This bug was fixed in the package syslog-ng - 2.0.0-1ubuntu0.1
---------------
syslog-ng (2.0.0-1ubuntu0.1) feisty-security; urgency=low
* SECURITY UPDATE: Allows remote attackers to cause a denial of service
(crash) via a message with a timestamp that does not contain a trailing
space, which triggers a NULL pointer dereference.
* src/logmsg.c (log_msg_parse): fixed possible NULL pointer dereference
in log message parsing, as done in upstream RCS
* References:
-
http://git.balabit.hu/?p=bazsi/syslog-ng-2.0.git;a=commitdiff;h=3126ebad217e7fd6356f4733ca33f571aa87a170
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6437
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=457334
* Closes lp: #183389
* Updated maintainer fields
-- [EMAIL PROTECTED] (Cody A.W. Somerville) Tue, 15 Jan 2008
17:30:40 -0800
--
[SECURITY] CVE-2007-6437 prone to denial of service attack
https://bugs.launchpad.net/bugs/183389
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
