[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] Use after free in syslog-ng / affile_dw_reap()
From: Hanno =?iso-8859-1?q?B=F6ck?= <hanno () hboeck ! de>
Date: 2018-12-23 7:57:04
Message-ID: 20181223085704.20c253af () computer
[Download RAW message or body]
Hi,
The recently released syslog-ng 3.19.1 fixes a use after free bug.
ASAN error:
==7538==ERROR: AddressSanitizer: heap-use-after-free on address 0x612000007770 at pc \
0x7fc3a89069c8 bp 0x7ffd8099afd0 sp 0x7ffd8099afc0 READ of size 8 at 0x612000007770 thread T0
#0 0x7fc3a89069c7 in affile_dw_reap modules/affile/affile-dest.c:140
#1 0x7fc3ac21f563 in iv_run_timers \
/var/tmp/portage/dev-libs/ivykis-0.42.3-r1/work/ivykis-0.42.3/src/iv_timer.c:119 #2 \
0x7fc3ac22703f in iv_main \
/var/tmp/portage/dev-libs/ivykis-0.42.3-r1/work/ivykis-0.42.3/src/iv_main_posix.c:98 #3 \
0x7fc3adf1e6d4 in main_loop_run lib/mainloop.c:580 #4 0x401ef7 in main syslog-ng/main.c:307
#5 0x7fc3ad45fb9d in __libc_start_main (/lib64/libc.so.6+0x21b9d)
#6 0x4021b9 in _start (/usr/sbin/syslog-ng+0x4021b9)
I reported this a while ago [1] and learned that this was already known
and fixed, but not released yet [2].
[1] https://github.com/balabit/syslog-ng/issues/2454
[2] https://github.com/balabit/syslog-ng/pull/2418
--
Hanno Böck
https://hboeck.de/
mail/jabber: hanno@hboeck.de
GPG: FE73757FA60E4E21B937579FA5880072BBB51E42
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic