Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 891941 (CVE-2022-38725)

Summary: <app-admin/syslog-ng-3.38.1: integer overflow via crafted syslog input
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: hydrapolic, proxy-maint
Priority: Normal Keywords: PullRequest
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://github.com/syslog-ng/syslog-ng/security/advisories/GHSA-7932-4fc6-pvmc
See Also: https://github.com/gentoo/gentoo/pull/29266
Whiteboard: A3 [glsa+]
Package list:
Runtime testing required: ---

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-01-24 13:47:12 UTC
CVE-2022-38725 (https://lists.balabit.hu/pipermail/syslog-ng/):

An integer overflow in the RFC3164 parser in One Identity syslog-ng 3.0 through 3.37 allows remote attackers to cause a Denial of Service via crafted syslog input that is mishandled by the tcp or network function. syslog-ng Premium Edition 7.0.30 and syslog-ng Store Box 6.10.0 are also affected.

3.38.1 is fixed according to URL, despite the CVE description. Please
cleanup.
Comment 1 Larry the Git Cow gentoo-dev 2023-01-25 18:47:23 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=abcb71065cf5467a99a07a701a366eb896adb341

commit abcb71065cf5467a99a07a701a366eb896adb341
Author:     Tomáš Mózes <hydrapolic@gmail.com>
AuthorDate: 2023-01-25 15:13:28 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2023-01-25 18:46:33 +0000

    app-admin/syslog-ng: drop vulnerable
    
    Bug: https://bugs.gentoo.org/891941
    Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com>
    Closes: https://github.com/gentoo/gentoo/pull/29266
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 app-admin/syslog-ng/Manifest                |   4 -
 app-admin/syslog-ng/syslog-ng-3.34.1.ebuild | 173 ----------------------------
 app-admin/syslog-ng/syslog-ng-3.35.1.ebuild | 173 ----------------------------
 app-admin/syslog-ng/syslog-ng-3.36.1.ebuild | 173 ----------------------------
 app-admin/syslog-ng/syslog-ng-3.37.1.ebuild | 173 ----------------------------
 5 files changed, 696 deletions(-)
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-01-25 18:49:42 UTC
Thanks!
Comment 3 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-01-25 18:56:02 UTC
GLSA request filed
Comment 4 Larry the Git Cow gentoo-dev 2023-05-03 09:54:37 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=9b04ca771249447e346899b376cdb78444b85879

commit 9b04ca771249447e346899b376cdb78444b85879
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2023-05-03 09:52:45 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2023-05-03 09:54:22 +0000

    [ GLSA 202305-09 ] syslog-ng: Denial of Service
    
    Bug: https://bugs.gentoo.org/891941
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Sam James <sam@gentoo.org>

 glsa-202305-09.xml | 42 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 42 insertions(+)