[syslog-ng] syslog-ng 2.1.3 has been released

------------------------------------------------------------------------------ PACKAGE : syslog-ng VERSION : 2.1.3 SUMMARY : new stable release DATE : Nov 26, 2008 ------------------------------------------------------------------------------ DESCRIPTION: A new stable version of syslog-ng Open Source Edition (2.1.3) has been released. For latest fixes in the 2.1.x branch you are recommended to upgrade to this version. CHANGES: NOTE: this release fixes a security problem CVE-2008-5110, see the changelog below for more details. Bugfixes: * Fixed chroot() support to change into the chrooted directory after chroot is invoked. This fixes the security problem CVE-2008-5110. NOTE: this vulnerability is not exploitable on its own, it only makes breaking out of the jail somewhat easier. Please also NOTE that, even with this patch applied, it is still possible to break out of the jail if syslog-ng is running as root. * Fixed the code to resolve usernames, 2.1.2 had a regression which caused all username lookups to fail. BINARY DOWNLOAD: If you have a binary subscription, you can download the latest binaries from: http://www.balabit.com/network-security/syslog-ng/opensource-logging-system/... OR, if you have a platform that is supported by apt-get, use the following apt sources to fetch the latest releases: Debian GNU/Linux ---------------- sarge: deb https://USERNAME:PASSWORD@apt.balabit.com/syslog-ng/open-source/ debian-sarge/syslog-ng-2.1 syslog-ng etch: deb https://USERNAME:PASSWORD@apt.balabit.com/syslog-ng/open-source/ debian-etch/syslog-ng-2.1 syslog-ng RedHat Enterprise Linux ----------------------- RHEL-4 rpm https://USERNAME:PASSWORD@apt.balabit.com/syslog-ng/open-source/ rhel-4/syslog-ng-2.1 syslog-ng SUSE 10 ------- SUSE 10.0 rpm https://USERNAME:PASSWORD@apt.balabit.com/syslog-ng/open-source/ suse-10.0/syslog-ng-2.1 syslog-ng SUSE 10.1 rpm https://USERNAME:PASSWORD@apt.balabit.com/syslog-ng/open-source/ suse-10.1/syslog-ng-2.1 syslog-ng HTTP can also be used in the place of HTTPS If your version of apt-get does not support the HTTPS protocol. When using plain HTTP, the username and password will not be encrypted. SOURCE DOWNLOAD: The latest versions of syslog-ng in source format can be found at: http://www.balabit.com/downloads/files/syslog-ng/sources/2.1/src/