rsyslog-8.1911.0-3.el8

エラータID: AXSA:2020-364:04

Release date: 
Thursday, September 17, 2020 - 05:52
Subject: 
rsyslog-8.1911.0-3.el8
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

The rsyslog packages provide an enhanced, multi-threaded syslog daemon. It supports MySQL, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine-grained control over output format.

The following packages have been upgraded to a later upstream version: rsyslog (8.1911.0).

Security Fix(es):

* rsyslog: heap-based overflow in contrib/pmaixforwardedfrom/pmaixforwardedfrom.c (CVE-2019-17041)

* rsyslog: heap-based overflow in contrib/pmcisconames/pmcisconames.c (CVE-2019-17042)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2019-17041
An issue was discovered in Rsyslog v8.1908.0. contrib/pmaixforwardedfrom/pmaixforwardedfrom.c has a heap overflow in the parser for AIX log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon) but fails to account for strings that do not satisfy this constraint. If the string does not match, then the variable lenMsg will reach the value zero and will skip the sanity check that detects invalid log messages. The message will then be considered valid, and the parser will eat up the nonexistent colon delimiter. In doing so, it will decrement lenMsg, a signed integer, whose value was zero and now becomes minus one. The following step in the parser is to shift left the contents of the message. To do this, it will call memmove with the right pointers to the target and destination strings, but the lenMsg will now be interpreted as a huge value, causing a heap overflow.
CVE-2019-17042
An issue was discovered in Rsyslog v8.1908.0. contrib/pmcisconames/pmcisconames.c has a heap overflow in the parser for Cisco log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon), but fails to account for strings that do not satisfy this constraint. If the string does not match, then the variable lenMsg will reach the value zero and will skip the sanity check that detects invalid log messages. The message will then be considered valid, and the parser will eat up the nonexistent colon delimiter. In doing so, it will decrement lenMsg, a signed integer, whose value was zero and now becomes minus one. The following step in the parser is to shift left the contents of the message. To do this, it will call memmove with the right pointers to the target and destination strings, but the lenMsg will now be interpreted as a huge value, causing a heap overflow.

Solution: 

Update packages.

CVEs: 
CVE-2019-17041
An issue was discovered in Rsyslog v8.1908.0. contrib/pmaixforwardedfrom/pmaixforwardedfrom.c has a heap overflow in the parser for AIX log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon) but fails to account for strings that do not satisfy this constraint. If the string does not match, then the variable lenMsg will reach the value zero and will skip the sanity check that detects invalid log messages. The message will then be considered valid, and the parser will eat up the nonexistent colon delimiter. In doing so, it will decrement lenMsg, a signed integer, whose value was zero and now becomes minus one. The following step in the parser is to shift left the contents of the message. To do this, it will call memmove with the right pointers to the target and destination strings, but the lenMsg will now be interpreted as a huge value, causing a heap overflow.
CVE-2019-17042
An issue was discovered in Rsyslog v8.1908.0. contrib/pmcisconames/pmcisconames.c has a heap overflow in the parser for Cisco log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon), but fails to account for strings that do not satisfy this constraint. If the string does not match, then the variable lenMsg will reach the value zero and will skip the sanity check that detects invalid log messages. The message will then be considered valid, and the parser will eat up the nonexistent colon delimiter. In doing so, it will decrement lenMsg, a signed integer, whose value was zero and now becomes minus one. The following step in the parser is to shift left the contents of the message. To do this, it will call memmove with the right pointers to the target and destination strings, but the lenMsg will now be interpreted as a huge value, causing a heap overflow.
Additional Info: 

N/A

Download: 

SRPMS
  1. rsyslog-8.1911.0-3.el8.src.rpm
    MD5: c6d308c9aabc499f6eef32f83aefda24
    SHA-256: 3c66c7058436bea0f628798a9540b2c9802b59a74a8ebbc5c5b658b2e92b6bdf
    Size: 10.63 MB

