A vulnerability has been found in librelp that may allow a remote attacker to execute arbitrary code.
|Package||dev-libs/librelp on all architectures|
|Affected versions||< 1.2.15|
|Unaffected versions||>= 1.2.15|
A reliable logging program.
A buffer overflow was discovered in librelp with the handling of x509 certificates.
A remote attacker, by sending a specially crafted x509 certificate, could execute arbitrary code.
There is no known workaround at this time.
All librelp users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/librelp-1.2.15"
April 22, 2018
April 22, 2018: 1