SUSE-SU-2023:0319-1

Опубликовано: 08 фев. 2023

Источник: suse-cvrf

Описание

Security update for syslog-ng

This update for syslog-ng fixes the following issues:

CVE-2022-38725: Fixed an integer overflow in the RFC3164 protocol parser (bsc#1207460).

Список пакетов

Image SLES12-SP5-SAP-Azure-LI-BYOS-Production

syslog-ng-3.6.4-12.11.1

SUSE Linux Enterprise Module for Legacy 12

syslog-ng-3.6.4-12.11.1

Ссылки

https://www.suse.com/support/update/announcement/2023/suse-su-20230319-1/
Link for SUSE-SU-2023:0319-1
https://lists.suse.com/pipermail/sle-security-updates/2023-February/013705.html
E-Mail link for SUSE-SU-2023:0319-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1207460
SUSE Bug 1207460
https://www.suse.com/security/cve/CVE-2022-38725/
SUSE CVE CVE-2022-38725 page

Описание

An integer overflow in the RFC3164 parser in One Identity syslog-ng 3.0 through 3.37 allows remote attackers to cause a Denial of Service via crafted syslog input that is mishandled by the tcp or network function. syslog-ng Premium Edition 7.0.30 and syslog-ng Store Box 6.10.0 are also affected.

Затронутые продукты

Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:syslog-ng-3.6.4-12.11.1

SUSE Linux Enterprise Module for Legacy 12:syslog-ng-3.6.4-12.11.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-38725.html
CVE-2022-38725
https://bugzilla.suse.com/1207460
SUSE Bug 1207460

SUSE-SU-2023:0319-1

Описание

Список пакетов

Image SLES12-SP5-SAP-Azure-LI-BYOS-Production

SUSE Linux Enterprise Module for Legacy 12

Ссылки

Уязвимость: CVE-2022-38725

Описание

Затронутые продукты

Ссылки