You are here
Home > Preporuke > Sigurnosni nedostatak programske biblioteke librelp

Sigurnosni nedostatak programske biblioteke librelp

by Marina Dimic Vugec - 0
  • Detalji os-a: WN7
  • Važnost: URG
  • Operativni sustavi: L
  • Kategorije: LRH

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Critical: librelp security update
Advisory ID: RHSA-2018:1701-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2018:1701
Issue date: 2018-05-23
CVE Names: CVE-2018-1000140
=====================================================================

1. Summary:

An update for librelp is now available for Red Hat Enterprise Linux 6.6
Advanced Update Support and Red Hat Enterprise Linux 6.6 Telco Extended
Update Support.

Red Hat Product Security has rated this update as having a security impact
of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Server AUS (v. 6.6) – x86_64
Red Hat Enterprise Linux Server Optional AUS (v. 6.6) – x86_64
Red Hat Enterprise Linux Server Optional TUS (v. 6.6) – x86_64
Red Hat Enterprise Linux Server TUS (v. 6.6) – x86_64

3. Description:

Librelp is an easy-to-use library for the Reliable Event Logging Protocol
(RELP) protocol. RELP is a general-purpose, extensible logging protocol.

Security Fix(es):

* librelp: Stack-based buffer overflow in relpTcpChkPeerName function in
src/tcp.c (CVE-2018-1000140)

For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.

Red Hat would like to thank Rainer Gerhards (rsyslog) for reporting this
issue. Upstream acknowledges Bas van Schaik (lgtm.com / Semmle) and Kevin
Backhouse (lgtm.com / Semmle) as the original reporters.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1560084 – CVE-2018-1000140 librelp: Stack-based buffer overflow in relpTcpChkPeerName function in src/tcp.c

6. Package List:

Red Hat Enterprise Linux Server AUS (v. 6.6):

Source:
librelp-1.2.7-3.el6_6.1.src.rpm

x86_64:
librelp-1.2.7-3.el6_6.1.x86_64.rpm
librelp-debuginfo-1.2.7-3.el6_6.1.x86_64.rpm

Red Hat Enterprise Linux Server TUS (v. 6.6):

Source:
librelp-1.2.7-3.el6_6.1.src.rpm

x86_64:
librelp-1.2.7-3.el6_6.1.x86_64.rpm
librelp-debuginfo-1.2.7-3.el6_6.1.x86_64.rpm

Red Hat Enterprise Linux Server Optional AUS (v. 6.6):

x86_64:
librelp-1.2.7-3.el6_6.1.i686.rpm
librelp-debuginfo-1.2.7-3.el6_6.1.i686.rpm
librelp-debuginfo-1.2.7-3.el6_6.1.x86_64.rpm
librelp-devel-1.2.7-3.el6_6.1.i686.rpm
librelp-devel-1.2.7-3.el6_6.1.x86_64.rpm

Red Hat Enterprise Linux Server Optional TUS (v. 6.6):

x86_64:
librelp-1.2.7-3.el6_6.1.i686.rpm
librelp-debuginfo-1.2.7-3.el6_6.1.i686.rpm
librelp-debuginfo-1.2.7-3.el6_6.1.x86_64.rpm
librelp-devel-1.2.7-3.el6_6.1.i686.rpm
librelp-devel-1.2.7-3.el6_6.1.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-1000140
https://access.redhat.com/security/updates/classification/#critical

