syslog-ng does not call chdir before it calls chroot, which might allow attackers to escape the intended jail. NOTE: this is only a vulnerability when a separate vulnerability is present.

More... (http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5110)