VYPR

rpm package

opensuse/syslog-ng&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/syslog-ng&distro=openSUSE%20Tumbleweed

Vulnerabilities (2)

  • CVE-2024-47619May 7, 2025
    affected < 4.8.2-1.1fixed 4.8.2-1.1

    syslog-ng is an enhanced log daemo. Prior to version 4.8.2, `tls_wildcard_match()` matches on certificates such as `foo.*.bar` although that is not allowed. It is also possible to pass partial wildcards such as `foo.a*c.bar` which glib matches but should be avoided / invalidated.

  • CVE-2008-5110Nov 17, 2008
    affected < 3.33.2-1.2fixed 3.33.2-1.2

    syslog-ng does not call chdir when it calls chroot, which might allow attackers to escape the intended jail. NOTE: this is only a vulnerability when a separate vulnerability is present. This flaw affects syslog-ng versions prior to and including 2.0.9.