Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 891941 (CVE-2022-38725) - <app-admin/syslog-ng-3.38.1: integer overflow via crafted syslog input
Summary: <app-admin/syslog-ng-3.38.1: integer overflow via crafted syslog input
Status: RESOLVED FIXED
Alias: CVE-2022-38725
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Gentoo Security
URL: https://github.com/syslog-ng/syslog-n...
Whiteboard: A3 [glsa+]
Keywords: PullRequest
Depends on:
Blocks:
 
Reported: 2023-01-24 13:47 UTC by John Helmert III
Modified: 2023-05-03 09:56 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-01-24 13:47:12 UTC
CVE-2022-38725 (https://lists.balabit.hu/pipermail/syslog-ng/):

An integer overflow in the RFC3164 parser in One Identity syslog-ng 3.0 through 3.37 allows remote attackers to cause a Denial of Service via crafted syslog input that is mishandled by the tcp or network function. syslog-ng Premium Edition 7.0.30 and syslog-ng Store Box 6.10.0 are also affected.

3.38.1 is fixed according to URL, despite the CVE description. Please
cleanup.
Comment 1 Larry the Git Cow gentoo-dev 2023-01-25 18:47:23 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=abcb71065cf5467a99a07a701a366eb896adb341

commit abcb71065cf5467a99a07a701a366eb896adb341
Author:     Tomáš Mózes <hydrapolic@gmail.com>
AuthorDate: 2023-01-25 15:13:28 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2023-01-25 18:46:33 +0000

    app-admin/syslog-ng: drop vulnerable
    
    Bug: https://bugs.gentoo.org/891941
    Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com>
    Closes: https://github.com/gentoo/gentoo/pull/29266
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 app-admin/syslog-ng/Manifest                |   4 -
 app-admin/syslog-ng/syslog-ng-3.34.1.ebuild | 173 ----------------------------
 app-admin/syslog-ng/syslog-ng-3.35.1.ebuild | 173 ----------------------------
 app-admin/syslog-ng/syslog-ng-3.36.1.ebuild | 173 ----------------------------
 app-admin/syslog-ng/syslog-ng-3.37.1.ebuild | 173 ----------------------------
 5 files changed, 696 deletions(-)
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-01-25 18:49:42 UTC
Thanks!
Comment 3 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-01-25 18:56:02 UTC
GLSA request filed
Comment 4 Larry the Git Cow gentoo-dev 2023-05-03 09:54:37 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=9b04ca771249447e346899b376cdb78444b85879

commit 9b04ca771249447e346899b376cdb78444b85879
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2023-05-03 09:52:45 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2023-05-03 09:54:22 +0000

    [ GLSA 202305-09 ] syslog-ng: Denial of Service
    
    Bug: https://bugs.gentoo.org/891941
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Sam James <sam@gentoo.org>

 glsa-202305-09.xml | 42 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 42 insertions(+)