A denial of service vulnerability was discovered in rsyslog related to syslog input over the network.
|Package||app-admin/syslog-ng on all architectures|
|Affected versions||< 3.38.1|
|Unaffected versions||>= 3.38.1|
syslog replacement with advanced filtering features.
An integer overflow in the RFC3164 parser allows remote attackers to cause a denial of service via crafted syslog input that is mishandled by the tcp or network function.
Attackers with access to input syslogs over syslog-ng's network functionality can cause a denial of service.
There is no known workaround at this time.
All syslog-ng users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-admin/syslog-ng-3.38.1"
May 03, 2023
May 03, 2023: 1