This bug was fixed in the package syslog-ng - 2.0.0-1ubuntu1.1
---------------
syslog-ng (2.0.0-1ubuntu1.1) gutsy-security; urgency=low
* SECURITY UPDATE: Allows remote attackers to cause a denial of service
(crash) via a message with a timestamp that does not contain a trailing
space, which triggers a NULL pointer dereference.
* src/logmsg.c (log_msg_parse): fixed possible NULL pointer dereference
in log message parsing, as done in upstream RCS
* References:
-
http://git.balabit.hu/?p=bazsi/syslog-ng-2.0.git;a=commitdiff;h=3126ebad217e7fd6356f4733ca33f571aa87a170
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6437
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=457334
* Closes lp: #183389
-- [EMAIL PROTECTED] (Cody A.W. Somerville) Tue, 15 Jan 2008
20:21:54 -0400
** Changed in: syslog-ng (Ubuntu Gutsy)
Status: Confirmed => Fix Released
** Changed in: syslog-ng (Ubuntu Feisty)
Status: Confirmed => Fix Released
--
[SECURITY] CVE-2007-6437 prone to denial of service attack
https://bugs.launchpad.net/bugs/183389
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
