librelp-1.2.12-1.el7.1
エラータID: AXSA:2018-2994:01
Librelp is an easy-to-use library for the Reliable Event Logging Protocol (RELP) protocol. RELP is a general-purpose, extensible logging protocol.
Security Fix(es):
* librelp: Stack-based buffer overflow in relpTcpChkPeerName function in src/tcp.c (CVE-2018-1000140)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Asianux would like to thank Rainer Gerhards (rsyslog) for reporting this issue. Upstream acknowledges Bas van Schaik (lgtm.com / Semmle) and Kevin Backhouse (lgtm.com / Semmle) as the original reporters.
CVE-2018-1000140
rsyslog librelp version 1.2.14 and earlier contains a Buffer Overflow vulnerability in the checking of x509 certificates from a peer that can result in Remote code execution. This attack appear to be exploitable a remote attacker that can connect to rsyslog and trigger a stack buffer overflow by sending a specially crafted x509 certificate.
Update packages.
rsyslog librelp version 1.2.14 and earlier contains a Buffer Overflow vulnerability in the checking of x509 certificates from a peer that can result in Remote code execution. This attack appear to be exploitable a remote attacker that can connect to rsyslog and trigger a stack buffer overflow by sending a specially crafted x509 certificate.
N/A
SRPMS
- librelp-1.2.12-1.el7.1.src.rpm
MD5: bf2e6cffb262e17378cad571de958188
SHA-256: 9da3ad1909847e5c199582a3459eb829f0512021675abc1bbd611c9cd5a26566
Size: 435.07 kB
Asianux Server 7 for x86_64
- librelp-1.2.12-1.el7.1.x86_64.rpm
MD5: 473cf8709612dccbb435811f4220dd48
SHA-256: 31753bf16255898328f11aa603765672b25d686e12e403e3ffeba385383111df
Size: 60.08 kB - librelp-1.2.12-1.el7.1.i686.rpm
MD5: 91aa315cd6b23b4c8641f4d2e44633aa
SHA-256: 76ffa8ed268f147031869e82017bd60daee287225c1250f8192c15649abd21a8
Size: 60.09 kB
日本語