Описание
Security update for librelp
This update for librelp fixes the following issues:
- CVE-2018-1000140: Fixed remote attack via specially crafted x509 certificates when connecting to rsyslog to trigger a stack buffer overflow and run arbitrary code (bsc#1086730).
Список пакетов
HPE Helion OpenStack 8
librelp0-1.2.15-3.6.3
SUSE Linux Enterprise Server 12 SP3-BCL
librelp0-1.2.15-3.6.3
SUSE Linux Enterprise Server 12 SP3-LTSS
librelp0-1.2.15-3.6.3
SUSE Linux Enterprise Server 12 SP4-LTSS
librelp0-1.2.15-3.6.3
SUSE Linux Enterprise Server 12 SP5
librelp0-1.2.15-3.6.3
SUSE Linux Enterprise Server for SAP Applications 12 SP3
librelp0-1.2.15-3.6.3
SUSE Linux Enterprise Server for SAP Applications 12 SP4
librelp0-1.2.15-3.6.3
SUSE Linux Enterprise Server for SAP Applications 12 SP5
librelp0-1.2.15-3.6.3
SUSE Linux Enterprise Software Development Kit 12 SP5
librelp-devel-1.2.15-3.6.3
SUSE OpenStack Cloud 8
librelp0-1.2.15-3.6.3
SUSE OpenStack Cloud 9
librelp0-1.2.15-3.6.3
SUSE OpenStack Cloud Crowbar 8
librelp0-1.2.15-3.6.3
SUSE OpenStack Cloud Crowbar 9
librelp0-1.2.15-3.6.3
Ссылки
- Link for SUSE-SU-2022:1891-1
- E-Mail link for SUSE-SU-2022:1891-1
- SUSE Security Ratings
- SUSE Bug 1086730
- SUSE CVE CVE-2018-1000140 page
Описание
rsyslog librelp version 1.2.14 and earlier contains a Buffer Overflow vulnerability in the checking of x509 certificates from a peer that can result in Remote code execution. This attack appear to be exploitable a remote attacker that can connect to rsyslog and trigger a stack buffer overflow by sending a specially crafted x509 certificate.
Затронутые продукты
HPE Helion OpenStack 8:librelp0-1.2.15-3.6.3
SUSE Linux Enterprise Server 12 SP3-BCL:librelp0-1.2.15-3.6.3
SUSE Linux Enterprise Server 12 SP3-LTSS:librelp0-1.2.15-3.6.3
SUSE Linux Enterprise Server 12 SP4-LTSS:librelp0-1.2.15-3.6.3
Ссылки
- CVE-2018-1000140
- SUSE Bug 1086730