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIVAwUBWwWNmdzjgjWX9erEAQgS2RAAgt7TBrR9G4bJzs9KKj6EenAcvvHO48OH
FCOAf0VLb8rhsC2VO7TAogALqxHiNZywPapvuWohwZwB13kQi8F1BRb9fDlie1j9
uqfwRwX2ZwfxDeshghSNByjUFRfr4pTg2q/6tcg79i3a97hyBh286bjy3fKUzkJN
JTCulh5uRkA+Hz5VBXqBtZFkUfe4zXkasPskLAuOrEAapNsGLU1ahHL2PQZHJh5Z
R82P1xfUhM9p1R6uWP+SkGDako65p7L4wCMRDuJoDfi/DwrUv3StWfrFLyEpcOLa
7IIUK3oLeRDOw5HPTj1sw1uLKR3Ghg11+QaU5ouJXqwE1fpGBpTeRNka7IBE1w/A
KHPnCZsENRR6YoBWDWS3vvD5d2C8oK0SQdbVycsjrJNjVvZcBQx9Dgm+eZl8by8Q
U5ugxqNjW0g3qV4bIJHKfaftnzPgON4fFOJy8uYQtB51ndr1LsXKHA8mQQYF1dUO
r5MTlTgXZwTjHMi61elenYVZfGnYuXHKqEs7M+3cI62oo3/tAkg6Xc8oLXA+DWxj
ThXJAHBuo0Ug4wgcqkhcoR0mr4++0RzSZEzbX4J4oGz/6CZ6HVDqmgFmD+CczgPp
rv2YjNAMJfM3K+TRj2A9atFOXC9yJ4Oniprx+kLJ9uGUGV09GYMzoIUjaHi+UCtz
y1TdE82dZAA=
=1JWL
—–END PGP SIGNATURE—–


RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Critical: librelp security update
Advisory ID: RHSA-2018:1704-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2018:1704
Issue date: 2018-05-23
CVE Names: CVE-2018-1000140
=====================================================================

1. Summary:

An update for librelp is now available for Red Hat Enterprise Linux 7.4
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact
of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux ComputeNode EUS (v. 7.4) – x86_64
Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.4) – x86_64
Red Hat Enterprise Linux Server EUS (v. 7.4) – aarch64, ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional EUS (v. 7.4) – aarch64, ppc64, ppc64le, s390x, x86_64

3. Description:

Librelp is an easy-to-use library for the Reliable Event Logging Protocol
(RELP) protocol. RELP is a general-purpose, extensible logging protocol.

Security Fix(es):

* librelp: Stack-based buffer overflow in relpTcpChkPeerName function in
src/tcp.c (CVE-2018-1000140)

For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.

Red Hat would like to thank Rainer Gerhards (rsyslog) for reporting this
issue. Upstream acknowledges Bas van Schaik (lgtm.com / Semmle) and Kevin
Backhouse (lgtm.com / Semmle) as the original reporters.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1560084 – CVE-2018-1000140 librelp: Stack-based buffer overflow in relpTcpChkPeerName function in src/tcp.c

6. Package List:

Red Hat Enterprise Linux ComputeNode EUS (v. 7.4):

Source:
librelp-1.2.12-1.el7_4.1.src.rpm

x86_64:
librelp-1.2.12-1.el7_4.1.i686.rpm
librelp-1.2.12-1.el7_4.1.x86_64.rpm
librelp-debuginfo-1.2.12-1.el7_4.1.i686.rpm
librelp-debuginfo-1.2.12-1.el7_4.1.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.4):

x86_64:
librelp-debuginfo-1.2.12-1.el7_4.1.i686.rpm
librelp-debuginfo-1.2.12-1.el7_4.1.x86_64.rpm
librelp-devel-1.2.12-1.el7_4.1.i686.rpm
librelp-devel-1.2.12-1.el7_4.1.x86_64.rpm

Red Hat Enterprise Linux Server EUS (v. 7.4):

