CVE-2024-47619

NameCVE-2024-47619
Descriptionsyslog-ng is an enhanced log daemo. Prior to version 4.8.2, `tls_wildc ...
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-4182-1
Debian Bugs1104890

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
syslog-ng (PTS)bullseye3.28.1-2+deb11u1vulnerable
bullseye (security)3.28.1-2+deb11u2fixed
bookworm3.38.1-5+deb12u1fixed
trixie4.8.1-5+deb13u1fixed
forky, sid4.8.1-7fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
syslog-ngsourcebullseye3.28.1-2+deb11u2DLA-4182-1
syslog-ngsourcebookworm3.38.1-5+deb12u1
syslog-ngsource(unstable)4.8.1-51104890

Notes

https://github.com/syslog-ng/syslog-ng/security/advisories/GHSA-xr54-gx74-fghg
https://github.com/syslog-ng/syslog-ng/issues/5360
Fixed by: https://github.com/syslog-ng/syslog-ng/commit/dadfdbecde5bfe710b0a6ee5699f96926b3f9006 (develop)
Search for package or bug name: Reporting problems