rsyslog-8.2102.0-7.el8.1

エラータID: AXSA:2022-3666:04

Release date: 
Monday, August 15, 2022 - 07:17
Subject: 
rsyslog-8.2102.0-7.el8.1
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

The rsyslog packages provide an enhanced, multi-threaded syslog daemon. It supports MySQL, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine-grained control over output format.

Security Fix(es):

* rsyslog: Heap-based overflow in TCP syslog server (CVE-2022-24903)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2022-24903
Rsyslog is a rocket-fast system for log processing. Modules for TCP syslog reception have a potential heap buffer overflow when octet-counted framing is used. This can result in a segfault or some other malfunction. As of our understanding, this vulnerability can not be used for remote code execution. But there may still be a slight chance for experts to do that. The bug occurs when the octet count is read. While there is a check for the maximum number of octets, digits are written to a heap buffer even when the octet count is over the maximum, This can be used to overrun the memory buffer. However, once the sequence of digits stop, no additional characters can be added to the buffer. In our opinion, this makes remote exploits impossible or at least highly complex. Octet-counted framing is one of two potential framing modes. It is relatively uncommon, but enabled by default on receivers. Modules `imtcp`, `imptcp`, `imgssapi`, and `imhttp` are used for regular syslog message reception. It is best practice not to directly expose them to the public. When this practice is followed, the risk is considerably lower. Module `imdiag` is a diagnostics module primarily intended for testbench runs. We do not expect it to be present on any production installation. Octet-counted framing is not very common. Usually, it needs to be specifically enabled at senders. If users do not need it, they can turn it off for the most important modules. This will mitigate the vulnerability.

Solution: 

Update packages.

CVEs: 
CVE-2022-24903
Rsyslog is a rocket-fast system for log processing. Modules for TCP syslog reception have a potential heap buffer overflow when octet-counted framing is used. This can result in a segfault or some other malfunction. As of our understanding, this vulnerability can not be used for remote code execution. But there may still be a slight chance for experts to do that. The bug occurs when the octet count is read. While there is a check for the maximum number of octets, digits are written to a heap buffer even when the octet count is over the maximum, This can be used to overrun the memory buffer. However, once the sequence of digits stop, no additional characters can be added to the buffer. In our opinion, this makes remote exploits impossible or at least highly complex. Octet-counted framing is one of two potential framing modes. It is relatively uncommon, but enabled by default on receivers. Modules `imtcp`, `imptcp`, `imgssapi`, and `imhttp` are used for regular syslog message reception. It is best practice not to directly expose them to the public. When this practice is followed, the risk is considerably lower. Module `imdiag` is a diagnostics module primarily intended for testbench runs. We do not expect it to be present on any production installation. Octet-counted framing is not very common. Usually, it needs to be specifically enabled at senders. If users do not need it, they can turn it off for the most important modules. This will mitigate the vulnerability.
Additional Info: 

N/A

Download: 

SRPMS
  1. rsyslog-8.2102.0-7.el8.1.src.rpm
    MD5: 9b5bb7d8f9e1a301b9e7736c16d825bb
    SHA-256: 67a6c130423fe75fb11e0b34eee45b060e3101bc92b7a4dfaad2391c531e10cf
    Size: 10.38 MB

