CVE-2018-1000140

Priority
Medium
Description
rsyslog librelp version 1.2.14 and earlier contains a Buffer Overflow
vulnerability in the checking of x509 certificates from a peer that can
result in Remote code execution. This attack appear to be exploitable a
remote attacker that can connect to rsyslog and trigger a stack buffer
overflow by sending a specially crafted x509 certificate.
References
Notes
 mdeslaur> only used by rsyslog-relp packages in trusty, which is in
 mdeslaur> universe.
Package
Upstream:released (1.2.15-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):released (1.2.2-2ubuntu1.1)
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 17.10 (Artful Aardvark):needed
Ubuntu 18.04 LTS (Bionic Beaver):needed
Patches:
Upstream:https://github.com/rsyslog/librelp/commit/2cfe657672636aa5d7d2a14cfcb0a6ab9d1f00cf
More Information

Updated: 2018-03-28 20:14:19 UTC (commit 14452)