Syslog-ng Agent Vulnerability Scan reporting potential vulnerabilities on version 6.0.22 and 6.0.23
原因
The version of OpenSSL needed to be uplifted.
Fixed in 6.0.23 CVE-2021-3711 - Fixed in OpenSSL 1.1.1l CVE-2021-3712 - Fixed in OpenSSL 1.1.1l CVE-2019-1543 - Fixed in OpenSSL 1.1.1c CVE-2021-23840 - Fixed in OpenSSL 1.1.1j CVE-2021-23841 - Fixed in OpenSSL 1.1.1j CVE-2021-3449 - Fixed in OpenSSL 1.1.1k CVE-2021-3450 - Fixed in OpenSSL 1.1.1k
Fixed in 6.0.24 The same fixes as 6.0.23 and: CVE-2022-1292 - Fixed in OpenSSL 1.1.1o CVE-2022-0778 - Fixed in OpenSSL 1.1.1n CVE-2023-0286 - Fixed in OpenSSL 1.1.1t CVE-2022-4304 - Fixed in OpenSSL 1.1.1t CVE-2022-4450 - Fixed in OpenSSL 1.1.1t CVE-2023-0215 - Fixed in OpenSSL 1.1.1t
解决办法
Upgrade to version 6.0.24 of the Syslog-ng Windows agent to get past the vulnerabilities.