SECURITY: Fedora 36 Update: syslog-ng-3.35.1-4.fc36
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2023-43eb573065
2023-02-15 01:19:12.058970
--------------------------------------------------------------------------------
Name : syslog-ng
Product : Fedora 36
Version : 3.35.1
Release : 4.fc36
URL : https://www.syslog-ng.com/products/open-source-log-management/
Summary : Next-generation syslog server
Description :
syslog-ng is an enhanced log daemon, supporting a wide range of input and
output methods: syslog, unstructured text, message queues, databases (SQL
and NoSQL alike) and more.
Key features:
* receive and send RFC3164 and RFC5424 style syslog messages
* work with any kind of unstructured data
* receive and send JSON formatted messages
* classify and structure logs with builtin parsers (csv-parser(),
db-parser(), ...)
* normalize, crunch and process logs as they flow through the system
* hand on messages for further processing using message queues (like
AMQP), files or databases (like PostgreSQL or MongoDB).
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2022-38725
--------------------------------------------------------------------------------
ChangeLog:
* Mon Feb 6 2023 Peter Czanik - 3.35.1-4
- add 4110.diff to fix CVE-2022-38725
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2164618 - CVE-2022-38725 syslog-ng: integer overflow in the RFC3164 parser can lead to DoS
https://bugzilla.redhat.com/show_bug.cgi?id=2164618
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2023-43eb573065' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
A syslog-ng security update has been released for Fedora 36.