リリース日:
2022/05/30 Monday - 15:59
題名:
rsyslog-8.24.0-57.el7.3
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- rsyslog には、オクテットカウントを読み取る際に、ヒープバッファーオーバーフロー
が発生する問題があるため、セグメンテーション違反などが発生する可能性がある脆弱性
があります。(CVE-2022-24903)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2022-24903
Rsyslog is a rocket-fast system for log processing. Modules for TCP syslog reception have a potential heap buffer overflow when octet-counted framing is used. This can result in a segfault or some other malfunction. As of our understanding, this vulnerability can not be used for remote code execution. But there may still be a slight chance for experts to do that. The bug occurs when the octet count is read. While there is a check for the maximum number of octets, digits are written to a heap buffer even when the octet count is over the maximum, This can be used to overrun the memory buffer. However, once the sequence of digits stop, no additional characters can be added to the buffer. In our opinion, this makes remote exploits impossible or at least highly complex. Octet-counted framing is one of two potential framing modes. It is relatively uncommon, but enabled by default on receivers. Modules `imtcp`, `imptcp`, `imgssapi`, and `imhttp` are used for regular syslog message reception. It is best practice not to directly expose them to the public. When this practice is followed, the risk is considerably lower. Module `imdiag` is a diagnostics module primarily intended for testbench runs. We do not expect it to be present on any production installation. Octet-counted framing is not very common. Usually, it needs to be specifically enabled at senders. If users do not need it, they can turn it off for the most important modules. This will mitigate the vulnerability.
Rsyslog is a rocket-fast system for log processing. Modules for TCP syslog reception have a potential heap buffer overflow when octet-counted framing is used. This can result in a segfault or some other malfunction. As of our understanding, this vulnerability can not be used for remote code execution. But there may still be a slight chance for experts to do that. The bug occurs when the octet count is read. While there is a check for the maximum number of octets, digits are written to a heap buffer even when the octet count is over the maximum, This can be used to overrun the memory buffer. However, once the sequence of digits stop, no additional characters can be added to the buffer. In our opinion, this makes remote exploits impossible or at least highly complex. Octet-counted framing is one of two potential framing modes. It is relatively uncommon, but enabled by default on receivers. Modules `imtcp`, `imptcp`, `imgssapi`, and `imhttp` are used for regular syslog message reception. It is best practice not to directly expose them to the public. When this practice is followed, the risk is considerably lower. Module `imdiag` is a diagnostics module primarily intended for testbench runs. We do not expect it to be present on any production installation. Octet-counted framing is not very common. Usually, it needs to be specifically enabled at senders. If users do not need it, they can turn it off for the most important modules. This will mitigate the vulnerability.
追加情報:
N/A
ダウンロード:
SRPMS
- rsyslog-8.24.0-57.el7.3.src.rpm
MD5: d763e1571ae1286ca5f982e4e7736675
SHA-256: 4dba1bf65387c99226c52827e3f67a5c2a87fe94b9b2899a441d5936b491418f
Size: 6.60 MB
Asianux Server 7 for x86_64
- rsyslog-8.24.0-57.el7.3.x86_64.rpm
MD5: 079ff6d44cf6796657bd1e5c9e5ec482
SHA-256: 30880c7cb0441a32e763847e7b5494aa6cd37a5579e51dfa80e4969165f88a2e
Size: 621.09 kB - rsyslog-gnutls-8.24.0-57.el7.3.x86_64.rpm
MD5: fc160f1b6dff143a78f0c734d1db0656
SHA-256: bc029cfec42add0a5464fb0c8162d9da3c71f3c541e240d9a050d333f91c01bb
Size: 50.57 kB - rsyslog-gssapi-8.24.0-57.el7.3.x86_64.rpm
MD5: ccfee7fcae4174821ea12f7e22e33ec0
SHA-256: fc011c8a7d41850a3997739a11acddec8f6576c34b94495727d3699c1f7de8ce
Size: 53.94 kB - rsyslog-kafka-8.24.0-57.el7.3.x86_64.rpm
MD5: ba1ff0dc6e238e89cdb8b34066a295d2
SHA-256: 63cb399b264afdd90afff32886fc7769ca243430a4ccbd9a1eb43ebb35c65b16
Size: 47.04 kB - rsyslog-mmjsonparse-8.24.0-57.el7.3.x86_64.rpm
MD5: 75d134e16eeae6a94c499431c6ee74aa
SHA-256: 6c8707e04da2fcf4c7b74e79d78288600a2eae500fa4d95a9fac1d48bee86d96
Size: 42.64 kB - rsyslog-mysql-8.24.0-57.el7.3.x86_64.rpm
MD5: 5b9f0814f905f2d259213ccfe54ec9c4
SHA-256: b1570f218fc725ac6dd1b090ca8f17ccc732473c1125f640fa00c0bd2c83365c
Size: 44.16 kB - rsyslog-pgsql-8.24.0-57.el7.3.x86_64.rpm
MD5: 73b6de800d516d4e97d8ca38849081fe
SHA-256: caaea13e248c8d6e16950b57b86d4ff5204efea55b88b1e4dabcfe3f29e195b1
Size: 42.60 kB - rsyslog-relp-8.24.0-57.el7.3.x86_64.rpm
MD5: 13d0a8ecd3d39e97760c2f3ad69d110a
SHA-256: aca42e8efc327f362c133a49eac9ecadc601f6f8b41c1529685836e3263d7f5e
Size: 51.32 kB
English
日本語