rsyslog-8.2102.0-101.el9.1

エラータID: AXSA:2022-3974:05

Release date: 
Wednesday, November 2, 2022 - 06:39
Subject: 
rsyslog-8.2102.0-101.el9.1
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
High
Description: 

The rsyslog packages provide an enhanced, multi-threaded syslog daemon. It supports MySQL, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine-grained control over output format.

Security Fix(es):

* rsyslog: Heap-based overflow in TCP syslog server (CVE-2022-24903)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2022-24903
Rsyslog is a rocket-fast system for log processing. Modules for TCP syslog reception have a potential heap buffer overflow when octet-counted framing is used. This can result in a segfault or some other malfunction. As of our understanding, this vulnerability can not be used for remote code execution. But there may still be a slight chance for experts to do that. The bug occurs when the octet count is read. While there is a check for the maximum number of octets, digits are written to a heap buffer even when the octet count is over the maximum, This can be used to overrun the memory buffer. However, once the sequence of digits stop, no additional characters can be added to the buffer. In our opinion, this makes remote exploits impossible or at least highly complex. Octet-counted framing is one of two potential framing modes. It is relatively uncommon, but enabled by default on receivers. Modules `imtcp`, `imptcp`, `imgssapi`, and `imhttp` are used for regular syslog message reception. It is best practice not to directly expose them to the public. When this practice is followed, the risk is considerably lower. Module `imdiag` is a diagnostics module primarily intended for testbench runs. We do not expect it to be present on any production installation. Octet-counted framing is not very common. Usually, it needs to be specifically enabled at senders. If users do not need it, they can turn it off for the most important modules. This will mitigate the vulnerability.

Solution: 

Update packages.

CVEs: 
CVE-2022-24903
Rsyslog is a rocket-fast system for log processing. Modules for TCP syslog reception have a potential heap buffer overflow when octet-counted framing is used. This can result in a segfault or some other malfunction. As of our understanding, this vulnerability can not be used for remote code execution. But there may still be a slight chance for experts to do that. The bug occurs when the octet count is read. While there is a check for the maximum number of octets, digits are written to a heap buffer even when the octet count is over the maximum, This can be used to overrun the memory buffer. However, once the sequence of digits stop, no additional characters can be added to the buffer. In our opinion, this makes remote exploits impossible or at least highly complex. Octet-counted framing is one of two potential framing modes. It is relatively uncommon, but enabled by default on receivers. Modules `imtcp`, `imptcp`, `imgssapi`, and `imhttp` are used for regular syslog message reception. It is best practice not to directly expose them to the public. When this practice is followed, the risk is considerably lower. Module `imdiag` is a diagnostics module primarily intended for testbench runs. We do not expect it to be present on any production installation. Octet-counted framing is not very common. Usually, it needs to be specifically enabled at senders. If users do not need it, they can turn it off for the most important modules. This will mitigate the vulnerability.
Additional Info: 

N/A

Download: 

SRPMS
  1. rsyslog-8.2102.0-101.el9.1.src.rpm
    MD5: 3b0ee6eaaa66817fae3551cbfb602e24
    SHA-256: f8c9b977e4980998fb01a6f74b13b299208f0d047e75930added1d4a79edd6fb
    Size: 10.39 MB

