librelp version 1.2.14 and earlier contains a Buffer Overflow vulnerability in the checking of x509 certificates from a peer that can result in Remote code execution. This attack appear to be exploitable a remote attacker that can connect to rsyslog and trigger a stack buffer overflow by sending a specially crafted x509 certificate. Upstream patch: https://github.com/rsyslog/librelp/commit/2cfe657672636aa5d7d2a14cfcb0a6ab9d1f00cf References: https://lgtm.com/rules/1505913226124/ https://github.com/rsyslog/librelp/blob/532aa362f0f7a8d037505b0a27a1df452f9bac9e/src/tcp.c#L1205
Created librelp tracking bugs for this issue: Affects: fedora-all [bug 1560085]
External References: https://www.rsyslog.com/cve-2018-1000140/
Mitigation: Users are strongly advised not to expose their logging RELP services to a public network.
Acknowledgments: Name: Rainer Gerhards (rsyslog) Upstream: Bas van Schaik (lgtm.com / Semmle), Kevin Backhouse (lgtm.com / Semmle)
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2018:1223 https://access.redhat.com/errata/RHSA-2018:1223
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2018:1225 https://access.redhat.com/errata/RHSA-2018:1225
This issue has been addressed in the following products: Red Hat Enterprise Linux 6.6 Advanced Update Support Red Hat Enterprise Linux 6.6 Telco Extended Update Support Via RHSA-2018:1701 https://access.redhat.com/errata/RHSA-2018:1701
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.4 Extended Update Support Via RHSA-2018:1704 https://access.redhat.com/errata/RHSA-2018:1704
This issue has been addressed in the following products: Red Hat Enterprise Linux 6.7 Extended Update Support Via RHSA-2018:1702 https://access.redhat.com/errata/RHSA-2018:1702
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.2 Advanced Update Support Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions Red Hat Enterprise Linux 7.2 Telco Extended Update Support Via RHSA-2018:1703 https://access.redhat.com/errata/RHSA-2018:1703
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.3 Extended Update Support Via RHSA-2018:1707 https://access.redhat.com/errata/RHSA-2018:1707