Asianux Server 8 for x86_64
  1. rsyslog-8.1911.0-3.el8.x86_64.rpm
    MD5: 0ed611a5d0187987a87167cc79a39b95
    SHA-256: 344e2aedfcfe46c3cd099f80c1d5c5aec838c9f039ffc2df1a74a86ccd548721
    Size: 732.68 kB
  2. rsyslog-crypto-8.1911.0-3.el8.x86_64.rpm
    MD5: 43df0cd606098de67601548373b264e4
    SHA-256: facda9d9b5cc64c3a00ffbde64061cf4a652009c7cd8bf88e8240bf7509abbb7
    Size: 34.49 kB
  3. rsyslog-doc-8.1911.0-3.el8.noarch.rpm
    MD5: e5155e0344d6de542040b4710dcd46d2
    SHA-256: 06828c743ce381b1750faa70b8367a4a655bfd8a8061d7eece8bb6ce5079eb87
    Size: 1.58 MB
  4. rsyslog-elasticsearch-8.1911.0-3.el8.x86_64.rpm
    MD5: d7b881c40c2350e60dd79b64a59adde2
    SHA-256: 14b6c3b8809e9c2f21d008aac401db47efae708de4740188ca86e7a9e6d3d150
    Size: 30.20 kB
  5. rsyslog-gnutls-8.1911.0-3.el8.x86_64.rpm
    MD5: 43184b27fc2618eeeb16c1c9128e588c
    SHA-256: ae973385d559785774f0a155b5be50cfa434f1da844571cec14fe397433b1f68
    Size: 28.95 kB
  6. rsyslog-gssapi-8.1911.0-3.el8.x86_64.rpm
    MD5: d6cab56b01a79252c85bec495d638253
    SHA-256: 81ee6d4c2614d68379b6873aa734c91f4bd6fb4522b1ed4eb870d057e58cf3cb
    Size: 30.91 kB
  7. rsyslog-kafka-8.1911.0-3.el8.x86_64.rpm
    MD5: c06ae57615031500ddb0e4176685011d
    SHA-256: 8c8baebd63af03c877a34c155642efa20eca1b806b7ca47b0b2823d2cce5e6f0
    Size: 37.07 kB
  8. rsyslog-mmaudit-8.1911.0-3.el8.x86_64.rpm
    MD5: 331994262ca564e49ae59f057d7ba68d
    SHA-256: 7d28664be584cad80fe08badbacb8a63a6b40f2abe1ebebede30a0882ce9bd95
    Size: 17.39 kB
  9. rsyslog-mmjsonparse-8.1911.0-3.el8.x86_64.rpm
    MD5: f8d29d4cc771833d15db1cc1696a5b9f
    SHA-256: 0f7fc52bd676f6de8416a3c025f783d4c84393b18e349fd7c620f5bec9f13272
    Size: 18.73 kB
  10. rsyslog-mmkubernetes-8.1911.0-3.el8.x86_64.rpm
    MD5: 297d6f6955935a9faddae36a84887cfb
    SHA-256: 56918674617b3e1a8c9ac9cc23f4568708de5c67df30f21a9d54549d1f3bbdee
    Size: 29.85 kB
  11. rsyslog-mmnormalize-8.1911.0-3.el8.x86_64.rpm
    MD5: 5f5808ffa50804eb68acc210318090bd
    SHA-256: da64e4465ea23385a0cbeba351cdb41b51016af2dafff3b9b4cf4365ce2bcb15
    Size: 19.83 kB
  12. rsyslog-mmsnmptrapd-8.1911.0-3.el8.x86_64.rpm
    MD5: 5777ee00e02148d5859b3e50f9189012
    SHA-256: 0d4320f46282f1bd034728035340191d89c8e82dd5961b797bc796a5be91aea3
    Size: 18.47 kB
  13. rsyslog-mysql-8.1911.0-3.el8.x86_64.rpm
    MD5: 76ef9a2361ff3578f2423cab285837e2
    SHA-256: 65c30640b55a4246499aa7bec6976a7719d7b7f5dcd5793aa7af7f8131a8dc92
    Size: 20.60 kB
  14. rsyslog-pgsql-8.1911.0-3.el8.x86_64.rpm
    MD5: 9c45bf3f3107e0e31c4cfe511a047aaa
    SHA-256: a669333a5b3e2ccc4a6e59f53d5c690837ead3cfcb7d241acbf0a1415dfaac33
    Size: 19.89 kB
  15. rsyslog-relp-8.1911.0-3.el8.x86_64.rpm
    MD5: 6e8453605644b8724306f1cf6779b4fc
    SHA-256: 8b46210e05afa3ebb198ff3ec8bb0903c3b135a93f6b68eeac915e361999a338
    Size: 30.02 kB
  16. rsyslog-snmp-8.1911.0-3.el8.x86_64.rpm
    MD5: 341cfe217ddb847371b663a4ef63843c
    SHA-256: 06ea80656db1c63c18a207a301f4a5cbd90c741c857fbb645abdba6b78b503e8
    Size: 20.80 kB