Source:
librelp-1.2.12-1.el7_4.1.src.rpm

aarch64:
librelp-1.2.12-1.el7_4.1.aarch64.rpm
librelp-debuginfo-1.2.12-1.el7_4.1.aarch64.rpm

ppc64:
librelp-1.2.12-1.el7_4.1.ppc.rpm
librelp-1.2.12-1.el7_4.1.ppc64.rpm
librelp-debuginfo-1.2.12-1.el7_4.1.ppc.rpm
librelp-debuginfo-1.2.12-1.el7_4.1.ppc64.rpm

ppc64le:
librelp-1.2.12-1.el7_4.1.ppc64le.rpm
librelp-debuginfo-1.2.12-1.el7_4.1.ppc64le.rpm

s390x:
librelp-1.2.12-1.el7_4.1.s390.rpm
librelp-1.2.12-1.el7_4.1.s390x.rpm
librelp-debuginfo-1.2.12-1.el7_4.1.s390.rpm
librelp-debuginfo-1.2.12-1.el7_4.1.s390x.rpm

x86_64:
librelp-1.2.12-1.el7_4.1.i686.rpm
librelp-1.2.12-1.el7_4.1.x86_64.rpm
librelp-debuginfo-1.2.12-1.el7_4.1.i686.rpm
librelp-debuginfo-1.2.12-1.el7_4.1.x86_64.rpm

Red Hat Enterprise Linux Server Optional EUS (v. 7.4):

aarch64:
librelp-debuginfo-1.2.12-1.el7_4.1.aarch64.rpm
librelp-devel-1.2.12-1.el7_4.1.aarch64.rpm

ppc64:
librelp-debuginfo-1.2.12-1.el7_4.1.ppc.rpm
librelp-debuginfo-1.2.12-1.el7_4.1.ppc64.rpm
librelp-devel-1.2.12-1.el7_4.1.ppc.rpm
librelp-devel-1.2.12-1.el7_4.1.ppc64.rpm

ppc64le:
librelp-debuginfo-1.2.12-1.el7_4.1.ppc64le.rpm
librelp-devel-1.2.12-1.el7_4.1.ppc64le.rpm

s390x:
librelp-debuginfo-1.2.12-1.el7_4.1.s390.rpm
librelp-debuginfo-1.2.12-1.el7_4.1.s390x.rpm
librelp-devel-1.2.12-1.el7_4.1.s390.rpm
librelp-devel-1.2.12-1.el7_4.1.s390x.rpm

x86_64:
librelp-debuginfo-1.2.12-1.el7_4.1.i686.rpm
librelp-debuginfo-1.2.12-1.el7_4.1.x86_64.rpm
librelp-devel-1.2.12-1.el7_4.1.i686.rpm
librelp-devel-1.2.12-1.el7_4.1.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-1000140
https://access.redhat.com/security/updates/classification/#critical

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIVAwUBWwWOodzjgjWX9erEAQjPVxAAnBRa3zK0DcJ/Oe2Q9kH//5Jfw5lAsfIO
hyBkJchvZrMBCMwiQt9wtDF4Vrp5EarQkEyOsIsU4qberXZdnfr3BiN6yvDSHui8
4+mTAKeyudKCed5hmyLk3LZ8C//utUnYeQcwR5bGH9vcXj+srGNw2UufyfyHeRjS
4IxC2HcAoAGFoK2BnZEnBrk1gyjgFsdPiR6+kydOWWsxhfLpQzCVKAOldploHFym
RkrGuRqHWawDmM40D0k3S8eIzqPloK7O4iYLs9D5EACM7dMO/tEpPJUxCqLroCPW
6eTyJ/MJC2HSTPNmfq0IiZpjP67MhYyKYaYPF2GC6khmYRRuIWPlFKM9BVBkPJI6
iTjk76xPKZ9oBTkP02v4fXpLebElIlL4GWwrcEm2btqHCIfzidi341NNCMbclxQg
kP4onNb5cQVaqGFy3Fj+M8SLBkML1uWjvMd0jrKHtglPt9lxuPiZf/hD1SOPEkFs
yyGoWqu6GtcBrtzOvztn1xGScoLdf4WAaOnblGLdke0uh2sA8Tv0Bho3TdFIwbm5
L2cd0P8D3A8gkz77N1A8F0jMB5c58SR2r0kWwp5aa3JIOmZUcvvMqjAOjksVqmmf
dNpMaJPPXvdMRsngVp/UCDOWhZ3RmqQYJUIULR2Iq+CmuoOwq+nVGYbkJelAUICp
KuHfsuojUlQ=
=RH9q
—–END PGP SIGNATURE—–


RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Critical: librelp security update
Advisory ID: RHSA-2018:1702-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2018:1702
Issue date: 2018-05-23
CVE Names: CVE-2018-1000140
=====================================================================

1. Summary:

An update for librelp is now available for Red Hat Enterprise Linux 6.7
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact
of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux HPC Node EUS (v. 6.7) – x86_64
Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7) – x86_64
Red Hat Enterprise Linux Server EUS (v. 6.7) – i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional EUS (v. 6.7) – i386, ppc64, s390x, x86_64

3. Description:

Librelp is an easy-to-use library for the Reliable Event Logging Protocol
(RELP) protocol. RELP is a general-purpose, extensible logging protocol.

Security Fix(es):

* librelp: Stack-based buffer overflow in relpTcpChkPeerName function in
src/tcp.c (CVE-2018-1000140)

For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.

Red Hat would like to thank Rainer Gerhards (rsyslog) for reporting this
issue. Upstream acknowledges Bas van Schaik (lgtm.com / Semmle) and Kevin
Backhouse (lgtm.com / Semmle) as the original reporters.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1560084 – CVE-2018-1000140 librelp: Stack-based buffer overflow in relpTcpChkPeerName function in src/tcp.c

6. Package List:

Red Hat Enterprise Linux HPC Node EUS (v. 6.7):

Source:
librelp-1.2.7-3.el6_7.1.src.rpm

x86_64:
librelp-1.2.7-3.el6_7.1.x86_64.rpm
librelp-debuginfo-1.2.7-3.el6_7.1.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7):

x86_64:
librelp-1.2.7-3.el6_7.1.i686.rpm
librelp-debuginfo-1.2.7-3.el6_7.1.i686.rpm
librelp-debuginfo-1.2.7-3.el6_7.1.x86_64.rpm
librelp-devel-1.2.7-3.el6_7.1.i686.rpm
librelp-devel-1.2.7-3.el6_7.1.x86_64.rpm

Red Hat Enterprise Linux Server EUS (v. 6.7):

Source:
librelp-1.2.7-3.el6_7.1.src.rpm

i386:
librelp-1.2.7-3.el6_7.1.i686.rpm
librelp-debuginfo-1.2.7-3.el6_7.1.i686.rpm

ppc64:
librelp-1.2.7-3.el6_7.1.ppc64.rpm
librelp-debuginfo-1.2.7-3.el6_7.1.ppc64.rpm

s390x:
librelp-1.2.7-3.el6_7.1.s390x.rpm
librelp-debuginfo-1.2.7-3.el6_7.1.s390x.rpm

x86_64:
librelp-1.2.7-3.el6_7.1.x86_64.rpm
librelp-debuginfo-1.2.7-3.el6_7.1.x86_64.rpm

Red Hat Enterprise Linux Server Optional EUS (v. 6.7):

i386:
librelp-debuginfo-1.2.7-3.el6_7.1.i686.rpm
librelp-devel-1.2.7-3.el6_7.1.i686.rpm

ppc64:
librelp-1.2.7-3.el6_7.1.ppc.rpm
librelp-debuginfo-1.2.7-3.el6_7.1.ppc.rpm
librelp-debuginfo-1.2.7-3.el6_7.1.ppc64.rpm
librelp-devel-1.2.7-3.el6_7.1.ppc.rpm
librelp-devel-1.2.7-3.el6_7.1.ppc64.rpm

s390x:
librelp-1.2.7-3.el6_7.1.s390.rpm
librelp-debuginfo-1.2.7-3.el6_7.1.s390.rpm
librelp-debuginfo-1.2.7-3.el6_7.1.s390x.rpm
librelp-devel-1.2.7-3.el6_7.1.s390.rpm
librelp-devel-1.2.7-3.el6_7.1.s390x.rpm

x86_64:
librelp-1.2.7-3.el6_7.1.i686.rpm
librelp-debuginfo-1.2.7-3.el6_7.1.i686.rpm
librelp-debuginfo-1.2.7-3.el6_7.1.x86_64.rpm
librelp-devel-1.2.7-3.el6_7.1.i686.rpm
librelp-devel-1.2.7-3.el6_7.1.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-1000140
https://access.redhat.com/security/updates/classification/#critical

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIVAwUBWwWO3dzjgjWX9erEAQj3ig//deld+QBy8vVBr3gkvsSR/n7cXfuF8GiG
OZAg6hVhPPpO8cT/mkT99bZFqD6zNWK7mAMAIk6QE+FMnSUn0r8bl1yEqAwfuenv
HjARSlfDdS5SSDAQ7FBxq7ffBkHWXo3+j1mXvZUoUZmbvUl60DsHEH+F5XlQf+ks
PoEkg/XW9t3IgRfk9wzlKrWBuyte5wIHFE8SsEAIJGYsf3Z/g5K9h9lW+M5VgoO8
ugtZ4KM2vvUSnrnNPhYnTqSI3e1stmx7rfF8IVOkhTrMS9ZJne8yrhScuxh0qidh
gzLlOErW92LFObFXUAq+u2rVJAG7/vx8nwDAhAIuVXpXgeOxcP3980CYkEI00gkY
Hxe6zfL50kgnlJfzIpcVYiFourKD0rOOZAvAOiIFO7BNP3LwUdwmm5h+3EflQF/n
29/dbS2LxOHI1u/CZYthWH0ue5CTKTOAt+xVliafcYQehYZbPpnZMstmSWaw4HNr
JhgKTnImcIpRh/csLwkYMg5vbpSTORaz+x/CIgtgqTHMDV8bmwfYd8hTjhV+8wiM
8LXxY+m0rrLx2RktuBx/bYZEsTvfuIs10XXMJJEOjDxxM4ldJE4ssKJE3lYxhoQB
vY2Oo92bT5ku/DGomFJaLE7BEQ2+ocmDojRY/K9x3bXcifWs7mZ3ef/eieUedNUl
Z5Lr32dHLBE=
=dsu2
—–END PGP SIGNATURE—–


RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Critical: librelp security update
Advisory ID: RHSA-2018:1707-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2018:1707
Issue date: 2018-05-23
CVE Names: CVE-2018-1000140
=====================================================================

1. Summary:

An update for librelp is now available for Red Hat Enterprise Linux 7.3
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact
of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux ComputeNode EUS (v. 7.3) – x86_64
Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.3) – x86_64
Red Hat Enterprise Linux Server EUS (v. 7.3) – ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional EUS (v. 7.3) – ppc64, ppc64le, s390x, x86_64

3. Description:

Librelp is an easy-to-use library for the Reliable Event Logging Protocol
(RELP) protocol. RELP is a general-purpose, extensible logging protocol.

Security Fix(es):

* librelp: Stack-based buffer overflow in relpTcpChkPeerName function in
src/tcp.c (CVE-2018-1000140)

For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.

