Security update for librelp

SUSE Security Update: Security update for librelp
Announcement ID: SUSE-SU-2018:0822-1
Rating: important
References: #1086730
Affected Products:
  • SUSE Linux Enterprise Software Development Kit 12-SP3
  • SUSE Linux Enterprise Server 12-SP3

  • An update that fixes one vulnerability is now available.

    Description:

    This update for librelp fixes the following issues: CVE-2018-1000140
    (bsc#1086730): librelp contained a stack-based buffer overflow in the
    checking of x509 certificates. A remote attacker with an access to the
    rsyslog logging facility could have exploited it by sending a specially
    crafted x509 certificate.

    Patch Instructions:

    To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
    Alternatively you can run the command listed for your product:

    • SUSE Linux Enterprise Software Development Kit 12-SP3:
      zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-552=1
    • SUSE Linux Enterprise Server 12-SP3:
      zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-552=1

    Package List:

    • SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64):
      • librelp-debugsource-1.2.12-3.3.1
      • librelp-devel-1.2.12-3.3.1
    • SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64):
      • librelp-debugsource-1.2.12-3.3.1
      • librelp0-1.2.12-3.3.1
      • librelp0-debuginfo-1.2.12-3.3.1

    References: