[syslog-ng] syslog-ng 2.0.10 has been released
devel at balabit.hu
devel at balabit.hu
Wed Nov 26 14:02:11 CET 2008
------------------------------------------------------------------------------
PACKAGE : syslog-ng
VERSION : 2.0.10
SUMMARY : new stable release
DATE : Nov 26, 2008
------------------------------------------------------------------------------
DESCRIPTION:
A new stable version of syslog-ng Open Source Edition (2.0.10) has been
released. For latest fixes in the 2.0.x branch you are recommended to
upgrade to this version.
CHANGES:
NOTE: this release fixes a security problem CVE-2008-5110, see the
changelog below for more details.
Bugfixes:
* Fixed Solaris door support, the door portion of
sun-streams() sources did not work in previous releases, as the
door specific thread was lost through the fork() call used to
background syslog-ng.
* Fixed a possible segfault if non-existing, optional source files
are present in the configuration.
* Fixed the internal representation of "facility" values, earlier an
8 bit value was used for both the priority and facility values,
and although systems do not define facilities in this range,
the LOG_FACMASK macro defines two additional bits. The type of
this field was changed to 16 bits.
* Fixed a possible 100% CPU usage case on HP-UX. HP-UX may return
POLLERR on its own without the other flags set, this was not
properly handled by syslog-ng, causing it to spin on the CPU.
* Fixed chroot() support to change into the chrooted directory after
chroot is invoked. This fixes the security problem CVE-2008-5110.
NOTE: this vulnerability is not exploitable on its own, it only
makes breaking out of the jail somewhat easier. Please also NOTE
that, even with this patch applied, it is still possible to
break out of the jail if syslog-ng is running as root.
BINARY DOWNLOAD:
If you have a binary subscription, you can download the latest binaries
from:
http://www.balabit.com/network-security/syslog-ng/opensource-logging-system/upgrades/
OR, if you have a platform that is supported by apt-get, use the following
apt sources to fetch the latest releases:
Debian GNU/Linux
----------------
sarge:
deb https://USERNAME:PASSWORD@apt.balabit.com/syslog-ng/open-source/ debian-sarge/syslog-ng-2.0 syslog-ng
etch:
deb https://USERNAME:PASSWORD@apt.balabit.com/syslog-ng/open-source/ debian-etch/syslog-ng-2.0 syslog-ng
RedHat Enterprise Linux
-----------------------
RHEL-4
rpm https://USERNAME:PASSWORD@apt.balabit.com/syslog-ng/open-source/ rhel-4/syslog-ng-2.0 syslog-ng
SUSE 10
-------
SUSE 10.0
rpm https://USERNAME:PASSWORD@apt.balabit.com/syslog-ng/open-source/ suse-10.0/syslog-ng-2.0 syslog-ng
SUSE 10.1
rpm https://USERNAME:PASSWORD@apt.balabit.com/syslog-ng/open-source/ suse-10.1/syslog-ng-2.0 syslog-ng
HTTP can also be used in the place of HTTPS If your version of apt-get
does not support the HTTPS protocol. When using plain HTTP,
the username and password will not be encrypted.
SOURCE DOWNLOAD:
The latest versions of syslog-ng in source format can be found at:
http://www.balabit.com/downloads/files/syslog-ng/sources/2.0/src/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: not available
Url : http://lists.balabit.hu/pipermail/syslog-ng/attachments/20081126/267f5778/attachment.pgp
More information about the syslog-ng
mailing list