Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 651192 (CVE-2018-1000140) - <dev-libs/librelp-1.2.15: Stack-based buffer overflow in relpTcpChkPeerName function in src/tcp.c
Summary: <dev-libs/librelp-1.2.15: Stack-based buffer overflow in relpTcpChkPeerName f...
Status: RESOLVED FIXED
Alias: CVE-2018-1000140
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL: https://www.rsyslog.com/cve-2018-1000...
Whiteboard: B1 [glsa+ cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2018-03-22 19:04 UTC by Thomas Deutschmann (RETIRED)
Modified: 2018-04-23 13:20 UTC (History)
1 user (show)

See Also:
Package list:
dev-libs/librelp-1.2.15
Runtime testing required: ---
stable-bot: sanity-check+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Deutschmann (RETIRED) gentoo-dev 2018-03-22 19:04:59 UTC 
See

https://github.com/rsyslog/librelp/blob/master/ChangeLog#L8

More details will follow...
Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev 2018-03-22 19:06:44 UTC 
@ Arch teams:

Please test and mark stable: =dev-libs/librelp-1.2.15
Comment 2 Sergei Trofimovich (RETIRED) gentoo-dev 2018-03-23 09:05:31 UTC 
commit c4a8939473e1aa5db5f5da47dd91227eb696bf21
Author: Rolf Eike Beer <eike@sf-mail.de>
Date:   Fri Mar 23 07:52:19 2018 +0100

    dev-libs/librelp: stable 1.2.15 for sparc, bug #651192
Comment 3 Agostino Sarubbo gentoo-dev 2018-03-23 10:28:26 UTC 
amd64 stable
Comment 4 Thomas Deutschmann (RETIRED) gentoo-dev 2018-03-25 22:45:12 UTC 
x86 stable
Comment 5 GLSAMaker/CVETool Bot gentoo-dev 2018-03-26 22:53:58 UTC 
CVE-2018-1000140 (https://nvd.nist.gov/vuln/detail/CVE-2018-1000140):
  rsyslog librelp version 1.2.14 and earlier contains a Buffer Overflow
  vulnerability in the checking of x509 certificates from a peer that can
  result in Remote code execution. This attack appear to be exploitable a
  remote attacker that can connect to rsyslog and trigger a stack buffer
  overflow by sending a specially crafted x509 certificate.
Comment 6 Mart Raudsepp gentoo-dev 2018-03-28 19:47:59 UTC 
arm64 stable
Comment 7 Sergei Trofimovich (RETIRED) gentoo-dev 2018-03-29 21:11:17 UTC 
commit 90c659370a6bf70cc0bfb884bb0dcda352ada19e
Author: Markus Meier <maekke@gentoo.org>
Date:   Wed Mar 28 06:58:54 2018 +0200

    dev-libs/librelp: arm stable, bug #645870
Comment 8 Matt Turner gentoo-dev 2018-04-22 20:19:59 UTC 
hppa stable
Comment 9 Aaron Bauman (RETIRED) gentoo-dev 2018-04-22 21:23:15 UTC 
@maintainer, please clean vulnerable.

GLSA request filed.
Comment 10 GLSAMaker/CVETool Bot gentoo-dev 2018-04-22 23:53:06 UTC 
This issue was resolved and addressed in
 GLSA 201804-21 at https://security.gentoo.org/glsa/201804-21
by GLSA coordinator Aaron Bauman (b-man).
Comment 11 Aaron Bauman (RETIRED) gentoo-dev 2018-04-22 23:54:07 UTC 
re-opened for cleanup
Comment 12 Larry the Git Cow gentoo-dev 2018-04-23 13:20:06 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=245f43208e00065a6f83325c8a59634fd4aa559f

commit 245f43208e00065a6f83325c8a59634fd4aa559f
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2018-04-23 13:19:26 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2018-04-23 13:19:58 +0000

    dev-libs/librelp: Security cleanup
    
    Bug: https://bugs.gentoo.org/651192
    Package-Manager: Portage-2.3.31, Repoman-2.3.9

 dev-libs/librelp/Manifest              |  3 --
 dev-libs/librelp/librelp-1.2.12.ebuild | 55 ----------------------------------
 dev-libs/librelp/librelp-1.2.13.ebuild | 55 ----------------------------------
 dev-libs/librelp/librelp-1.2.14.ebuild | 55 ----------------------------------
 4 files changed, 168 deletions(-)}
Comment 13 Thomas Deutschmann (RETIRED) gentoo-dev 2018-04-23 13:20:37 UTC 
Repository is clean, all done.