Red Hat would like to thank Rainer Gerhards (rsyslog) for reporting this
issue. Upstream acknowledges Bas van Schaik (lgtm.com / Semmle) and Kevin
Backhouse (lgtm.com / Semmle) as the original reporters.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1560084 – CVE-2018-1000140 librelp: Stack-based buffer overflow in relpTcpChkPeerName function in src/tcp.c

6. Package List:

Red Hat Enterprise Linux ComputeNode EUS (v. 7.3):

Source:
librelp-1.2.0-4.el7_3.src.rpm

x86_64:
librelp-1.2.0-4.el7_3.i686.rpm
librelp-1.2.0-4.el7_3.x86_64.rpm
librelp-debuginfo-1.2.0-4.el7_3.i686.rpm
librelp-debuginfo-1.2.0-4.el7_3.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.3):

x86_64:
librelp-debuginfo-1.2.0-4.el7_3.i686.rpm
librelp-debuginfo-1.2.0-4.el7_3.x86_64.rpm
librelp-devel-1.2.0-4.el7_3.i686.rpm
librelp-devel-1.2.0-4.el7_3.x86_64.rpm

Red Hat Enterprise Linux Server EUS (v. 7.3):

Source:
librelp-1.2.0-4.el7_3.src.rpm

ppc64:
librelp-1.2.0-4.el7_3.ppc.rpm
librelp-1.2.0-4.el7_3.ppc64.rpm
librelp-debuginfo-1.2.0-4.el7_3.ppc.rpm
librelp-debuginfo-1.2.0-4.el7_3.ppc64.rpm

ppc64le:
librelp-1.2.0-4.el7_3.ppc64le.rpm
librelp-debuginfo-1.2.0-4.el7_3.ppc64le.rpm

s390x:
librelp-1.2.0-4.el7_3.s390.rpm
librelp-1.2.0-4.el7_3.s390x.rpm
librelp-debuginfo-1.2.0-4.el7_3.s390.rpm
librelp-debuginfo-1.2.0-4.el7_3.s390x.rpm

x86_64:
librelp-1.2.0-4.el7_3.i686.rpm
librelp-1.2.0-4.el7_3.x86_64.rpm
librelp-debuginfo-1.2.0-4.el7_3.i686.rpm
librelp-debuginfo-1.2.0-4.el7_3.x86_64.rpm

Red Hat Enterprise Linux Server Optional EUS (v. 7.3):

ppc64:
librelp-debuginfo-1.2.0-4.el7_3.ppc.rpm
librelp-debuginfo-1.2.0-4.el7_3.ppc64.rpm
librelp-devel-1.2.0-4.el7_3.ppc.rpm
librelp-devel-1.2.0-4.el7_3.ppc64.rpm

ppc64le:
librelp-debuginfo-1.2.0-4.el7_3.ppc64le.rpm
librelp-devel-1.2.0-4.el7_3.ppc64le.rpm

s390x:
librelp-debuginfo-1.2.0-4.el7_3.s390.rpm
librelp-debuginfo-1.2.0-4.el7_3.s390x.rpm
librelp-devel-1.2.0-4.el7_3.s390.rpm
librelp-devel-1.2.0-4.el7_3.s390x.rpm

x86_64:
librelp-debuginfo-1.2.0-4.el7_3.i686.rpm
librelp-debuginfo-1.2.0-4.el7_3.x86_64.rpm
librelp-devel-1.2.0-4.el7_3.i686.rpm
librelp-devel-1.2.0-4.el7_3.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-1000140
https://access.redhat.com/security/updates/classification/#critical

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIVAwUBWwWPVNzjgjWX9erEAQispA/8CkUCkUOKYxCAIv5LjCbqewj/FY1HUKlo
atTaANyqTZVVJUSWr9Zt+828Z8yeOWTcurtSoBJb+rsUVJRwKA/nlbC6St1hHEPC
GK6p9rvZ09LG7BLXZvxl6Ci9/AM6nZOHbRK3UCcg3ST0AeB6duB4yIdTqlkD4EHp
YnyZM2/rhaXxiNqhwuauV5j5tivyVXSmWyJIKRbydO7QcmqKoPkQyw1jSF62J1sq
LXqOI8Eu5qkNqTgGkxWJr2WmVdKQMImAuFRjImUz0hOzKdCBHVWxz0tuQX/iC86o
9MeWGBYftLahDmqA3NNtPmPe/ENp57WsV4IPb6zsTpGy9zvvuBD6rA8FmhnMN4/C
NUnJRh43KFRhvC0o8SOxRkWOg1Gein+wIpnkE/ZIbB1qvu1GYjpAqgedGOLuTHo2
gS9sl6glkBdLTkUCrNzqY+V/+pAmRcAz2nM3g50HnbrvtgOmP6eix59oC1xDm24Y
DE8rjtEtbRWXYZ2mkyhyeLTYW4Uvh12lD0QrdfZrCI3TMOr+TGIheko6osGp34N/
UiPig5XWTJNNzRnRdB9cEMS0yQmqNF8QW97vBQp2roCUGyI9lWOZ/EOp6yBr/d+d
Xtd2I6hBvgD6upPbpYAHcOetnONXFUx2DMNLfAtMPwIx2y0z9i6om/XebPpQsbib
ylkHeOvxLG0=
=fd7m
—–END PGP SIGNATURE—–


RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Critical: librelp security update
Advisory ID: RHSA-2018:1703-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2018:1703
Issue date: 2018-05-23
CVE Names: CVE-2018-1000140
=====================================================================

1. Summary:

An update for librelp is now available for Red Hat Enterprise Linux 7.2
Advanced Update Support, Red Hat Enterprise Linux 7.2 Telco Extended Update
Support, and Red Hat Enterprise Linux 7.2 Update Services for SAP
Solutions.

Red Hat Product Security has rated this update as having a security impact
of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Server AUS (v. 7.2) – x86_64
Red Hat Enterprise Linux Server E4S (v. 7.2) – ppc64le, x86_64
Red Hat Enterprise Linux Server Optional AUS (v. 7.2) – x86_64
Red Hat Enterprise Linux Server Optional E4S (v. 7.2) – ppc64le, x86_64
Red Hat Enterprise Linux Server Optional TUS (v. 7.2) – x86_64
Red Hat Enterprise Linux Server TUS (v. 7.2) – x86_64

3. Description:

Librelp is an easy-to-use library for the Reliable Event Logging Protocol
(RELP) protocol. RELP is a general-purpose, extensible logging protocol.

Security Fix(es):

* librelp: Stack-based buffer overflow in relpTcpChkPeerName function in
src/tcp.c (CVE-2018-1000140)

For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.

Red Hat would like to thank Rainer Gerhards (rsyslog) for reporting this
issue. Upstream acknowledges Bas van Schaik (lgtm.com / Semmle) and Kevin
Backhouse (lgtm.com / Semmle) as the original reporters.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1560084 – CVE-2018-1000140 librelp: Stack-based buffer overflow in relpTcpChkPeerName function in src/tcp.c

6. Package List:

Red Hat Enterprise Linux Server AUS (v. 7.2):

Source:
librelp-1.2.0-4.el7_2.src.rpm

x86_64:
librelp-1.2.0-4.el7_2.i686.rpm
librelp-1.2.0-4.el7_2.x86_64.rpm
librelp-debuginfo-1.2.0-4.el7_2.i686.rpm
librelp-debuginfo-1.2.0-4.el7_2.x86_64.rpm

Red Hat Enterprise Linux Server E4S (v. 7.2):

Source:
librelp-1.2.0-4.el7_2.src.rpm

ppc64le:
librelp-1.2.0-4.el7_2.ppc64le.rpm
librelp-debuginfo-1.2.0-4.el7_2.ppc64le.rpm

x86_64:
librelp-1.2.0-4.el7_2.i686.rpm
librelp-1.2.0-4.el7_2.x86_64.rpm
librelp-debuginfo-1.2.0-4.el7_2.i686.rpm
librelp-debuginfo-1.2.0-4.el7_2.x86_64.rpm

Red Hat Enterprise Linux Server TUS (v. 7.2):

