SUSE-SU-2018:0828-1

UNKNOWN

Security update for librelp

Published Mar 27, 2018

Modified 7 years ago

Fix available

Details

This update for librelp fixes the following issues:

CVE-2018-1000140 (bsc#1086730): librelp contained a stack-based buffer overflow in the checking of x509 certificates. A remote attacker with an access to the rsyslog logging facility could have exploited it by sending a specially crafted x509 certificate.

Affected Packages

librelp

SUSE Linux Enterprise Server 12 SP1-LTSSSUSE Linux Enterprise Server 12 SP2SUSE Linux Enterprise Server 12-LTSSSUSE Linux Enterprise Server for Raspberry Pi 12 SP2SUSE Linux Enterprise Server for SAP Applications 12 SP1

Fixed in:

1.2.7-3.3.1

librelp0

Fixed in:

1.2.7-3.3.1

librelp-devel

SUSE Linux Enterprise Software Development Kit 12 SP2

Fixed in:

1.2.7-3.3.1

References

REPORT

https://bugzilla.suse.com/1086730