Ispravljen je sigurnosni propust u radu programskog paketa syslog-ng, distribuiranog s operacijskim sustavom Fedora 15. Spomenuti nedostatak je udaljenom napadaču omogućavao napad uskraćivanjem usluga (DoS).
Paket:
syslog-ng 3.x
Operacijski sustavi:
Fedora 15
Problem:
neodgovarajuća provjera ulaznih podataka
Iskorištavanje:
udaljeno
Posljedica:
uskraćivanje usluga (DoS)
Rješenje:
programska zakrpa proizvođača
Izvorni ID preporuke:
FEDORA-2011-7176
Izvor:
Fedora
Problem:
Sigurnosni propust je posljedica neodgovarajuće obrade korisničkih ulaznih podataka.
Posljedica:
Napadač ovaj propust može iskoristiti za izvršavanje napada uskraćivanje usluga (eng. Denial of Service).
Rješenje:
Svim se korisnicima navedenog programskog paketa savjetuje njegova nadogradnja na novije inačice.
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-7176
2011-05-18 18:38:12
--------------------------------------------------------------------------------
Name : syslog-ng
Product : Fedora 15
Version : 3.2.4
Release : 3.fc15
URL : http://www.balabit.com/network-security/syslog-ng
Summary : Next-generation syslog server
Description :
syslog-ng, as the name shows, is a syslogd replacement, but with new
functionality for the new generation. The original syslogd allows
messages only to be sorted based on priority/facility pairs; syslog-ng
adds the possibility to filter based on message contents using regular
expressions. The new configuration scheme is intuitive and powerful.
Forwarding logs over TCP and remembering all forwarding hops makes it
ideal for firewalled environments.
--------------------------------------------------------------------------------
Update Information:
Fixes a PCRE-bug, cf. http://www.securityfocus.com/bid/47800
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 16 2011 Jose Pedro Oliveira <jpo at di.uminho.pt> - 3.2.4-3
- Updated the homepage URL
- Syslog-ng data directory in %{_datadir}/%{name}
- Include the main library header files in the devel subpackage
* Thu May 12 2011 Jose Pedro Oliveira <jpo at di.uminho.pt> - 3.2.4-2
- No need to create the directory /etc/syslog-ng in the install section
- Enable the test suite (but excluding the SQL and SSL tests)
* Wed May 11 2011 Jose Pedro Oliveira <jpo at di.uminho.pt> - 3.2.4-1
- Update to 3.2.4
* Mon May 9 2011 Jose Pedro Oliveira <jpo at di.uminho.pt> - 3.2.3-5
- Overrided the default _localstatedir value (configure --localstatedir)
(value hardcoded in update-patterndb)
- Manually created the patterndb.d configuration directory (update-patterndb)
(see also https://bugzilla.balabit.com/show_bug.cgi?id=119 comments >= 4)
- Dropped support for Vim 7.0 and 7.1
* Mon May 9 2011 Jose Pedro Oliveira <jpo at di.uminho.pt> - 3.2.3-4
- Dropped the bison and flex build requirements
- Corrected a couple of macro references in changelog entries (rpmlint)
* Mon May 9 2011 Jose Pedro Oliveira <jpo at di.uminho.pt> - 3.2.3-3
- Added the build requirement systemd-units (macro %_unitdir)
https://fedoraproject.org/wiki/Packaging:Guidelines:Systemd
- Dropped the redefinition of the %_localstatedir macro
- Use %global instead of %define
- Minor modifications of the %post, %preun and %postun scripts
https://fedoraproject.org/wiki/Packaging:ScriptletSnippets#Systemd
- Expanded tabs to spaces (also added a vim modeline)
* Fri May 6 2011 Jose Pedro Oliveira <jpo at di.uminho.pt> - 3.2.3-2
- Fix systemd-related scriptlets (Bill Nottingham)
- Explicitly add --enable-systemd to configure's command line
* Mon May 2 2011 Jose Pedro Oliveira <jpo at di.uminho.pt> - 3.2.3-1
- updated to 3.2.3 final
- cleaned the sysconfig file
* Thu Apr 28 2011 Jose Pedro Oliveira <jpo at di.uminho.pt> -
3.2.3-0.20110424.4
- downgrade the pcre minimal required version from 7.3 to 6.1 (#651823#c26)
- better compliance with the package guidelines
(https://fedoraproject.org/wiki/Packaging:ScriptletSnippets#Systemd)
* Thu Apr 28 2011 Matthias Runge <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> -
3.2.3-0.20110424.3
- honor pidfile
- disable ssl
- disable sql
* Tue Apr 26 2011 Matthias Runge <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> -
3.2.3-0.20110424.2
- drop support for fedora without systemd
* Mon Apr 25 2011 Jose Pedro Oliveira <jpo at di.uminho.pt> -
3.2.3-0.20110424.1
- change NVR to alert users that we have been using a syslog-ng v3.2 git
snapshot
(for systemd support)
* Mon Apr 25 2011 Jose Pedro Oliveira <jpo at di.uminho.pt> - 3.2.2-4
- re-introduces the "Provides: syslog" (#651823 comments 13, 15 and 21)
- rename the logrotate.d file back to syslog (#651823 comments 12, 15, 16 and
21)
- cleans the sysconfig and logrotate file mess (#651823 comments 17, 20 and
21)
- spec code cleanup (#651823 comments 10 and 11)
- dropped duplicated eventlog-devel BR
* Thu Apr 21 2011 Matthias Runge <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 3.2.2-3
- systemd fixup
- more spec file cleanup,
- incorporate fixes from Jose Pedro Oliveira (#651823 comments 7 and 8)
* Wed Apr 20 2011 Matthias Runge <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 3.2.2-2
- spec cleanup
* Wed Apr 13 2011 Matthias Runge <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 3.2.2-1
- update to 3.2.2
- built from git snapshot
* Wed Apr 6 2011 Matthias Runge <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 3.2.1-3
- install to /sbin
- native systemd start script
* Thu Mar 17 2011 Matthias Runge <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 3.2.1-2
- finally move libs to correct place
- split out -devel subpackage
* Fri Mar 4 2011 Matthias Runge <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 3.2.1-1
- update to syslog-ng 3.2.1
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update syslog-ng' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Posljednje sigurnosne preporuke