Issued:
2018-04-24
Updated:
2018-04-24

RHSA-2018:1225 - Security Advisory

Synopsis

Critical: librelp security update

Type/Severity

Security Advisory: Critical

Topic

An update for librelp is now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Librelp is an easy-to-use library for the Reliable Event Logging Protocol (RELP) protocol. RELP is a general-purpose, extensible logging protocol.

Security Fix(es):

  • librelp: Stack-based buffer overflow in relpTcpChkPeerName function in src/tcp.c (CVE-2018-1000140)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Red Hat would like to thank Rainer Gerhards (rsyslog) for reporting this issue. Upstream acknowledges Bas van Schaik (lgtm.com / Semmle) and Kevin Backhouse (lgtm.com / Semmle) as the original reporters.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux Server 6 x86_64
  • Red Hat Enterprise Linux Server 6 i386
  • Red Hat Enterprise Linux Workstation 6 x86_64
  • Red Hat Enterprise Linux Workstation 6 i386
  • Red Hat Enterprise Linux Desktop 6 x86_64
  • Red Hat Enterprise Linux Desktop 6 i386
  • Red Hat Enterprise Linux for IBM z Systems 6 s390x
  • Red Hat Enterprise Linux for Power, big endian 6 ppc64
  • Red Hat Enterprise Linux for Scientific Computing 6 x86_64

Fixes

  • BZ - 1560084 - CVE-2018-1000140 librelp: Stack-based buffer overflow in relpTcpChkPeerName function in src/tcp.c

CVEs

References

Red Hat Enterprise Linux Server 6

SRPM
librelp-1.2.7-3.el6_9.1.src.rpm SHA-256: f03e8d5ed5dea6ac788f1f89db3bf761b1023885b717b416e62f153a9d95790b
x86_64
librelp-1.2.7-3.el6_9.1.i686.rpm SHA-256: ccd4c737d5aa1f8a94ee9d0f117a3d58fe7a78bf9cb356db31eaef5880246d25
librelp-1.2.7-3.el6_9.1.x86_64.rpm SHA-256: 338857bd9efff5f05e68fdffbf7072aed270184247a049a543e865f66abb3a38
librelp-debuginfo-1.2.7-3.el6_9.1.i686.rpm SHA-256: 0e19c711d2e9a460d58b7211b9ecf6c5362303a89f36cdd94274baeb560955f5
librelp-debuginfo-1.2.7-3.el6_9.1.x86_64.rpm SHA-256: 213fc529da0e130e24b3ab748749e5920f4c53f2dfd165faa88370868f241b25
librelp-debuginfo-1.2.7-3.el6_9.1.x86_64.rpm SHA-256: 213fc529da0e130e24b3ab748749e5920f4c53f2dfd165faa88370868f241b25
librelp-devel-1.2.7-3.el6_9.1.i686.rpm SHA-256: 2b45d0fbc5381ab985d391ad9064cc6bc92b8b22bdf58711faa1df53bebdb3a8
librelp-devel-1.2.7-3.el6_9.1.x86_64.rpm SHA-256: 9b52dec3d9e2f186f5c696ca73a86bbf2c548ca4cd32bc248738fe41b27049e4
i386
librelp-1.2.7-3.el6_9.1.i686.rpm SHA-256: ccd4c737d5aa1f8a94ee9d0f117a3d58fe7a78bf9cb356db31eaef5880246d25
librelp-debuginfo-1.2.7-3.el6_9.1.i686.rpm SHA-256: 0e19c711d2e9a460d58b7211b9ecf6c5362303a89f36cdd94274baeb560955f5
librelp-debuginfo-1.2.7-3.el6_9.1.i686.rpm SHA-256: 0e19c711d2e9a460d58b7211b9ecf6c5362303a89f36cdd94274baeb560955f5
librelp-devel-1.2.7-3.el6_9.1.i686.rpm SHA-256: 2b45d0fbc5381ab985d391ad9064cc6bc92b8b22bdf58711faa1df53bebdb3a8

