Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 369069 (CVE-2011-1951) - <app-admin/syslog-ng-3.2.4: Remote Denial of Service (CVE-2011-1951)
Summary: <app-admin/syslog-ng-3.2.4: Remote Denial of Service (CVE-2011-1951)
Alias: CVE-2011-1951
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal with 1 vote (vote)
Assignee: Gentoo Security
Whiteboard: A3 [glsa]
Depends on: 370845
  Show dependency tree
Reported: 2011-05-28 18:14 UTC by Tim Sammut (RETIRED)
Modified: 2014-12-12 00:38 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Tim Sammut (RETIRED) gentoo-dev 2011-05-28 18:14:31 UTC
From $URL:

        * A bug was found in the pcre implementation for subst(). If the
          "global" flag is specified and pcre returns an error, an infinite
          loop is created, consuming memory in the process. It is triggered
          by PCRE 8.12, but could potentially affect older versions too.

Michael, 3.2.4 is already in the tree. Is it suitable for stabilization?
Comment 1 Agostino Sarubbo gentoo-dev 2011-05-28 19:13:59 UTC

No problem with it on my server =)
Comment 2 Tim Sammut (RETIRED) gentoo-dev 2011-06-05 17:23:05 UTC
(In reply to comment #1)
> @tim 
> No problem with it on my server =)

Thanks, Agostino. ;)

Mr. Bones, ping?
Comment 3 Mr. Bones. (RETIRED) gentoo-dev 2011-06-09 17:21:59 UTC
added bug #370845 for the stablereq
Comment 4 Tim Sammut (RETIRED) gentoo-dev 2011-06-09 18:11:15 UTC
(In reply to comment #3)
> added bug #370845 for the stablereq

Great, thank you.
Comment 5 Tim Sammut (RETIRED) gentoo-dev 2011-07-09 18:32:12 UTC
Thanks, folks. GLSA request filed.
Comment 6 GLSAMaker/CVETool Bot gentoo-dev 2011-10-07 22:34:57 UTC
CVE-2011-1951 (
  lib/logmatcher.c in Balabit syslog-ng before 3.2.4, when the global flag is
  set and when using PCRE 8.12 and possibly other versions, allows remote
  attackers to cause a denial of service (memory consumption) via a message
  that does not match a regular expression.
Comment 7 Mr. Bones. (RETIRED) gentoo-dev 2013-05-10 22:42:16 UTC
what's the next step in getting this closed?
Comment 8 Sean Amoss (RETIRED) gentoo-dev Security 2014-11-09 16:30:08 UTC
(In reply to Mr. Bones. from comment #7)
> what's the next step in getting this closed?

Releasing a GLSA. 

Please read the note at the bottom of bugzilla about NOT closing security bugs.
Comment 9 Mr. Bones. (RETIRED) gentoo-dev 2014-11-09 17:29:49 UTC
Then get it done.  Three years makes a GLSA irrelevant.
Comment 10 GLSAMaker/CVETool Bot gentoo-dev 2014-12-12 00:38:04 UTC
This issue was resolved and addressed in
 GLSA 201412-09 at
by GLSA coordinator Sean Amoss (ackle).