraproject.org/wiki/Packaging:ScriptletSnippets#Systemd)
* Thu Apr 28 2011 Matthias Runge
– – honor pidfile
– – disable ssl
– – disable sql
* Tue Apr 26 2011 Matthias Runge
– – drop support for fedora without systemd
* Mon Apr 25 2011 Jose Pedro Oliveira
– – change NVR to alert users that we have been using a syslog-ng v3.2 git snapshot
(for systemd support)
* Mon Apr 25 2011 Jose Pedro Oliveira
– – re-introduces the “Provides: syslog” (#651823 comments 13, 15 and 21)
– – rename the logrotate.d file back to syslog (#651823 comments 12, 15, 16 and 21)
– – cleans the sysconfig and logrotate file mess (#651823 comments 17, 20 and 21)
– – spec code cleanup (#651823 comments 10 and 11)
– – dropped duplicated eventlog-devel BR
* Thu Apr 21 2011 Matthias Runge
– – systemd fixup
– – more spec file cleanup,
– – incorporate fixes from Jose Pedro Oliveira (#651823 comments 7 and 8)
* Wed Apr 20 2011 Matthias Runge
– – spec cleanup
* Wed Apr 13 2011 Matthias Runge
– – update to 3.2.2
– – built from git snapshot
* Wed Apr 6 2011 Matthias Runge
– – install to /sbin
– – native systemd start script
* Thu Mar 17 2011 Matthias Runge
– – finally move libs to correct place
– – split out -devel subpackage
* Fri Mar 4 2011 Matthias Runge
– – update to syslog-ng 3.2.1
– ——————————————————————————–
This update can be installed with the “yum” update program. Use
su -c ‘yum update syslog-ng’ at the command line.
For more information, refer to “Managing Software with yum”,
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
– ——————————————————————————–
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2.0.16 (GNU/Linux)
iQEcBAEBAgAGBQJN3MqHAAoJEJtyb8U7iGZBYWgH/1HNmGtSwr5dSKDa6MuXBZkV
Wc6WYUz2fh1jTHaX1Zkchsvhu6a1SYFypZ0jRN6EKin6aCnHczqTR194O6H7LglI
zYe4rlFoRfH5LYwxDO5ouJ0pz9S4Onrntf0MUTawF3mWSvNGfk/7gpQhV7OyZfDY
kFL4mjPHbGdavyosBRUhYpkZLEUG66Gzxb6s3OkFfERdVC70jhZsbmcoWSGkpq2l
p00NcN1rbQAvW37n9wSEp6rlv09rz/S4ZTi3IfDCoEzMvln92XGXa2FCP1qhbpYa
l4a6uFuUkJoxC33hEl7yqnoG5dunatTbf5BDZjXRjMY4LstxqfjFuAaFrOvSg4I=
=Q8SZ
—–END PGP SIGNATURE—–
