rpm package
opensuse/syslog-ng&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/syslog-ng&distro=openSUSE%20Tumbleweed
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-47619 | — | < 4.8.2-1.1 | 4.8.2-1.1 | May 7, 2025 | syslog-ng is an enhanced log daemo. Prior to version 4.8.2, `tls_wildcard_match()` matches on certificates such as `foo.*.bar` although that is not allowed. It is also possible to pass partial wildcards such as `foo.a*c.bar` which glib matches but should be avoided / invalidated. | ||
| CVE-2008-5110 | — | < 3.33.2-1.2 | 3.33.2-1.2 | Nov 17, 2008 | syslog-ng does not call chdir when it calls chroot, which might allow attackers to escape the intended jail. NOTE: this is only a vulnerability when a separate vulnerability is present. This flaw affects syslog-ng versions prior to and including 2.0.9. |
- CVE-2024-47619May 7, 2025affected < 4.8.2-1.1fixed 4.8.2-1.1
syslog-ng is an enhanced log daemo. Prior to version 4.8.2, `tls_wildcard_match()` matches on certificates such as `foo.*.bar` although that is not allowed. It is also possible to pass partial wildcards such as `foo.a*c.bar` which glib matches but should be avoided / invalidated.
- CVE-2008-5110Nov 17, 2008affected < 3.33.2-1.2fixed 3.33.2-1.2
syslog-ng does not call chdir when it calls chroot, which might allow attackers to escape the intended jail. NOTE: this is only a vulnerability when a separate vulnerability is present. This flaw affects syslog-ng versions prior to and including 2.0.9.