Source:
librelp-1.2.0-4.el7_2.src.rpm

x86_64:
librelp-1.2.0-4.el7_2.i686.rpm
librelp-1.2.0-4.el7_2.x86_64.rpm
librelp-debuginfo-1.2.0-4.el7_2.i686.rpm
librelp-debuginfo-1.2.0-4.el7_2.x86_64.rpm

Red Hat Enterprise Linux Server Optional AUS (v. 7.2):

x86_64:
librelp-debuginfo-1.2.0-4.el7_2.i686.rpm
librelp-debuginfo-1.2.0-4.el7_2.x86_64.rpm
librelp-devel-1.2.0-4.el7_2.i686.rpm
librelp-devel-1.2.0-4.el7_2.x86_64.rpm

Red Hat Enterprise Linux Server Optional E4S (v. 7.2):

ppc64le:
librelp-debuginfo-1.2.0-4.el7_2.ppc64le.rpm
librelp-devel-1.2.0-4.el7_2.ppc64le.rpm

x86_64:
librelp-debuginfo-1.2.0-4.el7_2.i686.rpm
librelp-debuginfo-1.2.0-4.el7_2.x86_64.rpm
librelp-devel-1.2.0-4.el7_2.i686.rpm
librelp-devel-1.2.0-4.el7_2.x86_64.rpm

Red Hat Enterprise Linux Server Optional TUS (v. 7.2):

x86_64:
librelp-debuginfo-1.2.0-4.el7_2.i686.rpm
librelp-debuginfo-1.2.0-4.el7_2.x86_64.rpm
librelp-devel-1.2.0-4.el7_2.i686.rpm
librelp-devel-1.2.0-4.el7_2.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-1000140
https://access.redhat.com/security/updates/classification/#critical

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIVAwUBWwWPGNzjgjWX9erEAQjDIA//Y2R9wE+ZADiGDb2/JD5RiQjeLVWAeVRz
GnYoqzA7WNMB0gp3iYR8m7uRunPelu/6WNUJrm7R4iQyz3dEseUCjfw7bNBfV4ZU
bS5+VORm9+YziLmYgMrIHNKk+UODOEqPxZ5cgQGQkFezZKO480VrD7fn5BDYnv85
ELiTBfjqQ4WaW1ItIK2Kt5KzHFRjULqXuc2iSuJB08z1yM+zvcj+vMuWqXfipp/w
nl6sDMX+HXF/lXEy7VVAp3om2KcAoYVy4mQUnz6yi1uCiA2x2xjozLoBOorTAwsj
X2HtrgqsrI8TFNAU4rB9BYW4OrVBZUJ9LFmI9oVfvbYrPSPlZbUEFr73+h9CC9OX
jpyup4w48H/iNquNWxNdoMufeBMD+lPeG4FipGp+BRdVqxv9nc1pKwjGDGEaK56U
M3IZQjuYQGbcIlI617oCS4CKwTcqCwLPCbcubTu7ZV9Vcaj+bkyNn/LiQiODUxCO
q3DAzsv/DsiPKud54s/MXkFkIOrm8juxHFEuvGjvJseVwuZIvcv8hjLXMW79Wjhu
W1GEcDSCyg+HLJs8xLq4c2+r/4FKGhSPnAOwePT8OGzFR41BuRh4nmgyn2GfZ9qE
DD3EiUZfr3eGWmMop1En2l3tvCyo3LSL/IX953SwZHWMioplne+jc2mbIr7Nzu8Y
Sow4egSH7Lc=
=uD5P
—–END PGP SIGNATURE—–


RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

AutorDanijel Kozinovic
Cert idNCERT-REF-2018-05-0001-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
IzvorAdobe
Marina Dimic Vugec
Top
More in Preporuke
Sigurnosni nedostatak jezgre operacijskog sustava

Otkriven je sigurnosni nedostatak u jezgri operacijskog sustava Fedora. Otkriveni nedostatak potencijalnim napadačima omogućuje izazivanje DoS stanja. Savjetuje se ažuriranje...

Close