[SECURITY] [DLA 4182-1] syslog-ng security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 4182-1] syslog-ng security update
From: Abhijith PA <abhijith@debian.org>
Date: Wed, 28 May 2025 13:28:46 +0530
Message-id: <[🔎] aDbCNqevzOZXI2TE@debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4182-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                          Abhijith PA
May 28, 2025                                  https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : syslog-ng
Version        : 3.28.1-2+deb11u2
CVE ID         : CVE-2024-47619

A security issue was found in syslog-ng, an enhanced log daemon. In
prior version, `tls_wildcard_match()` matches on certificates such as
`foo.*.bar` although that is not allowed. It is also possible to pass
partial wildcards such as `foo.a*c.bar` which glib matches but should
be avoided / invalidated. This issue could have an impact on TLS
connections, such as in man-in-the-middle situations.

For Debian 11 bullseye, this problem has been fixed in version
3.28.1-2+deb11u2.

We recommend that you upgrade your syslog-ng packages.

For the detailed security status of syslog-ng please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/syslog-ng

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAmg2wjYACgkQhj1N8u2c
KO9x2g//WybSqaWUOxYiBPR/P16kTipgFgNNWHKgQxRZo3esX40EeZpViuggW7Pf
ZSTTipQq3nIzYswFvDzkdkJWUqoO1cPPEp9uiVOKTpmLtWE+1TfCwkP4aY46Xsha
yrMjmlvxIkOMsGoYMlwwBEzvAWzIdzPoPm99Cy1+VMZnfabsYttL8XZoOXa3yW0o
Cm12qMqEcx60+jsz8HhjghJHyYw3xFHkysBYYKCT7GSvad4PdjfThTJwV1wDSvuG
u/1n9EQ8uoA7gR3Wx2tTKQ+l3bODZ+1+jT6agPQG2zcTOSllNfCwUxt3Kw12zAp1
1zV03jjYHck6+P/W4ZKTGnwXmw1G9sOY0QtcjjFw3S/ZeaEUFUUTeaMOElV/p6FR
am6Km6tLx6QuZ1TVir3vMJ8u/6VC4Vq1ZX9fSw/y6lLW42kfOv8OgAFO1khl1Lmo
5rlx4CYQJYz7RIxgqOYZNICHCBLoSdNGDmWjm1bXgD+ZfktQ9EY8ackIFyJUblyR
CFhVETN6CtXiPK1W/GpYgFtFSVIJgKEMmhw8W3SXjViBW3KDgHsH05+kF/fleAdG
TWeNntmLywfgaPeIoalWjTEu5kDyUCq6JWjOzKZFXVH+lyEV8UtOvkn05xAPvcUr
pPwZPFHv46mNAHdRrEi+kIMmz47X/r53ZT0F3cPhalbNF46VxaA=
=myKL
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 4181-1] glibc security update
Next by Date: [SECURITY] [DLA 4183-1] setuptools security update
Previous by thread: [SECURITY] [DLA 4181-1] glibc security update
Next by thread: [SECURITY] [DLA 4183-1] setuptools security update
Index(es):
- Date
- Thread