Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bugzilla DB migration completed. Please report issues to Infra team via email via infra@gentoo.org or IRC

Bug 697464 (CVE-2019-17041, CVE-2019-17042)

Summary: <app-admin/rsyslog-8.1910.0: multiple vulnerabilities (CVE-2019-{17041,17042})
Product: Gentoo Security Reporter: GLSAMaker/CVETool Bot <glsamaker>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: whissi
Priority: Normal Keywords: STABLEREQ
Version: unspecifiedFlags: stable-bot: sanity-check+
Hardware: All   
OS: Linux   
Whiteboard: B3 [noglsa]
Package list:
app-admin/rsyslog-8.1910.0
Runtime testing required: ---

Description GLSAMaker/CVETool Bot gentoo-dev 2019-10-10 22:26:57 UTC
CVE-2019-17041 (https://nvd.nist.gov/vuln/detail/CVE-2019-17041):
  An issue was discovered in Rsyslog v8.1908.0.
  contrib/pmaixforwardedfrom/pmaixforwardedfrom.c has a heap overflow in the
  parser for AIX log messages. The parser tries to locate a log message
  delimiter (in this case, a space or a colon) but fails to account for
  strings that do not satisfy this constraint. If the string does not match,
  then the variable lenMsg will reach the value zero and will skip the sanity
  check that detects invalid log messages. The message will then be considered
  valid, and the parser will eat up the nonexistent colon delimiter. In doing
  so, it will decrement lenMsg, a signed integer, whose value was zero and now
  becomes minus one. The following step in the parser is to shift left the
  contents of the message. To do this, it will call memmove with the right
  pointers to the target and destination strings, but the lenMsg will now be
  interpreted as a huge value, causing a heap overflow.

CVE-2019-17042 (https://nvd.nist.gov/vuln/detail/CVE-2019-17042):
  An issue was discovered in Rsyslog v8.1908.0.
  contrib/pmcisconames/pmcisconames.c has a heap overflow in the parser for
  Cisco log messages. The parser tries to locate a log message delimiter (in
  this case, a space or a colon), but fails to account for strings that do not
  satisfy this constraint. If the string does not match, then the variable
  lenMsg will reach the value zero and will skip the sanity check that detects
  invalid log messages. The message will then be considered valid, and the
  parser will eat up the nonexistent colon delimiter. In doing so, it will
  decrement lenMsg, a signed integer, whose value was zero and now becomes
  minus one. The following step in the parser is to shift left the contents of
  the message. To do this, it will call memmove with the right pointers to the
  target and destination strings, but the lenMsg will now be interpreted as a
  huge value, causing a heap overflow.
Comment 1 Thomas Deutschmann gentoo-dev Security 2019-10-14 20:56:06 UTC
x86 stable
Comment 2 Piotr Karbowski archtester Gentoo Infrastructure gentoo-dev Security 2019-10-23 17:19:11 UTC
amd64 stable
Comment 3 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2019-11-03 13:54:43 UTC
arm stable
Comment 4 Thomas Deutschmann gentoo-dev Security 2019-11-17 21:28:36 UTC
hppa stable.

GLSA vote: No!

Repository is clean, all done!