librelp-1.2.7-3.AXS4.1
エラータID: AXSA:2018-3006:01
Librelp is an easy-to-use library for the Reliable Event Logging Protocol (RELP) protocol. RELP is a general-purpose, extensible logging protocol.
Security Fix(es):
* librelp: Stack-based buffer overflow in relpTcpChkPeerName function in src/tcp.c (CVE-2018-1000140)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Asianux would like to thank Rainer Gerhards (rsyslog) for reporting this issue. Upstream acknowledges Bas van Schaik (lgtm.com / Semmle) and Kevin Backhouse (lgtm.com / Semmle) as the original reporters.
CVE-2018-1000140
rsyslog librelp version 1.2.14 and earlier contains a Buffer Overflow vulnerability in the checking of x509 certificates from a peer that can result in Remote code execution. This attack appear to be exploitable a remote attacker that can connect to rsyslog and trigger a stack buffer overflow by sending a specially crafted x509 certificate.
Update packages.
rsyslog librelp version 1.2.14 and earlier contains a Buffer Overflow vulnerability in the checking of x509 certificates from a peer that can result in Remote code execution. This attack appear to be exploitable a remote attacker that can connect to rsyslog and trigger a stack buffer overflow by sending a specially crafted x509 certificate.
N/A
SRPMS
- librelp-1.2.7-3.AXS4.1.src.rpm
MD5: b3a71106ab1a2e78be86dbedb7a97f7d
SHA-256: 50cc402db69e1a4ac32fbb6b021cfdb568ca24b9e66428697e6a2f54ae2c35a0
Size: 410.78 kB
Asianux Server 4 for x86
- librelp-1.2.7-3.AXS4.1.i686.rpm
MD5: ef805962ee16c86e42f69be97f82b250
SHA-256: 9dd3a054dee2b907b4346b1a1e820e008f2f3899612504333d0423740da3ea8b
Size: 57.23 kB
Asianux Server 4 for x86_64
- librelp-1.2.7-3.AXS4.1.x86_64.rpm
MD5: 45061f2c622ed161190ba344972747a9
SHA-256: f4f36af369fdb10f439beef8c58f44b646aaadc70560948b8b5fb085349739da
Size: 56.52 kB
日本語