------------------------------------------------------------------------------ PACKAGE : syslog-ng Premium Edition VERSION : 3.0.1b SUMMARY : new stable release DATE : Nov 26, 2008 ------------------------------------------------------------------------------ DESCRIPTION: A new stable version of syslog-ng Premium Edition (3.0.1b) has been released. For latest fixes in the 3.0.x branch you are recommended to upgrade to this version. CHANGES: 3.0.1b Wed, 19 Nov 2008 13:15:16 +0100 NOTE: this release fixes a security problem CVE-2008-5110, see the changelog below for more details. Bugfixes: * UNIX domain socket connect/disconnect events are only logged in verbose mode to avoid cluttering the system log. * Fixed a possible 100% CPU usage case on HP-UX. HP-UX may return POLLERR on its own without the other flags set, this was not properly handled by syslog-ng, causing it to spin on the CPU. * Fixed chroot() support to change into the chrooted directory after chroot is invoked. This fixes the security problem CVE-2008-5110. NOTE: this vulnerability is not exploitable on its own, it only makes breaking out of the jail somewhat easier. Please also NOTE that, even with this patch applied, it is still possible to break out of the jail if syslog-ng is running as root. DOWNLOAD: Download the latest binaries from: http://www.balabit.com/network-security/syslog-ng/central-syslog-server/upgr... Note that to download the binaries, you have to login into your MyBalaBit account. The documentation of the syslog-ng application is available in The syslog-ng 3.0 Administrator Guide at: http://www.balabit.com/support/documentation/?product=syslog-ng&type=all&language[en]=en&