Security
Security
A vulnerability has been found in librelp that may allow a remote attacker to execute arbitrary code.
| Package | dev-libs/librelp on all architectures |
|---|---|
| Affected versions | < 1.2.15 |
| Unaffected versions | >= 1.2.15 |
A reliable logging program.
A buffer overflow was discovered in librelp with the handling of x509 certificates.
A remote attacker, by sending a specially crafted x509 certificate, could execute arbitrary code.
There is no known workaround at this time.
All librelp users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/librelp-1.2.15"
Release date
April 22, 2018
Latest revision
April 22, 2018: 1
Severity
high
Exploitable
remote
Bugzilla entries