rsyslog-8.24.0-52.el7
エラータID: AXSA:2020-4536:02
The rsyslog packages provide an enhanced, multi-threaded syslog daemon. It supports MySQL, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine-grained control over output format.
Security Fix(es):
* rsyslog: heap-based overflow in contrib/pmaixforwardedfrom/pmaixforwardedfrom.c (CVE-2019-17041)
* rsyslog: heap-based overflow in contrib/pmcisconames/pmcisconames.c (CVE-2019-17042)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Asianux Server 7.8 Release Notes linked from the References section.
CVE-2019-17041
An issue was discovered in Rsyslog v8.1908.0. contrib/pmaixforwardedfrom/pmaixforwardedfrom.c has a heap overflow in the parser for AIX log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon) but fails to account for strings that do not satisfy this constraint. If the string does not match, then the variable lenMsg will reach the value zero and will skip the sanity check that detects invalid log messages. The message will then be considered valid, and the parser will eat up the nonexistent colon delimiter. In doing so, it will decrement lenMsg, a signed integer, whose value was zero and now becomes minus one. The following step in the parser is to shift left the contents of the message. To do this, it will call memmove with the right pointers to the target and destination strings, but the lenMsg will now be interpreted as a huge value, causing a heap overflow.
CVE-2019-17042
An issue was discovered in Rsyslog v8.1908.0. contrib/pmcisconames/pmcisconames.c has a heap overflow in the parser for Cisco log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon), but fails to account for strings that do not satisfy this constraint. If the string does not match, then the variable lenMsg will reach the value zero and will skip the sanity check that detects invalid log messages. The message will then be considered valid, and the parser will eat up the nonexistent colon delimiter. In doing so, it will decrement lenMsg, a signed integer, whose value was zero and now becomes minus one. The following step in the parser is to shift left the contents of the message. To do this, it will call memmove with the right pointers to the target and destination strings, but the lenMsg will now be interpreted as a huge value, causing a heap overflow.
Update packages.
An issue was discovered in Rsyslog v8.1908.0. contrib/pmaixforwardedfrom/pmaixforwardedfrom.c has a heap overflow in the parser for AIX log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon) but fails to account for strings that do not satisfy this constraint. If the string does not match, then the variable lenMsg will reach the value zero and will skip the sanity check that detects invalid log messages. The message will then be considered valid, and the parser will eat up the nonexistent colon delimiter. In doing so, it will decrement lenMsg, a signed integer, whose value was zero and now becomes minus one. The following step in the parser is to shift left the contents of the message. To do this, it will call memmove with the right pointers to the target and destination strings, but the lenMsg will now be interpreted as a huge value, causing a heap overflow.
An issue was discovered in Rsyslog v8.1908.0. contrib/pmcisconames/pmcisconames.c has a heap overflow in the parser for Cisco log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon), but fails to account for strings that do not satisfy this constraint. If the string does not match, then the variable lenMsg will reach the value zero and will skip the sanity check that detects invalid log messages. The message will then be considered valid, and the parser will eat up the nonexistent colon delimiter. In doing so, it will decrement lenMsg, a signed integer, whose value was zero and now becomes minus one. The following step in the parser is to shift left the contents of the message. To do this, it will call memmove with the right pointers to the target and destination strings, but the lenMsg will now be interpreted as a huge value, causing a heap overflow.
N/A
SRPMS
- rsyslog-8.24.0-52.el7.src.rpm
MD5: 58e851abc2bb02182aca98617182d032
SHA-256: 8ebd0d8ebf2ef557de98c8965a21f14db69d9e88ddfdb23d5f17175c7f8b4b37
Size: 6.59 MB
Asianux Server 7 for x86_64
- rsyslog-8.24.0-52.el7.x86_64.rpm
MD5: 7a19b3019e4d77797b3cc070bee17348
SHA-256: d8fab108a5c8eb3199cf3612abf8aab92ec9fc8f3725b942b7beef2ce8eb628b
Size: 619.54 kB - rsyslog-gnutls-8.24.0-52.el7.x86_64.rpm
MD5: 6ddad84fe0e32e74482b23ce90aa3b3e
SHA-256: a5eccd1fec1b8ca839f926ae05e647c32d516eda932aa97c4789f674a6fbbe2e
Size: 49.45 kB - rsyslog-gssapi-8.24.0-52.el7.x86_64.rpm
MD5: 8d693f823ecf3bac48de086d4a719bba
SHA-256: 96bbc1f159eaacd647b105467229d252545aa5264e471ecae90409c195280014
Size: 52.81 kB - rsyslog-kafka-8.24.0-52.el7.x86_64.rpm
MD5: 3549dc0881e2835bb8b17c9bd9964bd1
SHA-256: a600bd4472de10c366b964d9b27c15c50c52bf253a98f6eca71ad02aef994327
Size: 45.89 kB - rsyslog-mmjsonparse-8.24.0-52.el7.x86_64.rpm
MD5: f3581f2bcb44b11807a6c82bd77e9211
SHA-256: f9e5336b0258a5c973ecc769b2573bdc845f70b38b4f5f2527dadc6e8cef28c8
Size: 41.50 kB - rsyslog-mysql-8.24.0-52.el7.x86_64.rpm
MD5: 144ef04c0420240d62b21c6c17a97167
SHA-256: a3999db6be6e1fbac4ef3abd9978bd98332a34133e0159b63bc46437cff0dc94
Size: 43.02 kB - rsyslog-pgsql-8.24.0-52.el7.x86_64.rpm
MD5: b25a7e6b516ad5a78600b18ec397323a
SHA-256: abca2b078873ccb0cbfc41f93828d6153b657ebb317dbdaa1c84ffbff8efb491
Size: 41.46 kB - rsyslog-relp-8.24.0-52.el7.x86_64.rpm
MD5: 5d973a0d1211a7de519e2631f6d6a564
SHA-256: 2d0322fdcf59745374961f630e186b13f21a19cc510173660fe70214c44b0d17
Size: 50.18 kB
日本語