Описание
Security update for syslog-ng
This update for syslog-ng fixes the following issues:
- CVE-2022-38725: Fixed integer overflow in parsers that allowed a remote denial of service (boo#1207460)
Список пакетов
SUSE Package Hub 15 SP4
libevtlog-3_35-0-3.35.1-bp154.3.3.1
syslog-ng-3.35.1-bp154.3.3.1
syslog-ng-curl-3.35.1-bp154.3.3.1
syslog-ng-devel-3.35.1-bp154.3.3.1
syslog-ng-geoip-3.35.1-bp154.3.3.1
syslog-ng-java-3.35.1-bp154.3.3.1
syslog-ng-mqtt-3.35.1-bp154.3.3.1
syslog-ng-python-3.35.1-bp154.3.3.1
syslog-ng-redis-3.35.1-bp154.3.3.1
syslog-ng-smtp-3.35.1-bp154.3.3.1
syslog-ng-snmp-3.35.1-bp154.3.3.1
syslog-ng-sql-3.35.1-bp154.3.3.1
openSUSE Leap 15.4
libevtlog-3_35-0-3.35.1-bp154.3.3.1
syslog-ng-3.35.1-bp154.3.3.1
syslog-ng-curl-3.35.1-bp154.3.3.1
syslog-ng-devel-3.35.1-bp154.3.3.1
syslog-ng-geoip-3.35.1-bp154.3.3.1
syslog-ng-java-3.35.1-bp154.3.3.1
syslog-ng-mqtt-3.35.1-bp154.3.3.1
syslog-ng-python-3.35.1-bp154.3.3.1
syslog-ng-redis-3.35.1-bp154.3.3.1
syslog-ng-smtp-3.35.1-bp154.3.3.1
syslog-ng-snmp-3.35.1-bp154.3.3.1
syslog-ng-sql-3.35.1-bp154.3.3.1
Ссылки
- E-Mail link for openSUSE-SU-2023:0040-1
- SUSE Security Ratings
- SUSE Bug 1207460
- SUSE CVE CVE-2022-38725 page
Описание
An integer overflow in the RFC3164 parser in One Identity syslog-ng 3.0 through 3.37 allows remote attackers to cause a Denial of Service via crafted syslog input that is mishandled by the tcp or network function. syslog-ng Premium Edition 7.0.30 and syslog-ng Store Box 6.10.0 are also affected.
Затронутые продукты
SUSE Package Hub 15 SP4:libevtlog-3_35-0-3.35.1-bp154.3.3.1
SUSE Package Hub 15 SP4:syslog-ng-3.35.1-bp154.3.3.1
SUSE Package Hub 15 SP4:syslog-ng-curl-3.35.1-bp154.3.3.1
SUSE Package Hub 15 SP4:syslog-ng-devel-3.35.1-bp154.3.3.1
Ссылки
- CVE-2022-38725
- SUSE Bug 1207460