Red Hat Enterprise Linux Workstation 6

SRPM
librelp-1.2.7-3.el6_9.1.src.rpm SHA-256: f03e8d5ed5dea6ac788f1f89db3bf761b1023885b717b416e62f153a9d95790b
x86_64
librelp-1.2.7-3.el6_9.1.i686.rpm SHA-256: ccd4c737d5aa1f8a94ee9d0f117a3d58fe7a78bf9cb356db31eaef5880246d25
librelp-1.2.7-3.el6_9.1.x86_64.rpm SHA-256: 338857bd9efff5f05e68fdffbf7072aed270184247a049a543e865f66abb3a38
librelp-debuginfo-1.2.7-3.el6_9.1.i686.rpm SHA-256: 0e19c711d2e9a460d58b7211b9ecf6c5362303a89f36cdd94274baeb560955f5
librelp-debuginfo-1.2.7-3.el6_9.1.x86_64.rpm SHA-256: 213fc529da0e130e24b3ab748749e5920f4c53f2dfd165faa88370868f241b25
librelp-debuginfo-1.2.7-3.el6_9.1.x86_64.rpm SHA-256: 213fc529da0e130e24b3ab748749e5920f4c53f2dfd165faa88370868f241b25
librelp-devel-1.2.7-3.el6_9.1.i686.rpm SHA-256: 2b45d0fbc5381ab985d391ad9064cc6bc92b8b22bdf58711faa1df53bebdb3a8
librelp-devel-1.2.7-3.el6_9.1.x86_64.rpm SHA-256: 9b52dec3d9e2f186f5c696ca73a86bbf2c548ca4cd32bc248738fe41b27049e4
i386
librelp-1.2.7-3.el6_9.1.i686.rpm SHA-256: ccd4c737d5aa1f8a94ee9d0f117a3d58fe7a78bf9cb356db31eaef5880246d25
librelp-debuginfo-1.2.7-3.el6_9.1.i686.rpm SHA-256: 0e19c711d2e9a460d58b7211b9ecf6c5362303a89f36cdd94274baeb560955f5
librelp-debuginfo-1.2.7-3.el6_9.1.i686.rpm SHA-256: 0e19c711d2e9a460d58b7211b9ecf6c5362303a89f36cdd94274baeb560955f5
librelp-devel-1.2.7-3.el6_9.1.i686.rpm SHA-256: 2b45d0fbc5381ab985d391ad9064cc6bc92b8b22bdf58711faa1df53bebdb3a8

Red Hat Enterprise Linux Desktop 6

SRPM
librelp-1.2.7-3.el6_9.1.src.rpm SHA-256: f03e8d5ed5dea6ac788f1f89db3bf761b1023885b717b416e62f153a9d95790b
x86_64
librelp-1.2.7-3.el6_9.1.i686.rpm SHA-256: ccd4c737d5aa1f8a94ee9d0f117a3d58fe7a78bf9cb356db31eaef5880246d25
librelp-1.2.7-3.el6_9.1.x86_64.rpm SHA-256: 338857bd9efff5f05e68fdffbf7072aed270184247a049a543e865f66abb3a38
librelp-debuginfo-1.2.7-3.el6_9.1.i686.rpm SHA-256: 0e19c711d2e9a460d58b7211b9ecf6c5362303a89f36cdd94274baeb560955f5
librelp-debuginfo-1.2.7-3.el6_9.1.x86_64.rpm SHA-256: 213fc529da0e130e24b3ab748749e5920f4c53f2dfd165faa88370868f241b25
librelp-debuginfo-1.2.7-3.el6_9.1.x86_64.rpm SHA-256: 213fc529da0e130e24b3ab748749e5920f4c53f2dfd165faa88370868f241b25
librelp-devel-1.2.7-3.el6_9.1.i686.rpm SHA-256: 2b45d0fbc5381ab985d391ad9064cc6bc92b8b22bdf58711faa1df53bebdb3a8
librelp-devel-1.2.7-3.el6_9.1.x86_64.rpm SHA-256: 9b52dec3d9e2f186f5c696ca73a86bbf2c548ca4cd32bc248738fe41b27049e4
i386
librelp-1.2.7-3.el6_9.1.i686.rpm SHA-256: ccd4c737d5aa1f8a94ee9d0f117a3d58fe7a78bf9cb356db31eaef5880246d25
librelp-debuginfo-1.2.7-3.el6_9.1.i686.rpm SHA-256: 0e19c711d2e9a460d58b7211b9ecf6c5362303a89f36cdd94274baeb560955f5
librelp-debuginfo-1.2.7-3.el6_9.1.i686.rpm SHA-256: 0e19c711d2e9a460d58b7211b9ecf6c5362303a89f36cdd94274baeb560955f5
librelp-devel-1.2.7-3.el6_9.1.i686.rpm SHA-256: 2b45d0fbc5381ab985d391ad9064cc6bc92b8b22bdf58711faa1df53bebdb3a8

Red Hat Enterprise Linux for IBM z Systems 6

SRPM
librelp-1.2.7-3.el6_9.1.src.rpm SHA-256: f03e8d5ed5dea6ac788f1f89db3bf761b1023885b717b416e62f153a9d95790b
s390x
librelp-1.2.7-3.el6_9.1.s390.rpm SHA-256: 682de3f7265b81e0ba1ebf95260f17bc62c93e3ad516a859c9083104c05690c4
librelp-1.2.7-3.el6_9.1.s390x.rpm SHA-256: 8aa7cd9bb9a99d56976654fc4c25b022d5bbc5b4ec5a891d659da757cbefd8c5
librelp-debuginfo-1.2.7-3.el6_9.1.s390.rpm SHA-256: 0eeb8b5a51a4b19081bbb9a60e66d7d8df6f6d08596df3a75c3e89f50c47c4ea
librelp-debuginfo-1.2.7-3.el6_9.1.s390x.rpm SHA-256: 83a5902685dfff4911699e69da9f04341cb918431d9732f62c2bdee51189a1ae
librelp-debuginfo-1.2.7-3.el6_9.1.s390x.rpm SHA-256: 83a5902685dfff4911699e69da9f04341cb918431d9732f62c2bdee51189a1ae
librelp-devel-1.2.7-3.el6_9.1.s390.rpm SHA-256: 0736a49efefda37bd933280b472ef095de06c41a82402d94871bc9907b6f4f1a
librelp-devel-1.2.7-3.el6_9.1.s390x.rpm SHA-256: d44d6435a1419d61b7728097298189693bdacdf1d7d9a1b957f7963da2bd4929

Red Hat Enterprise Linux for Power, big endian 6

SRPM
librelp-1.2.7-3.el6_9.1.src.rpm SHA-256: f03e8d5ed5dea6ac788f1f89db3bf761b1023885b717b416e62f153a9d95790b
ppc64
librelp-1.2.7-3.el6_9.1.ppc.rpm SHA-256: 82bab2f3d73c2b78eadcd3265daf6539b40b5513e9882f99c567f59d289ec86f
librelp-1.2.7-3.el6_9.1.ppc64.rpm SHA-256: 977806e902f720083a026c037baa443def1da480ebc4f9e62502f8d46f89583a
librelp-debuginfo-1.2.7-3.el6_9.1.ppc.rpm SHA-256: 7c96d6cc770d9ea4a0cd873d8e9f70a34006dedba32d5a82adf0c448423d3b88
librelp-debuginfo-1.2.7-3.el6_9.1.ppc64.rpm SHA-256: e5c5d3ae871c62a3502490bfe050d86fb998437d1cc6770f6efc3d79ecb1c997
librelp-debuginfo-1.2.7-3.el6_9.1.ppc64.rpm SHA-256: e5c5d3ae871c62a3502490bfe050d86fb998437d1cc6770f6efc3d79ecb1c997
librelp-devel-1.2.7-3.el6_9.1.ppc.rpm SHA-256: 0727ff3be3a4d2ddda41a0d5849d413dd45237d5d7962bfc87189921904e2389
librelp-devel-1.2.7-3.el6_9.1.ppc64.rpm SHA-256: 0ad06def50165396214d625e8f59a222ee76b1a51b4c2a21fcbf6c9c205157d7

Red Hat Enterprise Linux for Scientific Computing 6

SRPM
librelp-1.2.7-3.el6_9.1.src.rpm SHA-256: f03e8d5ed5dea6ac788f1f89db3bf761b1023885b717b416e62f153a9d95790b
x86_64
librelp-1.2.7-3.el6_9.1.i686.rpm SHA-256: ccd4c737d5aa1f8a94ee9d0f117a3d58fe7a78bf9cb356db31eaef5880246d25
librelp-1.2.7-3.el6_9.1.x86_64.rpm SHA-256: 338857bd9efff5f05e68fdffbf7072aed270184247a049a543e865f66abb3a38
librelp-debuginfo-1.2.7-3.el6_9.1.i686.rpm SHA-256: 0e19c711d2e9a460d58b7211b9ecf6c5362303a89f36cdd94274baeb560955f5
librelp-debuginfo-1.2.7-3.el6_9.1.x86_64.rpm SHA-256: 213fc529da0e130e24b3ab748749e5920f4c53f2dfd165faa88370868f241b25
librelp-debuginfo-1.2.7-3.el6_9.1.x86_64.rpm SHA-256: 213fc529da0e130e24b3ab748749e5920f4c53f2dfd165faa88370868f241b25
librelp-devel-1.2.7-3.el6_9.1.i686.rpm SHA-256: 2b45d0fbc5381ab985d391ad9064cc6bc92b8b22bdf58711faa1df53bebdb3a8
librelp-devel-1.2.7-3.el6_9.1.x86_64.rpm SHA-256: 9b52dec3d9e2f186f5c696ca73a86bbf2c548ca4cd32bc248738fe41b27049e4

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.