Asianux Server 9 for x86_64
  1. rsyslog-8.2102.0-101.el9.1.x86_64.rpm
    MD5: 53fc1aca883ebf021af2380676c63c45
    SHA-256: 11940af16c99f0cffee8b717147b97f4ed6dcb464685448a1440d45b6361fb9c
    Size: 740.14 kB
  2. rsyslog-crypto-8.2102.0-101.el9.1.x86_64.rpm
    MD5: ba31098ae3183e71708449f78a9ebfc9
    SHA-256: 112266c3778910fca250b08e6e053bfd6918edba541db334150d96ff3ff8df05
    Size: 32.06 kB
  3. rsyslog-doc-8.2102.0-101.el9.1.noarch.rpm
    MD5: b0a7c1e73078e991c3233691c5609b9c
    SHA-256: f63b879681ae938a9e26a15285774611122591df7bcad00b1fbc55f6a7a1253c
    Size: 1.25 MB
  4. rsyslog-elasticsearch-8.2102.0-101.el9.1.x86_64.rpm
    MD5: 75bf637b7a297f1e601b40bb0b64375b
    SHA-256: 409a1ea09905dc7964703d730a3839ded18c5386dee50dc6b8efaa67623eb430
    Size: 28.95 kB
  5. rsyslog-gnutls-8.2102.0-101.el9.1.x86_64.rpm
    MD5: 16d1b9f24da8084590628cc9115d0b20
    SHA-256: b2f878e7d810e41a15ea2dfde28239cc03220a2220314541fc17e25642747f46
    Size: 28.02 kB
  6. rsyslog-gssapi-8.2102.0-101.el9.1.x86_64.rpm
    MD5: b556b8227c587e2f9c08e3e38cfd1b41
    SHA-256: a288172f909170ac3eb2349f11c72681fbea4df62ddd4cc68a8e99427e904891
    Size: 29.24 kB
  7. rsyslog-kafka-8.2102.0-101.el9.1.x86_64.rpm
    MD5: 7addc95bb5d32682642e75d7590fb989
    SHA-256: d336834242cdd709fe931b95b0110934059840d0d4e43233ad6b14f49369438a
    Size: 36.66 kB
  8. rsyslog-logrotate-8.2102.0-101.el9.1.x86_64.rpm
    MD5: f5da661bbbdb6794bdd5fd9a88778fe9
    SHA-256: 7bd0e946aedd9ea41bb4ccd0f37bc67eaab5e24c5cbc91dcdf64880153ccecc6
    Size: 10.08 kB
  9. rsyslog-mmaudit-8.2102.0-101.el9.1.x86_64.rpm
    MD5: a266a0a8b080c7bcd452293c3067d878
    SHA-256: 62472de7dfdf173ab1b67a9b7006c1db00ae5e781b6220d03c0866e062cea33d
    Size: 15.94 kB
  10. rsyslog-mmfields-8.2102.0-101.el9.1.x86_64.rpm
    MD5: 35d39aebdfc5830d0a099d6fb1cf7583
    SHA-256: 160d26b114f3e20ba528ac5069ac4c2a1f43cd67b3551129d46d5c1a40aa1651
    Size: 16.13 kB
  11. rsyslog-mmjsonparse-8.2102.0-101.el9.1.x86_64.rpm
    MD5: d16c2c0386c220862439c0d02f9fcd41
    SHA-256: ecd6a1d61eb5ad0dee669c50a6c57290b806a48ed46b9702f2a7ece2585a84f4
    Size: 17.30 kB
  12. rsyslog-mmkubernetes-8.2102.0-101.el9.1.x86_64.rpm
    MD5: 13029e7fee9c09021b8209cc5017d776
    SHA-256: 9a93f37925e4e009a7cc514af556b83b67fe88c158f0ebcc7afca22404a2499a
    Size: 28.93 kB
  13. rsyslog-mmnormalize-8.2102.0-101.el9.1.x86_64.rpm
    MD5: 0ffb4ba8945d10877b16d1ebda79461a
    SHA-256: fef87b37940ce4070176fc13c99cd36ddd69bae265090c129e010923e47d2fef
    Size: 18.30 kB
  14. rsyslog-mmsnmptrapd-8.2102.0-101.el9.1.x86_64.rpm
    MD5: e6aa7264bcb32ca0b4158eecd78a3412
    SHA-256: 7f9f1e00456b3fe44ebda3515e6d27fe602ea789982573185c7a290e35d7a658
    Size: 17.01 kB
  15. rsyslog-mysql-8.2102.0-101.el9.1.x86_64.rpm
    MD5: 5e2895a4edc9d021823198ef7c9264d8
    SHA-256: 580b2e773f2e06ccb7e1acddff9c5d0e2535482c6f5cbe6509d21f6349811955
    Size: 19.29 kB
  16. rsyslog-omamqp1-8.2102.0-101.el9.1.x86_64.rpm
    MD5: a39f2f1bdd5bc31c182549e834cf998e
    SHA-256: fb39f0c27b7e595bd902f701d6c9dbed764b5793d5a0d0a4e9d8b14c3ea3fb0c
    Size: 91.25 kB
  17. rsyslog-openssl-8.2102.0-101.el9.1.x86_64.rpm
    MD5: 4e93074c3ac87c9ff64a88e71583ec4b
    SHA-256: 86e30bd32a083871e035d4dbd80d6cc396be625d9ee7117d05115ffefbc6b354
    Size: 28.72 kB
  18. rsyslog-pgsql-8.2102.0-101.el9.1.x86_64.rpm
    MD5: 80afc774cbe978d527348652dd1f3c95
    SHA-256: c3f8e8120df9ddc4c977249af40730b0346bb40b09b81064fb652b199f49803e
    Size: 18.65 kB
  19. rsyslog-relp-8.2102.0-101.el9.1.x86_64.rpm
    MD5: 27880c523dddb9f8b880a62c27b283da
    SHA-256: 18cbac2d3c37203b6734eed27ed3127a3c8d4ae12286327c511fc669a5978f23
    Size: 29.18 kB
  20. rsyslog-snmp-8.2102.0-101.el9.1.x86_64.rpm
    MD5: 348788529946c870403e5151d49992be
    SHA-256: 71c5267acd05a23e84f357892e12d621c8a90d429b4326b3616ccd555d62ad34
    Size: 19.87 kB
  21. rsyslog-udpspoof-8.2102.0-101.el9.1.x86_64.rpm
    MD5: b5a71fd9ad415702e4d3ad3eea1906a3
    SHA-256: 813f482b5a6e2ba8e62e8f988466a6a7cae9bfe38f5e5d9d4487be3b5ead487c
    Size: 19.60 kB