syslog-ng: fix CVE-2024-47619 - linux/meta-openembedded.git - Mirror of git.openembedded.org/meta-openembedded

diff options

author	Yogita Urade <yogita.urade@windriver.com>	2025-05-28 16:24:17 +0530
committer	Armin Kuster <akuster808@gmail.com>	2025-07-02 20:30:36 -0400
commit	a051b4ae0595c0905ae6a504bbd8511d18a9aaec (patch)
tree	3cd8307e11ab3efb80ab9fffcbb668e38e292409 /meta-python/recipes-devtools/python/python-numeric
parent	719a23e6f6eb2803ae8adc53bfe217b230c4361d (diff)
download	meta-openembedded-a051b4ae0595c0905ae6a504bbd8511d18a9aaec.tar.gz

syslog-ng: fix CVE-2024-47619

syslog-ng is an enhanced log daemo. Prior to version 4.8.2, `tls_wildcard_match()` matches on certificates such as `foo.*.bar` although that is not allowed. It is also possible to pass partial wildcards such as `foo.a*c.bar` which glib matches but should be avoided / invalidated. This issue could have an impact on TLS connections, such as in man-in-the-middle situations. Version 4.8.2 contains a fix for the issue. Reference: https://nvd.nist.gov/vuln/detail/CVE-2024-47619 Upstream patch: https://github.com/syslog-ng/syslog-ng/commit/12a0624e4c275f14cee9a6b4f36e714d2ced8544 Signed-off-by: Yogita Urade <yogita.urade@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>

Diffstat (limited to 'meta-python/recipes-devtools/python/python-numeric')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: