Red Hat Product Errata RHSA-2018:1707 - Security Advisory

Issued:: 2018-05-23
Updated:: 2018-05-23

RHSA-2018:1707 - Security Advisory

Overview
Updated Packages

Synopsis

Critical: librelp security update

Type/Severity

Security Advisory: Critical

Topic

An update for librelp is now available for Red Hat Enterprise Linux 7.3 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Librelp is an easy-to-use library for the Reliable Event Logging Protocol (RELP) protocol. RELP is a general-purpose, extensible logging protocol.

Security Fix(es):

librelp: Stack-based buffer overflow in relpTcpChkPeerName function in src/tcp.c (CVE-2018-1000140)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Red Hat would like to thank Rainer Gerhards (rsyslog) for reporting this issue. Upstream acknowledges Bas van Schaik (lgtm.com / Semmle) and Kevin Backhouse (lgtm.com / Semmle) as the original reporters.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux Server - Extended Update Support 7.3 x86_64
Red Hat Enterprise Linux EUS Compute Node 7.3 x86_64
Red Hat Enterprise Linux Server - AUS 7.3 x86_64
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.3 s390x
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.3 ppc64
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.3 ppc64le
Red Hat Enterprise Linux Server - TUS 7.3 x86_64
Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 7.3 ppc64le
Red Hat Enterprise Linux Server - Update Services for SAP Solutions 7.3 x86_64

Fixes

BZ - 1560084 - CVE-2018-1000140 librelp: Stack-based buffer overflow in relpTcpChkPeerName function in src/tcp.c

CVEs

CVE-2018-1000140

References

https://access.redhat.com/security/updates/classification/#critical

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server - Extended Update Support 7.3

SRPM
librelp-1.2.0-4.el7_3.src.rpm	SHA-256: 62985905848add1f8718e10115ed660bc8b80b5b43f6858a15e78b94704e7e68
x86_64
librelp-1.2.0-4.el7_3.i686.rpm	SHA-256: fda738714ddf5e9e30ce9ab8942f1d64396b756898a9cb47b506da1b12f454ef
librelp-1.2.0-4.el7_3.x86_64.rpm	SHA-256: 4ee34bd146bbedd696a8f981e67ce860ba0128fd8703c09e28a70929b70fb0db
librelp-debuginfo-1.2.0-4.el7_3.i686.rpm	SHA-256: 8cc1c6ddd75e5f661f9d00ce267d09e17f662fd0a0021fefaa2b2b975cbe246b
librelp-debuginfo-1.2.0-4.el7_3.i686.rpm	SHA-256: 8cc1c6ddd75e5f661f9d00ce267d09e17f662fd0a0021fefaa2b2b975cbe246b
librelp-debuginfo-1.2.0-4.el7_3.x86_64.rpm	SHA-256: 424c2bf5b2864a6e175a566c1a1417d5a7c978019e7d420c66ecb6a9890aa20f
librelp-debuginfo-1.2.0-4.el7_3.x86_64.rpm	SHA-256: 424c2bf5b2864a6e175a566c1a1417d5a7c978019e7d420c66ecb6a9890aa20f
librelp-devel-1.2.0-4.el7_3.i686.rpm	SHA-256: 9dd413ddc998fcbd48affa949828c558e774f8e491e2e093ec24168131575392
librelp-devel-1.2.0-4.el7_3.x86_64.rpm	SHA-256: 99db810ba5a2f3ac225d88fae7926e20922432cfad07a3a5aaedc391888c62c2

