Bug 709088 (CVE-2011-1951)
| Summary: | CVE-2011-1951 syslog-ng: DoS (excessive memory use) by processing certain pcre patterns | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Jan Lieskovsky <jlieskov> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | unspecified | CC: | jose.p.oliveira.oss, mrunge, rayvd, silfreed, vdanen |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2011-08-01 12:19:45 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 709092, 709093 | ||
| Bug Blocks: | |||
|
Description
Jan Lieskovsky
2011-05-30 15:13:24 UTC
CVE Request: [4] http://www.openwall.com/lists/oss-security/2011/05/26/1 This issue affects the versions of the syslog-ng package, as shipped with Fedora release of 13 and 14. This issue does not affect the version of the syslog-ng package, as shipped with Fedora 15 and as present within EPEL-6 repository. Those versions were already updated to upstream v3.2.4 version, addressing this vulnerability. Created syslog-ng tracking bugs for this issue Affects: fedora-14 [bug 709092] Affects: fedora-13 [bug 709093] The report indicates that this only affects syslog-ng when used with a newer pcre (8.12 or higher); we only have pcre 8.12 in Fedora 15. In Fedora 14 we have 8.10 and in Fedora 13 we have 7.8, so this issue should not affect on those platforms unless they upgrade pcre. Since it's unlikely that Fedora 13 will upgrade pcre at this point (although it might be possible yet for Fedora 14), I'm going to close the Fedora 13 tracker, but will keep the Fedora 14 tracker open. The CVE identifier of CVE-2011-1951 has been assigned to this issue. (In reply to comment #4) > The report indicates that this only affects syslog-ng when used with a newer > pcre (8.12 or higher); we only have pcre 8.12 in Fedora 15. In Fedora 14 we > have 8.10 and in Fedora 13 we have 7.8, so this issue should not affect on > those platforms unless they upgrade pcre. The syslog-ng v3.2.4 announcement: [1] https://lists.balabit.hu/pipermail/syslog-ng/2011-May/016576.html mentions it's hypothetically possible this may affect older versions too: "It is triggered by PCRE 8.12, but could potentially affect older versions too." Though not sure, how much that upstream statement being valid (didn't try it), would recommend to update all Fedora versions (i.e. also F-13 and F-14) just for case, there is some way how to trigger this. Only due the fact to be sure and on the safe side. > > Since it's unlikely that Fedora 13 will upgrade pcre at this point (although it > might be possible yet for Fedora 14), I'm going to close the Fedora 13 tracker, > but will keep the Fedora 14 tracker open. Upstream patch for syslog-ng 3.1: * http://git.balabit.hu/?p=bazsi/syslog-ng-3.1.git;a=commitdiff;h=35de55e53dd653c50c8da5daf41a99ab22e7e8aa Relevant mailing list thread (and mails): * [syslog-ng] rewrite problem https://lists.balabit.hu/pipermail/syslog-ng/2011-April/016444.html https://lists.balabit.hu/pipermail/syslog-ng/2011-May/016503.html https://lists.balabit.hu/pipermail/syslog-ng/2011-May/016537.html Closing ticket (errata information for F13 and F14 available in tickets #709092 and #709093). |