Date: Thu, 14 Nov 2002 17:25:03 -0200
From: secure@conectiva.com.br
To: conectiva-updates@papaleguas.conectiva.com.br, lwn@lwn.net,
Subject: [CLA-2002:547] Conectiva Linux Security Announcement - syslog-ng
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --------------------------------------------------------------------------
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --------------------------------------------------------------------------
PACKAGE : syslog-ng
SUMMARY : Buffer overflow vulnerability
DATE : 2002-11-14 17:24:00
ID : CLA-2002:547
RELEVANT
RELEASES : 8
- -------------------------------------------------------------------------
DESCRIPTION
syslog-ng[1] is a syslog replacement with several enhancements and
new features.
"syslog-ng" has a buffer overflow vulnerability[4] that could be
exploited by remote attackers if certain conditions are met.
The vulnerability lies in the code which deals with macro expansion
in the syslog-ng.conf configuration file. For example, one common
configuration which uses macros could be the following:
destination d_messages_by_host {file("/var/log/$HOST/messages");};
This configuration would replace the $HOST part with the hostname of
the machine sending the log. When dealing with this expansion,
syslog-ng fails to account for characters which are not part of the
macro, which leads to incorrect bounds checking and a possible buffer
overflow if there are enough non-macro characters being used.
Only users who use some sort of macro expansion in the configuration
file are vulnerable to this problem. This is not the default
configuration of the package.
SOLUTION
All syslog-ng users should upgrade their packages. This update
includes additional checks and fixes to this problem done by
Sebastian Krahmer from SuSE.
IMPORTANT: after the upgrade, please restart syslog-ng manually if it
was already running. To do so, run, as root, the following command:
/sbin/service syslog-ng restart
DIRECT DOWNLOAD LINKS TO THE UPDATED PACKAGES
ftp://atualizacoes.conectiva.com.br/8/SRPMS/syslog-ng-1.4.14-3U80_1cl.src.rpmftp://atualizacoes.conectiva.com.br/8/RPMS/syslog-ng-1.4.14-3U80_1cl.i386.rpm
ADDITIONAL INSTRUCTIONS
Users of Conectiva Linux version 6.0 or higher may use apt to perform
upgrades of RPM packages:
- add the following line to /etc/apt/sources.list if it is not there yet
(you may also use linuxconf to do this):
rpm [cncbr] ftp://atualizacoes.conectiva.com.br 6.0/conectiva updates
(replace 6.0 with the correct version number if you are not running CL6.0)
- run: apt-get update
- after that, execute: apt-get upgrade
Detailed instructions reagarding the use of apt and upgrade examples
can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en
- -------------------------------------------------------------------------
All packages are signed with Conectiva's GPG key. The key and instructions
on how to import it can be found at
http://distro.conectiva.com.br/seguranca/chave/?idioma=en
Instructions on how to check the signatures of the RPM packages can be
found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en
- -------------------------------------------------------------------------
All our advisories and generic update instructions can be viewed at
http://distro.conectiva.com.br/atualizacoes/?idioma=en
- -------------------------------------------------------------------------
subscribe: conectiva-updates-subscribe@papaleguas.conectiva.com.br
unsubscribe: conectiva-updates-unsubscribe@papaleguas.conectiva.com.br
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE90/iO42jd0JmAcZARAuPbAKDHVpcpEcWqsKkyrZCHyjVpRMCQdgCgpqRE
JtA8/kv/p61eVxmpKwwZpGk=
=40bM
-----END PGP SIGNATURE-----
