Sicherheit: Mangelnde Eingabeprüfung in Syslog-ng - Pro-Linux

-------------------------------------------------------------------------------
-
Fedora Update Notification
FEDORA-2011-7176
2011-05-18 18:38:12
-------------------------------------------------------------------------------
-

Name        : syslog-ng
Product     : Fedora 15
Version     : 3.2.4
Release     : 3.fc15
URL         : http://www.balabit.com/network-security/syslog-ng
Summary     : Next-generation syslog server
Description :
syslog-ng, as the name shows, is a syslogd replacement, but with new
functionality for the new generation. The original syslogd allows
messages only to be sorted based on priority/facility pairs; syslog-ng
adds the possibility to filter based on message contents using regular
expressions. The new configuration scheme is intuitive and powerful.
Forwarding logs over TCP and remembering all forwarding hops makes it
ideal for firewalled environments.

-------------------------------------------------------------------------------
-
Update Information:

Fixes a PCRE-bug, cf. http://www.securityfocus.com/bid/47800
-------------------------------------------------------------------------------
-
ChangeLog:

* Mon May 16 2011 Jose Pedro Oliveira <jpo at di.uminho.pt> - 3.2.4-3
- Updated the homepage URL
- Syslog-ng data directory in %{_datadir}/%{name}
- Include the main library header files in the devel subpackage
* Thu May 12 2011 Jose Pedro Oliveira <jpo at di.uminho.pt> - 3.2.4-2
- No need to create the directory /etc/syslog-ng in the install section
- Enable the test suite (but excluding the SQL and SSL tests)
* Wed May 11 2011 Jose Pedro Oliveira <jpo at di.uminho.pt> - 3.2.4-1
- Update to 3.2.4
* Mon May  9 2011 Jose Pedro Oliveira <jpo at di.uminho.pt> - 3.2.3-5
- Overrided the default _localstatedir value (configure --localstatedir)
  (value hardcoded in update-patterndb)
- Manually created the patterndb.d configuration directory (update-patterndb)
  (see also https://bugzilla.balabit.com/show_bug.cgi?id=119 comments >= 4)
- Dropped support for Vim 7.0 and 7.1
* Mon May  9 2011 Jose Pedro Oliveira <jpo at di.uminho.pt> - 3.2.3-4
- Dropped the bison and flex build requirements
- Corrected a couple of macro references in changelog entries (rpmlint)
* Mon May  9 2011 Jose Pedro Oliveira <jpo at di.uminho.pt> - 3.2.3-3
- Added the build requirement systemd-units (macro %_unitdir)
  https://fedoraproject.org/wiki/Packaging:Guidelines:Systemd
- Dropped the redefinition of the %_localstatedir macro
- Use %global instead of %define
- Minor modifications of the %post, %preun and %postun scripts
  https://fedoraproject.org/wiki/Packaging:ScriptletSnippets#Systemd
- Expanded tabs to spaces (also added a vim modeline)
* Fri May  6 2011 Jose Pedro Oliveira <jpo at di.uminho.pt> - 3.2.3-2
- Fix systemd-related scriptlets (Bill Nottingham)
- Explicitly add --enable-systemd to configure's command line
* Mon May  2 2011 Jose Pedro Oliveira <jpo at di.uminho.pt> - 3.2.3-1
- updated to 3.2.3 final
- cleaned the sysconfig file
* Thu Apr 28 2011 Jose Pedro Oliveira <jpo at di.uminho.pt> -
 3.2.3-0.20110424.4
- downgrade the pcre minimal required version from 7.3 to 6.1 (#651823#c26)
- better compliance with the package guidelines
  (https://fedoraproject.org/wiki/Packaging:ScriptletSnippets#Systemd)
* Thu Apr 28 2011 Matthias Runge <mrunge@matthias-runge.de> -
 3.2.3-0.20110424.3
- honor pidfile
- disable ssl
- disable sql
* Tue Apr 26 2011 Matthias Runge <mrunge@matthias-runge.de> -
 3.2.3-0.20110424.2
- drop support for fedora without systemd
* Mon Apr 25 2011 Jose Pedro Oliveira <jpo at di.uminho.pt> -
 3.2.3-0.20110424.1
- change NVR to alert users that we have been using a syslog-ng v3.2 git
 snapshot
  (for systemd support)
* Mon Apr 25 2011 Jose Pedro Oliveira <jpo at di.uminho.pt> - 3.2.2-4
- re-introduces the "Provides: syslog" (#651823 comments 13, 15 and 21)
- rename the logrotate.d file back to syslog (#651823 comments 12, 15, 16 and
 21)
- cleans the sysconfig and logrotate file mess (#651823 comments 17, 20 and 21)
- spec code cleanup (#651823 comments 10 and 11)
- dropped duplicated eventlog-devel BR
* Thu Apr 21 2011 Matthias Runge <mrunge@matthias-runge.de> - 3.2.2-3
- systemd fixup
- more spec file cleanup,
- incorporate fixes from Jose Pedro Oliveira (#651823 comments 7 and 8)
* Wed Apr 20 2011 Matthias Runge <mrunge@matthias-runge.de> - 3.2.2-2
- spec cleanup
* Wed Apr 13 2011 Matthias Runge <mrunge@matthias-runge.de> - 3.2.2-1
- update to 3.2.2
- built from git snapshot
* Wed Apr  6 2011 Matthias Runge <mrunge@matthias-runge.de> - 3.2.1-3
- install to /sbin
- native systemd start script
* Thu Mar 17 2011 Matthias Runge <mrunge@matthias-runge.de> - 3.2.1-2
- finally move libs to correct place
- split out -devel subpackage
* Fri Mar  4 2011 Matthias Runge <mrunge@fedoraproject.org> - 3.2.1-1
- update to syslog-ng 3.2.1
-------------------------------------------------------------------------------
-

This update can be installed with the "yum" update program.  Use 
su -c 'yum update syslog-ng' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce