[SECURITY] [DLA 3348-1] syslog-ng security update

2023-02-2823:32:03

lists.debian.org

syslog-ng

security update

integer overflow

buffer out-of-bounds

remote attacker

denial of service

debian 10

buster

cve-2022-38725

security tracker

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.5 High

AI Score

Confidence

High

0.008 Low

EPSS

Percentile

82.2%

JSON

Debian LTS Advisory DLA-3348-1 [email protected]
https://www.debian.org/lts/security/ Guilhem Moulin
March 01, 2023 https://wiki.debian.org/LTS

Package : syslog-ng
Version : 3.19.1-5+deb10u1
CVE ID : CVE-2022-38725

It was discovered that syslog-ng, a system logging daemon, had integer
overflow and buffer out-of-bounds issues, which could allow a remote
attacker to cause Denial of Service via crafted syslog input.

For Debian 10 buster, this problem has been fixed in version
3.19.1-5+deb10u1.

We recommend that you upgrade your syslog-ng packages.

For the detailed security status of syslog-ng please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/syslog-ng

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
Attachment:
signature.asc
Description: PGP signature

OSVersionArchitecturePackageVersionFilename
Debian11mipselsyslog-ng-mod-getent< 3.28.1-2+deb11u1syslog-ng-mod-getent_3.28.1-2+deb11u1_mipsel.deb
Debian11armhfsyslog-ng-mod-slog< 3.28.1-2+deb11u1syslog-ng-mod-slog_3.28.1-2+deb11u1_armhf.deb
Debian11mipselsyslog-ng-mod-map-value-pairs< 3.28.1-2+deb11u1syslog-ng-mod-map-value-pairs_3.28.1-2+deb11u1_mipsel.deb
Debian11mips64elsyslog-ng-mod-mongodb< 3.28.1-2+deb11u1syslog-ng-mod-mongodb_3.28.1-2+deb11u1_mips64el.deb
Debian11i386syslog-ng-mod-slog< 3.28.1-2+deb11u1syslog-ng-mod-slog_3.28.1-2+deb11u1_i386.deb
Debian11mipselsyslog-ng-mod-mongodb< 3.28.1-2+deb11u1syslog-ng-mod-mongodb_3.28.1-2+deb11u1_mipsel.deb
Debian11mipselsyslog-ng-mod-smtp< 3.28.1-2+deb11u1syslog-ng-mod-smtp_3.28.1-2+deb11u1_mipsel.deb
Debian11arm64syslog-ng-mod-riemann< 3.28.1-2+deb11u1syslog-ng-mod-riemann_3.28.1-2+deb11u1_arm64.deb
Debian11ppc64elsyslog-ng-mod-stomp< 3.28.1-2+deb11u1syslog-ng-mod-stomp_3.28.1-2+deb11u1_ppc64el.deb
Debian11armelsyslog-ng-mod-map-value-pairs< 3.28.1-2+deb11u1syslog-ng-mod-map-value-pairs_3.28.1-2+deb11u1_armel.deb

OS	Version	Architecture	Package	Version	Filename
Debian	11	mipsel	syslog-ng-mod-getent	< 3.28.1-2+deb11u1	syslog-ng-mod-getent_3.28.1-2+deb11u1_mipsel.deb
Debian	11	armhf	syslog-ng-mod-slog	< 3.28.1-2+deb11u1	syslog-ng-mod-slog_3.28.1-2+deb11u1_armhf.deb
Debian	11	mipsel	syslog-ng-mod-map-value-pairs	< 3.28.1-2+deb11u1	syslog-ng-mod-map-value-pairs_3.28.1-2+deb11u1_mipsel.deb
Debian	11	mips64el	syslog-ng-mod-mongodb	< 3.28.1-2+deb11u1	syslog-ng-mod-mongodb_3.28.1-2+deb11u1_mips64el.deb
Debian	11	i386	syslog-ng-mod-slog	< 3.28.1-2+deb11u1	syslog-ng-mod-slog_3.28.1-2+deb11u1_i386.deb
Debian	11	mipsel	syslog-ng-mod-mongodb	< 3.28.1-2+deb11u1	syslog-ng-mod-mongodb_3.28.1-2+deb11u1_mipsel.deb
Debian	11	mipsel	syslog-ng-mod-smtp	< 3.28.1-2+deb11u1	syslog-ng-mod-smtp_3.28.1-2+deb11u1_mipsel.deb
Debian	11	arm64	syslog-ng-mod-riemann	< 3.28.1-2+deb11u1	syslog-ng-mod-riemann_3.28.1-2+deb11u1_arm64.deb
Debian	11	ppc64el	syslog-ng-mod-stomp	< 3.28.1-2+deb11u1	syslog-ng-mod-stomp_3.28.1-2+deb11u1_ppc64el.deb
Debian	11	armel	syslog-ng-mod-map-value-pairs	< 3.28.1-2+deb11u1	syslog-ng-mod-map-value-pairs_3.28.1-2+deb11u1_armel.deb