[syslog-ng-announce] syslog-ng Premium Edition 2.1.11d has been released
devel at balabit.hu
devel at balabit.hu
Wed Nov 26 14:02:15 CET 2008
------------------------------------------------------------------------------
PACKAGE : syslog-ng Premium Edition
VERSION : 2.1.11d
SUMMARY : new stable release
DATE : Nov 26, 2008
------------------------------------------------------------------------------
DESCRIPTION:
A new stable version of syslog-ng Premium Edition (2.1.11d) has been
released. For latest fixes in the 2.1.x branch you are recommended to
upgrade to this version.
CHANGES:
NOTE: this release fixes a security problem CVE-2008-5110, see the
changelog below for more details.
Bugfixes:
* Fixed chroot() support to change into the chrooted directory after
chroot is invoked. This fixes the security problem CVE-2008-5110.
NOTE: this vulnerability is not exploitable on its own, it only
makes breaking out of the jail somewhat easier. Please also NOTE
that, even with this patch applied, it is still possible to
break out of the jail if syslog-ng is running as root.
DOWNLOAD:
Download the latest binaries from:
https://www.balabit.com/network-security/syslog-ng/central-syslog-server/upgrades/
Note that to download the binaries, you have to login into your MyBalaBit
account.
The documentation of the syslog-ng application is available in
The syslog-ng 2.0 Administrator Guide at:
http://www.balabit.com/support/documentation/?product=syslog-ng&type=all&language[en]=en&
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: not available
Url : http://lists.balabit.hu/pipermail/syslog-ng-announce/attachments/20081126/181626c1/attachment.pgp
More information about the syslog-ng-announce
mailing list