librelp: Remote code execution — GLSA 201804-21

A vulnerability has been found in librelp that may allow a remote attacker to execute arbitrary code.

Affected Packages

dev-libs/librelp on all architectures
Affected versions < 1.2.15
Unaffected versions >= 1.2.15

Background

A reliable logging program.

Description

A buffer overflow was discovered in librelp with the handling of x509 certificates.

Impact

A remote attacker, by sending a specially crafted x509 certificate, could execute arbitrary code.

Workaround

There is no known workaround at this time.

Resolution

All librelp users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-libs/librelp-1.2.15"
 

References

Release Date
April 22, 2018

Latest Revision
April 22, 2018: 1

Severity
high

Exploitable
remote

Bugzilla entries