fedora-13 tracking bug for syslog-ng: see blocks bug list for full details of the security issue(s). This bug is never intended to be made public, please put any public notes in the 'blocks' bugs. [bug automatically created by: add-tracking-bugs]
I've build and pushed eventlog-0.2.12-1 for F13 updates testing. This packaged version is required for building syslog-ng 3.2.4. /jpo
It isn't necessary to upgrade syslog-ng in Fedora 13 due to the older version of pcre that we have (see the comments in the top-level bug). It's up to you if you still want to upgrade syslog-ng in Fedora 13, but I do not believe it is necessary (I was prepared to close this bug until I saw the comment above, so I'm not going to close it now prematurely). I will leave the decision to you.
(In reply to comment #2) > It isn't necessary to upgrade syslog-ng in Fedora 13 due to the older version > of pcre that we have (see the comments in the top-level bug). In the syslog-ng v3.2.4 release announcement: [1] https://lists.balabit.hu/pipermail/syslog-ng/2011-May/016576.html there is written it may affect older than PCRE v8.12 versions too: "It is triggered by PCRE 8.12, but could potentially affect older versions too." > > It's up to you if you still want to upgrade syslog-ng in Fedora 13, but I do > not believe it is necessary (I was prepared to close this bug until I saw the > comment above, so I'm not going to close it now prematurely). I will leave the > decision to you. Not sure how valid above upstream statement is (didn't try it), but would suggest to be on the safe side release F-13 & F-14 updates too (that's the true reason why these bugs were filed).
syslog-ng-3.1.4-4.fc13.1 has been submitted as an update for Fedora 13. https://admin.fedoraproject.org/updates/syslog-ng-3.1.4-4.fc13.1
Package syslog-ng-3.1.4-4.fc13.1: * should fix your issue, * was pushed to the Fedora 13 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing syslog-ng-3.1.4-4.fc13.1' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/syslog-ng-3.1.4-4.fc13.1 then log in and leave karma (feedback).
Fedora 13 changed to end-of-life (EOL) status on 2011-06-25. Fedora 13 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of Fedora please feel free to reopen this bug against that version. Thank you for reporting this bug and we are sorry it could not be fixed.
The fix is available in the Fedora 13 updates-testing repository. If you need to update syslog-ng from version 2.x to this release, is also recommended that you also update the eventlog support library: * yum update --enablerepo=updates-testing \ syslog-ng-3.1.4-4.fc13.1 \ eventlog-0.2.12-1.fc13 /jpo