syslog-ng-3.8.1-2.2 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10493 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z syslog-ng-3.8.1-2.2 on GA media These are all security issues fixed in the syslog-ng-3.8.1-2.2 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10493 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:10493 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2011-0343/ SUSE CVE CVE-2011-0343 page https://www.suse.com/security/cve/CVE-2011-1951/ SUSE CVE CVE-2011-1951 page openSUSE Tumbleweed syslog-ng-3.8.1-2.2 syslog-ng-curl-3.8.1-2.2 syslog-ng-devel-3.8.1-2.2 syslog-ng-geoip-3.8.1-2.2 syslog-ng-java-3.8.1-2.2 syslog-ng-python-3.8.1-2.2 syslog-ng-redis-3.8.1-2.2 syslog-ng-smtp-3.8.1-2.2 syslog-ng-sql-3.8.1-2.2 syslog-ng-3.8.1-2.2 as a component of openSUSE Tumbleweed syslog-ng-curl-3.8.1-2.2 as a component of openSUSE Tumbleweed syslog-ng-devel-3.8.1-2.2 as a component of openSUSE Tumbleweed syslog-ng-geoip-3.8.1-2.2 as a component of openSUSE Tumbleweed syslog-ng-java-3.8.1-2.2 as a component of openSUSE Tumbleweed syslog-ng-python-3.8.1-2.2 as a component of openSUSE Tumbleweed syslog-ng-redis-3.8.1-2.2 as a component of openSUSE Tumbleweed syslog-ng-smtp-3.8.1-2.2 as a component of openSUSE Tumbleweed syslog-ng-sql-3.8.1-2.2 as a component of openSUSE Tumbleweed Balabit syslog-ng 2.0, 3.0, 3.1, 3.2 OSE and PE, when running on FreeBSD or HP-UX, does not properly perform cast operations, which causes syslog-ng to use a default value of -1 to create log files with insecure permissions (07777), which allows local users to read and write to these log files. CVE-2011-0343 openSUSE Tumbleweed:syslog-ng-3.8.1-2.2 openSUSE Tumbleweed:syslog-ng-curl-3.8.1-2.2 openSUSE Tumbleweed:syslog-ng-devel-3.8.1-2.2 openSUSE Tumbleweed:syslog-ng-geoip-3.8.1-2.2 openSUSE Tumbleweed:syslog-ng-java-3.8.1-2.2 openSUSE Tumbleweed:syslog-ng-python-3.8.1-2.2 openSUSE Tumbleweed:syslog-ng-redis-3.8.1-2.2 openSUSE Tumbleweed:syslog-ng-smtp-3.8.1-2.2 openSUSE Tumbleweed:syslog-ng-sql-3.8.1-2.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-0343.html CVE-2011-0343 lib/logmatcher.c in Balabit syslog-ng before 3.2.4, when the global flag is set and when using PCRE 8.12 and possibly other versions, allows remote attackers to cause a denial of service (memory consumption) via a message that does not match a regular expression. CVE-2011-1951 openSUSE Tumbleweed:syslog-ng-3.8.1-2.2 openSUSE Tumbleweed:syslog-ng-curl-3.8.1-2.2 openSUSE Tumbleweed:syslog-ng-devel-3.8.1-2.2 openSUSE Tumbleweed:syslog-ng-geoip-3.8.1-2.2 openSUSE Tumbleweed:syslog-ng-java-3.8.1-2.2 openSUSE Tumbleweed:syslog-ng-python-3.8.1-2.2 openSUSE Tumbleweed:syslog-ng-redis-3.8.1-2.2 openSUSE Tumbleweed:syslog-ng-smtp-3.8.1-2.2 openSUSE Tumbleweed:syslog-ng-sql-3.8.1-2.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-1951.html CVE-2011-1951 https://bugzilla.suse.com/697374 SUSE Bug 697374