A denial of service flaw was found in the way syslog-ng processed
certain log patterns, when 'global' flag was speficied and PCRE backend
was used for matching. A remote attacker could use this flaw to
cause excessive memory use by the syslog-ng process via specially-crafted
This issue affects the versions of the syslog-ng package, as shipped with
Fedora release of 13 and 14.
This issue does not affect the version of the syslog-ng package, as shipped
with Fedora 15 and as present within EPEL-6 repository. Those versions were
already updated to upstream v3.2.4 version, addressing this vulnerability.
Created syslog-ng tracking bugs for this issue
Affects: fedora-14 [bug 709092]
Affects: fedora-13 [bug 709093]
The report indicates that this only affects syslog-ng when used with a newer pcre (8.12 or higher); we only have pcre 8.12 in Fedora 15. In Fedora 14 we have 8.10 and in Fedora 13 we have 7.8, so this issue should not affect on those platforms unless they upgrade pcre.
Since it's unlikely that Fedora 13 will upgrade pcre at this point (although it might be possible yet for Fedora 14), I'm going to close the Fedora 13 tracker, but will keep the Fedora 14 tracker open.
The CVE identifier of CVE-2011-1951 has been assigned to this issue.
(In reply to comment #4)
> The report indicates that this only affects syslog-ng when used with a newer
> pcre (8.12 or higher); we only have pcre 8.12 in Fedora 15. In Fedora 14 we
> have 8.10 and in Fedora 13 we have 7.8, so this issue should not affect on
> those platforms unless they upgrade pcre.
The syslog-ng v3.2.4 announcement:
mentions it's hypothetically possible this may affect older versions too:
"It is triggered by PCRE 8.12, but could potentially affect older versions too."
Though not sure, how much that upstream statement being valid (didn't try it),
would recommend to update all Fedora versions (i.e. also F-13 and F-14) just
for case, there is some way how to trigger this. Only due the fact to be
sure and on the safe side.
> Since it's unlikely that Fedora 13 will upgrade pcre at this point (although it
> might be possible yet for Fedora 14), I'm going to close the Fedora 13 tracker,
> but will keep the Fedora 14 tracker open.
Upstream patch for syslog-ng 3.1:
Relevant mailing list thread (and mails):
* [syslog-ng] rewrite problem
Closing ticket (errata information for F13 and F14 available in tickets #709092 and #709093).