Описание
Security update for librelp
This update for librelp fixes the following issues:
CVE-2018-1000140 (bsc#1086730): librelp contained a stack-based buffer overflow in the checking of x509 certificates. A remote attacker with an access to the rsyslog logging facility could have exploited it by sending a specially crafted x509 certificate.
Список пакетов
SUSE Linux Enterprise Server 12 SP1-LTSS
librelp0-1.2.7-3.3.1
SUSE Linux Enterprise Server 12 SP2
librelp0-1.2.7-3.3.1
SUSE Linux Enterprise Server 12-LTSS
librelp0-1.2.7-3.3.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
librelp0-1.2.7-3.3.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1
librelp0-1.2.7-3.3.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
librelp0-1.2.7-3.3.1
SUSE Linux Enterprise Software Development Kit 12 SP2
librelp-devel-1.2.7-3.3.1
SUSE OpenStack Cloud 6
librelp0-1.2.7-3.3.1
Ссылки
- Link for SUSE-SU-2018:0828-1
- E-Mail link for SUSE-SU-2018:0828-1
- SUSE Security Ratings
- SUSE Bug 1086730
- SUSE CVE CVE-2018-1000140 page
Описание
rsyslog librelp version 1.2.14 and earlier contains a Buffer Overflow vulnerability in the checking of x509 certificates from a peer that can result in Remote code execution. This attack appear to be exploitable a remote attacker that can connect to rsyslog and trigger a stack buffer overflow by sending a specially crafted x509 certificate.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP1-LTSS:librelp0-1.2.7-3.3.1
SUSE Linux Enterprise Server 12 SP2:librelp0-1.2.7-3.3.1
SUSE Linux Enterprise Server 12-LTSS:librelp0-1.2.7-3.3.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:librelp0-1.2.7-3.3.1
Ссылки
- CVE-2018-1000140
- SUSE Bug 1086730