Package: syslog-ng
Severity: grave
Tags: security patch

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for syslog-ng.

CVE-2007-6437[0]:
| Balabit syslog-ng 2.0.x before 2.0.6 and 2.1.x before 2.1.8 allows
| remote attackers to cause a denial of service (crash) via a message
| with a timestamp that does not contain a trailing space, which
| triggers a NULL pointer dereference.

The upstream patch is available on:
http://git.balabit.hu/?p=bazsi/syslog-ng-2.0.git;a=commitdiff;h=3126ebad217e7fd6356f4733ca33f571aa87a170

If you fix this vulnerability please also include the CVE id
in your changelog entry.

For further information:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6437

Kind regards
Nico

-- 
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

Attachment: pgp4bUoawBHJ4.pgp
Description: PGP signature

Reply via email to