Re: [oe] [meta-oe][PATCH] rsyslog: fix CVE-2017-12588

Fri, 18 Aug 2017 09:04:03 -0700 

On 2017-08-17 06:51 AM, qi.c...@windriver.com wrote:

From: Chen Qi <qi.c...@windriver.com>

Backport a patch to fix CVE-2017-12588.

The zmq3 input and output modules in rsyslog before 8.28.0 interpreted
description fields as format strings, possibly allowing a format string
attack with unspecified impact.

Reference: https://nvd.nist.gov/vuln/detail/CVE-2017-12588

CVE: CVE-2017-12588

Signed-off-by: Chen Qi <qi.c...@windriver.com>
---
  .../rsyslog/rsyslog/CVE-2017-12588.patch           | 40 ++++++++++++++++++++++
  meta-oe/recipes-extended/rsyslog/rsyslog_8.22.0.bb |  1 +
  2 files changed, 41 insertions(+)
  create mode 100644 
meta-oe/recipes-extended/rsyslog/rsyslog/CVE-2017-12588.patch

diff --git a/meta-oe/recipes-extended/rsyslog/rsyslog/CVE-2017-12588.patch 
b/meta-oe/recipes-extended/rsyslog/rsyslog/CVE-2017-12588.patch
new file mode 100644
index 0000000..73c3310
--- /dev/null
+++ b/meta-oe/recipes-extended/rsyslog/rsyslog/CVE-2017-12588.patch
@@ -0,0 +1,40 @@
+From 6bc4aa975a83abed43d734299ce76cd9e1a14aec Mon Sep 17 00:00:00 2001
+From: Thomas Deutschmann <whi...@whissi.de>
+Date: Wed, 17 May 2017 23:05:24 +0200
+Subject: [PATCH] imzmq3: Fix building with -Werror=format-security
+
+Reference: https://nvd.nist.gov/vuln/detail/CVE-2017-12588
+
+CVE: 2017-12588
+
+Upstream-Status: Backport
+Signed-off-by: Chen Qi <qi.c...@windriver.com>
+---
+ contrib/imzmq3/imzmq3.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/contrib/imzmq3/imzmq3.c b/contrib/imzmq3/imzmq3.c
+index 9ca17871..d32dcbc2 100644
+--- a/contrib/imzmq3/imzmq3.c
++++ b/contrib/imzmq3/imzmq3.c
+@@ -403,7 +403,7 @@ static rsRetVal createSocket(instanceConf_t* info, void** 
sock) {
+
+     /* Do the bind/connect... */
+     if (info->action==ACTION_CONNECT) {
+-        rv = zsocket_connect(*sock, info->description);
++        rv = zsocket_connect(*sock, "%s", info->description);
+         if (rv == -1) {
+             errmsg.LogError(0,
+                             RS_RET_INVALID_PARAMS,
+@@ -413,7 +413,7 @@ static rsRetVal createSocket(instanceConf_t* info, void** 
sock) {
+         }
+         DBGPRINTF("imzmq3: connect for %s successful\n",info->description);
+     } else {
+-        rv = zsocket_bind(*sock, info->description);
++        rv = zsocket_bind(*sock, "%s", info->description);
+         if (rv == -1) {
+             errmsg.LogError(0,
+                             RS_RET_INVALID_PARAMS,
+--
+2.13.0
+
diff --git a/meta-oe/recipes-extended/rsyslog/rsyslog_8.22.0.bb 
b/meta-oe/recipes-extended/rsyslog/rsyslog_8.22.0.bb
index d1d391b..6e3a75c 100644
--- a/meta-oe/recipes-extended/rsyslog/rsyslog_8.22.0.bb
+++ b/meta-oe/recipes-extended/rsyslog/rsyslog_8.22.0.bb
@@ -24,6 +24,7 @@ SRC_URI = 
"http://www.rsyslog.com/download/files/download/rsyslog/${BPN}-${PV}.t
             file://use-pkgconfig-to-check-libgcrypt.patch \
             file://run-ptest \
             file://rsyslog-fix-ptest-not-finish.patch \
+           file://CVE-2017-12588.patch \
  "
SRC_URI_append_libc-musl = " \ 




Better to just upgrade to 8.25. It was released in February so
it should be well tested.

--
# Randy MacLeod. SMTS, Linux, Wind River
Direct: 613.963.1350 | 350 Terry Fox Drive, Suite 200, Ottawa, ON, Canada, K2K 2W5 
--
_______________________________________________
Openembedded-devel mailing list
Openembedded-devel@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-devel

Reply via email to