[syslog-ng-announce] syslog-ng 2.1.3 has been released

devel at balabit.hu devel at balabit.hu
Wed Nov 26 14:02:12 CET 2008

PACKAGE             : syslog-ng
VERSION             : 2.1.3
SUMMARY             : new stable release
DATE                : Nov 26, 2008


  A new stable version of syslog-ng Open Source Edition (2.1.3) has been
  released. For latest fixes in the 2.1.x branch you are recommended to
  upgrade to this version.


        NOTE: this release fixes a security problem CVE-2008-5110, see the
        changelog below for more details.

        * Fixed chroot() support to change into the chrooted directory after
          chroot is invoked. This fixes the security problem CVE-2008-5110.
          NOTE: this vulnerability is not exploitable on its own, it only
          makes breaking out of the jail somewhat easier. Please also NOTE
          that, even with this patch applied, it is still possible to
          break out of the jail if syslog-ng is running as root.
        * Fixed the code to resolve usernames, 2.1.2 had a regression which
          caused all username lookups to fail.


  If you have a binary subscription, you can download the latest binaries


  OR, if you have a platform that is supported by apt-get, use the following
  apt sources to fetch the latest releases:

  Debian GNU/Linux


    deb https://USERNAME:PASSWORD@apt.balabit.com/syslog-ng/open-source/ debian-sarge/syslog-ng-2.1 syslog-ng


    deb https://USERNAME:PASSWORD@apt.balabit.com/syslog-ng/open-source/ debian-etch/syslog-ng-2.1 syslog-ng

  RedHat Enterprise Linux


    rpm https://USERNAME:PASSWORD@apt.balabit.com/syslog-ng/open-source/ rhel-4/syslog-ng-2.1 syslog-ng

  SUSE 10

  SUSE 10.0

    rpm https://USERNAME:PASSWORD@apt.balabit.com/syslog-ng/open-source/ suse-10.0/syslog-ng-2.1 syslog-ng

  SUSE 10.1

    rpm https://USERNAME:PASSWORD@apt.balabit.com/syslog-ng/open-source/ suse-10.1/syslog-ng-2.1 syslog-ng

  HTTP can also be used in the place of HTTPS If your version of apt-get
  does not support the HTTPS protocol. When using plain HTTP,
  the username and password will not be encrypted.


  The latest versions of syslog-ng in source format can be found at:


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: not available
Url : http://lists.balabit.hu/pipermail/syslog-ng-announce/attachments/20081126/b9452fa0/attachment.pgp 

More information about the syslog-ng-announce mailing list