Asianux Server 8 for x86_64
  1. rsyslog-8.2102.0-7.el8.1.x86_64.rpm
    MD5: 1c6da98a112d5626eaa14d58c8d74c2b
    SHA-256: 5ea1fbf722ddd91c6613aa2286460c26fa1e2be50df96ff34f2155a723cd4e2c
    Size: 751.42 kB
  2. rsyslog-crypto-8.2102.0-7.el8.1.x86_64.rpm
    MD5: c666da4394ddd5f7ef468e2b1d1d4d46
    SHA-256: 6e2f5777558723d9f7a625dba51750266cb16243c530b173ec950508ba5b521f
    Size: 36.33 kB
  3. rsyslog-doc-8.2102.0-7.el8.1.noarch.rpm
    MD5: 910f372d551c316519333aee14ce3e1b
    SHA-256: e9f9dbe2a53ab3de55f86ad1d16bef89d84e93f0e604928f90876fb50f6e791b
    Size: 1.56 MB
  4. rsyslog-elasticsearch-8.2102.0-7.el8.1.x86_64.rpm
    MD5: 2ff23e71c1398f79bd74c0963a4f869e
    SHA-256: 18a28e2dab9cf1c537c24af64f73ec114226666568b4bd540ee95f8b081ac738
    Size: 32.36 kB
  5. rsyslog-gnutls-8.2102.0-7.el8.1.x86_64.rpm
    MD5: 813adf99f3f11d6074a6f1f09817ac0c
    SHA-256: 37babaf857da111f380f2233ac16275ae27f2715287471bd2eda3800204e3758
    Size: 31.27 kB
  6. rsyslog-gssapi-8.2102.0-7.el8.1.x86_64.rpm
    MD5: d0ecb9cee4a62b0f4ad96026aaa56c0e
    SHA-256: a91b40030fea1c746b34579ed27221f6430328de1f5836f0cc37b84414217180
    Size: 32.93 kB
  7. rsyslog-kafka-8.2102.0-7.el8.1.x86_64.rpm
    MD5: 02892a83756cdb5c5a0f93d4036c8d08
    SHA-256: cec598023cb348cbdc417366a9601f91038f68174adc34352fa63b5553029e3f
    Size: 39.12 kB
  8. rsyslog-mmaudit-8.2102.0-7.el8.1.x86_64.rpm
    MD5: 1fcc556699499e25f79938790729349b
    SHA-256: 1a3dce7851e9be4f032ec236aecbc795bd18c5b72b4e498bb927087a4af85290
    Size: 19.61 kB
  9. rsyslog-mmfields-8.2102.0-7.el8.1.x86_64.rpm
    MD5: a3d8fceabdbee0515953949e75684d7b
    SHA-256: cb986d42c8b417ed5d41b272ead35d4d2b3bc6e40e44573e28544536ea712460
    Size: 19.91 kB
  10. rsyslog-mmjsonparse-8.2102.0-7.el8.1.x86_64.rpm
    MD5: a6d306456f92d1c603a547073920f57d
    SHA-256: 671d0af8d89f1431444b07f3d1ac5196ddd5c271dd2830b6270b1578258efbae
    Size: 20.85 kB
  11. rsyslog-mmkubernetes-8.2102.0-7.el8.1.x86_64.rpm
    MD5: 7b69041549392c94210f2bd5b6f56ebb
    SHA-256: b842474e7ac60696cb703cb709c9219a060b36ddc67c340aa95c13f51b0e4415
    Size: 32.02 kB
  12. rsyslog-mmnormalize-8.2102.0-7.el8.1.x86_64.rpm
    MD5: 18f81a0426cdd05714076e8aadb71bb0
    SHA-256: 8e659ddc2f62554a8f40a4f3abb31d331afb82e494779a74c4ef31e39d481004
    Size: 21.96 kB
  13. rsyslog-mmsnmptrapd-8.2102.0-7.el8.1.x86_64.rpm
    MD5: ddddbefc1a9b6f86e90ae285636ab371
    SHA-256: c0aba1ced4af9fb68190193243731c72be7179044525e6a26a6d84083b360658
    Size: 20.60 kB
  14. rsyslog-mysql-8.2102.0-7.el8.1.x86_64.rpm
    MD5: 7dbb52b354adb7841e4f8c0da679bb62
    SHA-256: 39fadb5b3bab6b668f04db70c951ddb1d869873b5d987bb31e34bf758dc17a39
    Size: 22.46 kB
  15. rsyslog-omamqp1-8.2102.0-7.el8.1.x86_64.rpm
    MD5: 08547ab5bf21e3ce7b3cc6d173920660
    SHA-256: 2df664876926fc14be0df6a836c2228f1f66d08b101bdad72226f06f0f44242e
    Size: 117.48 kB
  16. rsyslog-openssl-8.2102.0-7.el8.1.x86_64.rpm
    MD5: 4c63e759e0fa28ff2010ed522bf2a433
    SHA-256: 27b37486ca3a96b8faf40bed9d48dc8c759cb389788b5105d1fe90dd3fd9a156
    Size: 31.65 kB
  17. rsyslog-pgsql-8.2102.0-7.el8.1.x86_64.rpm
    MD5: d1acdac4c05f0ff4f618e2f626404ff5
    SHA-256: d731d377a23db4e9aaf8ac5037d6f8d6a3596e45d3d07e92f4183c61d07c6f76
    Size: 22.02 kB
  18. rsyslog-relp-8.2102.0-7.el8.1.x86_64.rpm
    MD5: 92e053167e0561a7a5ec7b626aadcfed
    SHA-256: 0278cf30d34120e21ce6a2a61515239d3ece3a25d5d1503a2a74dc25b074041f
    Size: 32.41 kB
  19. rsyslog-snmp-8.2102.0-7.el8.1.x86_64.rpm
    MD5: 9446f12b9a3e1f9a7a6fdfab9c593f69
    SHA-256: 5055d110b08886005a748c14499913453f67a5417f42fea970b83c025b1d252b
    Size: 23.34 kB
  20. rsyslog-udpspoof-8.2102.0-7.el8.1.x86_64.rpm
    MD5: 9bd50bac20b826cc2d9a07af0f950838
    SHA-256: 768489dbc764a95185d5dfb1e5822fe1bc0a03b446cd1f7722b26d6c129682b2
    Size: 23.04 kB