Red Hat Enterprise Linux EUS Compute Node 7.3

SRPM
librelp-1.2.0-4.el7_3.src.rpm	SHA-256: 62985905848add1f8718e10115ed660bc8b80b5b43f6858a15e78b94704e7e68
x86_64
librelp-1.2.0-4.el7_3.i686.rpm	SHA-256: fda738714ddf5e9e30ce9ab8942f1d64396b756898a9cb47b506da1b12f454ef
librelp-1.2.0-4.el7_3.x86_64.rpm	SHA-256: 4ee34bd146bbedd696a8f981e67ce860ba0128fd8703c09e28a70929b70fb0db
librelp-debuginfo-1.2.0-4.el7_3.i686.rpm	SHA-256: 8cc1c6ddd75e5f661f9d00ce267d09e17f662fd0a0021fefaa2b2b975cbe246b
librelp-debuginfo-1.2.0-4.el7_3.i686.rpm	SHA-256: 8cc1c6ddd75e5f661f9d00ce267d09e17f662fd0a0021fefaa2b2b975cbe246b
librelp-debuginfo-1.2.0-4.el7_3.x86_64.rpm	SHA-256: 424c2bf5b2864a6e175a566c1a1417d5a7c978019e7d420c66ecb6a9890aa20f
librelp-debuginfo-1.2.0-4.el7_3.x86_64.rpm	SHA-256: 424c2bf5b2864a6e175a566c1a1417d5a7c978019e7d420c66ecb6a9890aa20f
librelp-devel-1.2.0-4.el7_3.i686.rpm	SHA-256: 9dd413ddc998fcbd48affa949828c558e774f8e491e2e093ec24168131575392
librelp-devel-1.2.0-4.el7_3.x86_64.rpm	SHA-256: 99db810ba5a2f3ac225d88fae7926e20922432cfad07a3a5aaedc391888c62c2

Red Hat Enterprise Linux Server - AUS 7.3

SRPM
librelp-1.2.0-4.el7_3.src.rpm	SHA-256: 62985905848add1f8718e10115ed660bc8b80b5b43f6858a15e78b94704e7e68
x86_64
librelp-1.2.0-4.el7_3.i686.rpm	SHA-256: fda738714ddf5e9e30ce9ab8942f1d64396b756898a9cb47b506da1b12f454ef
librelp-1.2.0-4.el7_3.x86_64.rpm	SHA-256: 4ee34bd146bbedd696a8f981e67ce860ba0128fd8703c09e28a70929b70fb0db
librelp-debuginfo-1.2.0-4.el7_3.i686.rpm	SHA-256: 8cc1c6ddd75e5f661f9d00ce267d09e17f662fd0a0021fefaa2b2b975cbe246b
librelp-debuginfo-1.2.0-4.el7_3.i686.rpm	SHA-256: 8cc1c6ddd75e5f661f9d00ce267d09e17f662fd0a0021fefaa2b2b975cbe246b
librelp-debuginfo-1.2.0-4.el7_3.x86_64.rpm	SHA-256: 424c2bf5b2864a6e175a566c1a1417d5a7c978019e7d420c66ecb6a9890aa20f
librelp-debuginfo-1.2.0-4.el7_3.x86_64.rpm	SHA-256: 424c2bf5b2864a6e175a566c1a1417d5a7c978019e7d420c66ecb6a9890aa20f
librelp-devel-1.2.0-4.el7_3.i686.rpm	SHA-256: 9dd413ddc998fcbd48affa949828c558e774f8e491e2e093ec24168131575392
librelp-devel-1.2.0-4.el7_3.x86_64.rpm	SHA-256: 99db810ba5a2f3ac225d88fae7926e20922432cfad07a3a5aaedc391888c62c2

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.3

SRPM
librelp-1.2.0-4.el7_3.src.rpm	SHA-256: 62985905848add1f8718e10115ed660bc8b80b5b43f6858a15e78b94704e7e68
s390x
librelp-1.2.0-4.el7_3.s390.rpm	SHA-256: 0941cf5ccb1d87088bbf8dd2a04de9d4c0964e2d5b94f726c66b3480d439a592
librelp-1.2.0-4.el7_3.s390x.rpm	SHA-256: be24f0e75d3c15a58009934d3a27a35778c46f58e295e41192301b4f4022512c
librelp-debuginfo-1.2.0-4.el7_3.s390.rpm	SHA-256: dace6ba7f8bbefdec5480bfc4b24dcd29f4d7dc50cc3d55d6af564caf2879a83
librelp-debuginfo-1.2.0-4.el7_3.s390.rpm	SHA-256: dace6ba7f8bbefdec5480bfc4b24dcd29f4d7dc50cc3d55d6af564caf2879a83
librelp-debuginfo-1.2.0-4.el7_3.s390x.rpm	SHA-256: 70b984906dda5030535e87b5ec27137789153ecacdd0301aadaa937fbc244f37
librelp-debuginfo-1.2.0-4.el7_3.s390x.rpm	SHA-256: 70b984906dda5030535e87b5ec27137789153ecacdd0301aadaa937fbc244f37
librelp-devel-1.2.0-4.el7_3.s390.rpm	SHA-256: 307d04a8f0ed9a6d7a78ea89a2b9605eb510a22f735027252de9c1c9246247b6
librelp-devel-1.2.0-4.el7_3.s390x.rpm	SHA-256: f921b69e5128aa0d7028591fa7dcd7f6f11b716fe67e157ba2a1b37587c53a38

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.3

SRPM
librelp-1.2.0-4.el7_3.src.rpm	SHA-256: 62985905848add1f8718e10115ed660bc8b80b5b43f6858a15e78b94704e7e68
ppc64
librelp-1.2.0-4.el7_3.ppc.rpm	SHA-256: cc71bcc74ce6e89dcbf836b251760895038ab5247bc0c7038f3520252eecfaa5
librelp-1.2.0-4.el7_3.ppc64.rpm	SHA-256: d2f757a376af623f70cea29967407391d61b6bb060ecdc56bb34496a4d60f69d
librelp-debuginfo-1.2.0-4.el7_3.ppc.rpm	SHA-256: 089b4e6c42fd5f5fd9de8b31fa1243db8e1280e7acc7e87b6963d92db164cc51
librelp-debuginfo-1.2.0-4.el7_3.ppc.rpm	SHA-256: 089b4e6c42fd5f5fd9de8b31fa1243db8e1280e7acc7e87b6963d92db164cc51
librelp-debuginfo-1.2.0-4.el7_3.ppc64.rpm	SHA-256: 744f1fcc0384bb12690b9b1a5a2540bf421d4db46aab138a9c81c35aa535cd4b
librelp-debuginfo-1.2.0-4.el7_3.ppc64.rpm	SHA-256: 744f1fcc0384bb12690b9b1a5a2540bf421d4db46aab138a9c81c35aa535cd4b
librelp-devel-1.2.0-4.el7_3.ppc.rpm	SHA-256: a0cd748466ae40916aee781d206d75ec89eee988945998bfca2e78ec5102da3c
librelp-devel-1.2.0-4.el7_3.ppc64.rpm	SHA-256: 299eaf3c7b443ba5248b6c43d6d8df693856d5cbb3e799a9fc3894271bf9d612

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.3

SRPM
librelp-1.2.0-4.el7_3.src.rpm	SHA-256: 62985905848add1f8718e10115ed660bc8b80b5b43f6858a15e78b94704e7e68
ppc64le
librelp-1.2.0-4.el7_3.ppc64le.rpm	SHA-256: 1b26b762b9382dc40da8cb82167f876ecb4ddcd3fdf293d5588d8af562472784
librelp-debuginfo-1.2.0-4.el7_3.ppc64le.rpm	SHA-256: 4d076d84e54dcc775c1241d86aeb1a73a00fc56d1b84aa5b62c2669ac3f5e71a
librelp-debuginfo-1.2.0-4.el7_3.ppc64le.rpm	SHA-256: 4d076d84e54dcc775c1241d86aeb1a73a00fc56d1b84aa5b62c2669ac3f5e71a
librelp-devel-1.2.0-4.el7_3.ppc64le.rpm	SHA-256: 9a154e8e4b99edac28d33bef0e7dec54721ed8e5babd74d4e7b6303908267569

Red Hat Enterprise Linux Server - TUS 7.3

SRPM
librelp-1.2.0-4.el7_3.src.rpm	SHA-256: 62985905848add1f8718e10115ed660bc8b80b5b43f6858a15e78b94704e7e68
x86_64
librelp-1.2.0-4.el7_3.i686.rpm	SHA-256: fda738714ddf5e9e30ce9ab8942f1d64396b756898a9cb47b506da1b12f454ef
librelp-1.2.0-4.el7_3.x86_64.rpm	SHA-256: 4ee34bd146bbedd696a8f981e67ce860ba0128fd8703c09e28a70929b70fb0db
librelp-debuginfo-1.2.0-4.el7_3.i686.rpm	SHA-256: 8cc1c6ddd75e5f661f9d00ce267d09e17f662fd0a0021fefaa2b2b975cbe246b
librelp-debuginfo-1.2.0-4.el7_3.i686.rpm	SHA-256: 8cc1c6ddd75e5f661f9d00ce267d09e17f662fd0a0021fefaa2b2b975cbe246b
librelp-debuginfo-1.2.0-4.el7_3.x86_64.rpm	SHA-256: 424c2bf5b2864a6e175a566c1a1417d5a7c978019e7d420c66ecb6a9890aa20f
librelp-debuginfo-1.2.0-4.el7_3.x86_64.rpm	SHA-256: 424c2bf5b2864a6e175a566c1a1417d5a7c978019e7d420c66ecb6a9890aa20f
librelp-devel-1.2.0-4.el7_3.i686.rpm	SHA-256: 9dd413ddc998fcbd48affa949828c558e774f8e491e2e093ec24168131575392
librelp-devel-1.2.0-4.el7_3.x86_64.rpm	SHA-256: 99db810ba5a2f3ac225d88fae7926e20922432cfad07a3a5aaedc391888c62c2

Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 7.3

SRPM
librelp-1.2.0-4.el7_3.src.rpm	SHA-256: 62985905848add1f8718e10115ed660bc8b80b5b43f6858a15e78b94704e7e68
ppc64le
librelp-1.2.0-4.el7_3.ppc64le.rpm	SHA-256: 1b26b762b9382dc40da8cb82167f876ecb4ddcd3fdf293d5588d8af562472784
librelp-debuginfo-1.2.0-4.el7_3.ppc64le.rpm	SHA-256: 4d076d84e54dcc775c1241d86aeb1a73a00fc56d1b84aa5b62c2669ac3f5e71a
librelp-debuginfo-1.2.0-4.el7_3.ppc64le.rpm	SHA-256: 4d076d84e54dcc775c1241d86aeb1a73a00fc56d1b84aa5b62c2669ac3f5e71a
librelp-devel-1.2.0-4.el7_3.ppc64le.rpm	SHA-256: 9a154e8e4b99edac28d33bef0e7dec54721ed8e5babd74d4e7b6303908267569

Red Hat Enterprise Linux Server - Update Services for SAP Solutions 7.3

SRPM
librelp-1.2.0-4.el7_3.src.rpm	SHA-256: 62985905848add1f8718e10115ed660bc8b80b5b43f6858a15e78b94704e7e68
x86_64
librelp-1.2.0-4.el7_3.i686.rpm	SHA-256: fda738714ddf5e9e30ce9ab8942f1d64396b756898a9cb47b506da1b12f454ef
librelp-1.2.0-4.el7_3.x86_64.rpm	SHA-256: 4ee34bd146bbedd696a8f981e67ce860ba0128fd8703c09e28a70929b70fb0db
librelp-debuginfo-1.2.0-4.el7_3.i686.rpm	SHA-256: 8cc1c6ddd75e5f661f9d00ce267d09e17f662fd0a0021fefaa2b2b975cbe246b
librelp-debuginfo-1.2.0-4.el7_3.i686.rpm	SHA-256: 8cc1c6ddd75e5f661f9d00ce267d09e17f662fd0a0021fefaa2b2b975cbe246b
librelp-debuginfo-1.2.0-4.el7_3.x86_64.rpm	SHA-256: 424c2bf5b2864a6e175a566c1a1417d5a7c978019e7d420c66ecb6a9890aa20f
librelp-debuginfo-1.2.0-4.el7_3.x86_64.rpm	SHA-256: 424c2bf5b2864a6e175a566c1a1417d5a7c978019e7d420c66ecb6a9890aa20f
librelp-devel-1.2.0-4.el7_3.i686.rpm	SHA-256: 9dd413ddc998fcbd48affa949828c558e774f8e491e2e093ec24168131575392
librelp-devel-1.2.0-4.el7_3.x86_64.rpm	SHA-256: 99db810ba5a2f3ac225d88fae7926e20922432cfad07a3a5aaedc391888c62c2

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories