Описание
Security update for librelp
This update for librelp fixes the following issues: CVE-2018-1000140 (bsc#1086730): librelp contained a stack-based buffer overflow in the checking of x509 certificates. A remote attacker with an access to the rsyslog logging facility could have exploited it by sending a specially crafted x509 certificate.
Список пакетов
SUSE Linux Enterprise Server 12 SP3
librelp0-1.2.12-3.3.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3
librelp0-1.2.12-3.3.1
SUSE Linux Enterprise Software Development Kit 12 SP3
librelp-devel-1.2.12-3.3.1
Ссылки
- Link for SUSE-SU-2018:0822-1
- E-Mail link for SUSE-SU-2018:0822-1
- SUSE Security Ratings
- SUSE Bug 1086730
- SUSE CVE CVE-2018-1000140 page
Описание
rsyslog librelp version 1.2.14 and earlier contains a Buffer Overflow vulnerability in the checking of x509 certificates from a peer that can result in Remote code execution. This attack appear to be exploitable a remote attacker that can connect to rsyslog and trigger a stack buffer overflow by sending a specially crafted x509 certificate.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP3:librelp0-1.2.12-3.3.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3:librelp0-1.2.12-3.3.1
SUSE Linux Enterprise Software Development Kit 12 SP3:librelp-devel-1.2.12-3.3.1
Ссылки
- CVE-2018-1000140
- SUSE Bug 1086730