rsyslog

ChangeLog for 3.21.2 (devel)

By adisconteamPosted on August 4, 2008Posted in ChangelogTagged Changelog, devel, rsyslog

Version 3.21.2 [DEVEL] (rgerhards), 2008-08-04

added $InputUnixListenSocketHostName config directive, which permits to
override the hostname being used on a local unix socket. This is useful
for differentiating “hosts” running in several jails. Feature was
suggested by David Darville, thanks for the suggestion.
enhanced ommail to support multiple email recipients. This is done by
specifying $ActionMailTo multiple times. Note that this introduces a
small incompatibility to previous config file syntax: the recipient
list is now reset for each action (we honestly believe that will
not cause any problem – apologies if it does).
enhanced troubleshooting documentation

ChangeLog for 3.21.1 (devel)

By adisconteamPosted on July 30, 2008Posted in ChangelogTagged Changelog, devel, rsyslog

Version 3.21.1 [DEVEL] (rgerhards), 2008-07-30

bugfix: no error was reported if the target of a $IncludeConfig
could not be accessed.
added testbed for common config errors
enhanced config file checking – no active actions are detected
added -N rsyslogd command line option for a config validation run
(which does not execute actual syslogd code and does not interfere
with a running instance)
somewhat improved emergency configuration. It is now also selected
if the config contains no active actions
rsyslogd error messages are now reported to stderr by default. can be
turned off by the new “$ErrorMessagesToStderr off” directive

Thanks to HKS for suggesting the new features.

ChangeLog for 3.20.1 (v3-stable)

By adisconteamPosted on April 12, 2008Posted in ChangelogTagged Changelog, rsyslog, stable

Version 3.20.1 [v3-stable] (rgerhards), 2008-112-04

security bugfix: $AllowedSender was not honoured, all senders were
permitted instead (see security advisory)
enhance: regex nomatch option “ZERO” has been added
This allows to return the string 0 if a regular expression is
not found. This is probably useful for storing numerical values into
database columns.
bugfix: memory leak in gtls netstream driver fixed
memory was lost each time a TLS session was torn down. This could
result in a considerable memory leak if it happened quite frequently
(potential system crash condition)
doc update: documented how to specify multiple property replacer
options + link to new online regex generator tool added
minor bufgfix: very small memory leak in gtls netstream driver
around a handful of bytes (< 20) for each HUP
improved debug output for regular expressions inside property replacer
RE’s seem to be a big trouble spot and I would like to have more
information inside the debug log. So I decided to add some additional
debug strings permanently.

SQL Injection Vulnerability in rsyslogd

By Adiscon SupportPosted on September 23, 2005Posted in Security AdvisoriesTagged rsyslog, SQL Injection

An SQL injection vulnerability was found in all rsyslog releases prior to the ones announced on 2005-09-23. An attacker can send a specifically-crafted syslog message to rsyslogd and potentially take ownership of the machine.

This can be locally exploited if rsyslogd is listening on the local socket. Wes assume it is doing this in almost all cases. It can also be exploited remotely if rsyslogd is listening on network sockets and the attacker is not blocked from sending messages to rsyslogd (e.g. if not blocked by firewalling).

The vulnerability can potentially be used to take full ownership of the computer a compromised rsyslog is running on. The extend of the compromise is depending on the permissions of the user used to connect to MySQL.

We do not know of any case where this was exploited in practice. The bug was discovered during security-testing rsyslogd.

As of this writing, fixed versions exist both for the stable and the development branch. They are named 1.0.1 and 1.10.1. They can be obtained via the following links:

For 1.0.1 stable:
http://www.rsyslog.com/Downloads-index-req-getit-lid-17.phtml

For 1.10.1 development:
http://www.rsyslog.com/Downloads-index-req-getit-lid-18.phtml

As this is a serious vulnerability, we urge all users to update to the fixed version as soon as possible.

If you have turned on NO_BACKSLASH_ESCAPES in MySQL, you MUST make changes to your configuration file. Read DETAILS below to learn more. Continue reading “SQL Injection Vulnerability in rsyslogd”

ChangeLog for 3.21.11 (beta)

By adisconteamPosted on April 3, 2003Posted in ChangelogTagged beta, Changelog, rsyslog

Version 3.21.11 [BETA] (rgerhards), 2009-04-03

build system improvements contributed by Michael Biebl – thx!
all patches from 3.20.5 (v3-stable) have been incorporated, so please see the ChangeLog entry of the stable branch for more information