syslog-ng OSE 2.1.4 released
Hi, I've released syslog-ng OSE 2.1.4 with the following changes: 2.1.4 Tue, 17 Mar 2009 13:35:00 +0100 Bugfixes: * Fixed a possible DoS condition triggered by a destination port unreachable ICMP packet received from a UDP destination. syslog-ng started eating all available memory and CPU until it crashed if this happened. * Fixed the rate at which files regular were read using the file() source. * Report connection breaks as a write error instead of reporting POLLERR as the write error path reports more sensible information in the logs. The release is available at: https://www.balabit.com/network-security/syslog-ng/opensource-logging-system... -- Bazsi
Hello, May I ask a question, please? In syslog-ng Vers. 3.0.2 there is a fix for a potential DoS condition related to character conversion eating up unlimited memory. Does Version 2.1.4 or previous versions have the same vulnerability, or does it only affect version 3 ? Many Thanks Werner
On Tue, 2009-05-26 at 10:32 +0200, CentralRegion IPAdmin wrote:
Hello,
May I ask a question, please? In syslog-ng Vers. 3.0.2 there is a fix for a potential DoS condition related to character conversion eating up unlimited memory. Does Version 2.1.4 or previous versions have the same vulnerability, or does it only affect version 3 ? Many Thanks
No, that version didn't have character encoding support. -- Bazsi
2009/3/17 Balazs Scheidler <bazsi@balabit.hu>:
Hi,
I've released syslog-ng OSE 2.1.4 with the following changes:
2.1.4 Tue, 17 Mar 2009 13:35:00 +0100
Bugfixes: * Fixed a possible DoS condition triggered by a destination port unreachable ICMP packet received from a UDP destination. syslog-ng started eating all available memory and CPU until it crashed if this happened.
Hi there, I'm experiencing an issue with an unreachable UDP destination. CPU is at 100% because of syslog-ng, and strace gives: poll([{fd=6, events=0}, {fd=7, events=0}, {fd=14, events=0}, {fd=11, events=POLLOUT}, {fd=27, events=0}, {fd=12, events=0}, {fd=28, events=0}, {fd=18, events=0}, {fd=29, events=0}, {fd=30, events=0}, {fd=24, events=0}, {fd=31, events=0}, {fd=32, events=0}, {fd=33, events=0}, {fd=13, events=0}, {fd=5, events=0}, {fd=16, events=0}, {fd=17, events=0}, {fd=15, events=0}, {fd=9, events=0}, {fd=10, events=0}, {fd=8, events=0}, {fd=22, events=0}, {fd=23, events=0}, {fd=19, events=0}, {fd=21, events=0}, {fd=4, events=POLLIN}, {fd=3, events=POLLIN}], 28, 117196) = 1 ([{fd=30, revents=POLLERR}]) poll([{fd=6, events=0}, {fd=7, events=0}, {fd=14, events=0}, {fd=11, events=POLLOUT}, {fd=27, events=0}, {fd=12, events=0}, {fd=28, events=0}, {fd=18, events=0}, {fd=29, events=0}, {fd=30, events=0}, {fd=24, events=0}, {fd=31, events=0}, {fd=32, events=0}, {fd=33, events=0}, {fd=13, events=0}, {fd=5, events=0}, {fd=16, events=0}, {fd=17, events=0}, {fd=15, events=0}, {fd=9, events=0}, {fd=10, events=0}, {fd=8, events=0}, {fd=22, events=0}, {fd=23, events=0}, {fd=19, events=0}, {fd=21, events=0}, {fd=4, events=POLLIN}, {fd=3, events=POLLIN}], 28, 117196) = 1 ([{fd=30, revents=POLLERR}]) poll([{fd=6, events=0}, {fd=7, events=0}, {fd=14, events=0}, {fd=11, events=POLLOUT}, {fd=27, events=0}, {fd=12, events=0}, {fd=28, events=0}, {fd=18, events=0}, {fd=29, events=0}, {fd=30, events=0}, {fd=24, events=0}, {fd=31, events=0}, {fd=32, events=0}, {fd=33, events=0}, {fd=13, events=0}, {fd=5, events=0}, {fd=16, events=0}, {fd=17, events=0}, {fd=15, events=0}, {fd=9, events=0}, {fd=10, events=0}, {fd=8, events=0}, {fd=22, events=0}, {fd=23, events=0}, {fd=19, events=0}, {fd=21, events=0}, {fd=4, events=POLLIN}, {fd=3, events=POLLIN}], 28, 117196) = 1 ([{fd=30, revents=POLLERR}]) poll([{fd=6, events=0}, {fd=7, events=0}, {fd=14, events=0}, {fd=11, events=POLLOUT}, {fd=27, events=0}, {fd=12, events=0}, {fd=28, events=0}, {fd=18, events=0}, {fd=29, events=0}, {fd=30, events=0}, {fd=24, events=0}, {fd=31, events=0}, {fd=32, events=0}, {fd=33, events=0}, {fd=13, events=0}, {fd=5, events=0}, {fd=16, events=0}, {fd=17, events=0}, {fd=15, events=0}, {fd=9, events=0}, {fd=10, events=0}, {fd=8, events=0}, {fd=22, events=0}, {fd=23, events=0}, {fd=19, events=0}, {fd=21, events=0}, {fd=4, events=POLLIN}, {fd=3, events=POLLIN}], 28, 117196) = 1 ([{fd=30, revents=POLLERR}]) poll([{fd=6, events=0}, {fd=7, events=0}, {fd=14, events=0}, {fd=11, events=POLLOUT}, {fd=27, events=0}, {fd=12, events=0}, {fd=28, events=0}, {fd=18, events=0}, {fd=29, events=0}, {fd=30, events=0}, {fd=24, events=0}, {fd=31, events=0}, {fd=32, events=0}, {fd=33, events=0}, {fd=13, events=0}, {fd=5, events=0}, {fd=16, events=0}, {fd=17, events=0}, {fd=15, events=0}, {fd=9, events=0}, {fd=10, events=0}, {fd=8, events=0}, {fd=22, events=0}, {fd=23, events=0}, {fd=19, events=0}, {fd=21, events=0}, {fd=4, events=POLLIN}, {fd=3, events=POLLIN}], 28, 117195) = 1 ([{fd=30, revents=POLLERR}]) Does the above-mentioned change in 2.1.4 fix this? I'm using 2.0.9 right now. Is there a patch available somewhere so that I can backport the change? I couldn't find a source repository on your site. BTW: Why are there so many versions of syslog-ng? 2.0.x, 2.1.x, 3.0.x... Debian and Ubuntu are still at 2.0.9. Thanks in advance, and keep up the good work! -- Jean-Baptiste Quenot http://jbq.caraldi.com/
On Tue, 2009-06-16 at 11:21 +0200, Jean-Baptiste Quenot wrote:
BTW: Why are there so many versions of syslog-ng? 2.0.x, 2.1.x, 3.0.x... Debian and Ubuntu are still at 2.0.9.
Read http://bazsi.blogs.balabit.com/2009/05/syslog-ng-40-roadmap-plus-release.htm...
2009/6/16 Vincent Panel <vincent.panel@telindus.be>:
On Tue, 2009-06-16 at 11:21 +0200, Jean-Baptiste Quenot wrote:
BTW: Why are there so many versions of syslog-ng? 2.0.x, 2.1.x, 3.0.x... Debian and Ubuntu are still at 2.0.9.
Read http://bazsi.blogs.balabit.com/2009/05/syslog-ng-40-roadmap-plus-release.htm...
Thanks for the hint. I think this commit might be what I'm looking for: http://git.balabit.hu/?p=bazsi/syslog-ng-2.1.git;a=commit;h=13c3a01fea103040... [afsocket] in case of a broken destination connection, set the write fd to NULL The problem with leaving the destination fd set in this case is that it's going to be polled, which in turn will trigger POLLERR again, which in turn generates a bunch of messages thus creating a huge memory usage. Reported-By: Otto Berger Cheers, -- Jean-Baptiste Quenot http://jbq.caraldi.com/
participants (4)
-
Balazs Scheidler
-
CentralRegion IPAdmin
-
Jean-Baptiste Quenot
-
Vincent Panel