Security update for librelp SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2018:0829-1 Final 1 1 2018-03-27T11:36:25Z current 2018-03-27T11:36:25Z 2018-03-27T11:36:25Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for librelp This update for librelp fixes the following issues: - CVE-2018-1000140: A stack-based buffer overflow in the code for checking of x509 certificates allowed a remote attacker with an access to the rsyslog logging facility to potentially execute arbitrary code by sending a specially crafted x509 certificate. (bsc#1086730) This update was imported from the SUSE:SLE-12-SP3:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2018-03/msg00064.html E-Mail link for openSUSE-SU-2018:0829-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.3 librelp-1.2.12-2.3.1 librelp-devel-1.2.12-2.3.1 librelp0-1.2.12-2.3.1 librelp-1.2.12-2.3.1 as a component of openSUSE Leap 42.3 librelp-devel-1.2.12-2.3.1 as a component of openSUSE Leap 42.3 librelp0-1.2.12-2.3.1 as a component of openSUSE Leap 42.3 rsyslog librelp version 1.2.14 and earlier contains a Buffer Overflow vulnerability in the checking of x509 certificates from a peer that can result in Remote code execution. This attack appear to be exploitable a remote attacker that can connect to rsyslog and trigger a stack buffer overflow by sending a specially crafted x509 certificate. CVE-2018-1000140 openSUSE Leap 42.3:librelp-1.2.12-2.3.1 openSUSE Leap 42.3:librelp-devel-1.2.12-2.3.1 openSUSE Leap 42.3:librelp0-1.2.12-2.3.1 critical Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-03/msg00064.html https://www.suse.com/security/cve/CVE-2018-1000140.html CVE-2018-1000140 https://bugzilla.suse.com/1086730 SUSE Bug 1086730