Bug#1004265: buster-pu: package rsyslog/8.1901.0-1+deb10u1

Sun, 23 Jan 2022 13:03:27 -0800 

Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian....@packages.debian.org
Usertags: pu
X-Debbugs-Cc: Michael Biebl <bi...@debian.org>, t...@security.debian.org

  * CVE-2019-17041: Heap overflow in the AIX message parser.
    (Closes: #942067)
  * CVE-2019-17042: Heap overflow in the Cisco log message parser.
    (Closes: #942065)

diff -Nru rsyslog-8.1901.0/debian/changelog rsyslog-8.1901.0/debian/changelog
--- rsyslog-8.1901.0/debian/changelog   2019-02-26 19:43:39.000000000 +0200
+++ rsyslog-8.1901.0/debian/changelog   2022-01-23 20:27:01.000000000 +0200
@@ -1,3 +1,13 @@
+rsyslog (8.1901.0-1+deb10u1) buster; urgency=medium
+
+  * Non-maintainer upload.
+  * CVE-2019-17041: Heap overflow in the AIX message parser.
+    (Closes: #942067)
+  * CVE-2019-17042: Heap overflow in the Cisco log message parser.
+    (Closes: #942065)
+
+ -- Adrian Bunk <b...@debian.org>  Sun, 23 Jan 2022 20:27:01 +0200
+
 rsyslog (8.1901.0-1) unstable; urgency=medium
 
   * New upstream version 8.1901.0
diff -Nru 
rsyslog-8.1901.0/debian/patches/0001-pmaixforwardedfrom-bugfix-potential-misadressing.patch
 
rsyslog-8.1901.0/debian/patches/0001-pmaixforwardedfrom-bugfix-potential-misadressing.patch
--- 
rsyslog-8.1901.0/debian/patches/0001-pmaixforwardedfrom-bugfix-potential-misadressing.patch
 1970-01-01 02:00:00.000000000 +0200
+++ 
rsyslog-8.1901.0/debian/patches/0001-pmaixforwardedfrom-bugfix-potential-misadressing.patch
 2022-01-23 20:26:28.000000000 +0200
@@ -0,0 +1,39 @@
+From de51d602532835caafa401401424b61354f404fc Mon Sep 17 00:00:00 2001
+From: Rainer Gerhards <rgerha...@adiscon.com>
+Date: Fri, 27 Sep 2019 13:36:02 +0200
+Subject: pmaixforwardedfrom bugfix: potential misadressing
+
+---
+ contrib/pmaixforwardedfrom/pmaixforwardedfrom.c | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/contrib/pmaixforwardedfrom/pmaixforwardedfrom.c 
b/contrib/pmaixforwardedfrom/pmaixforwardedfrom.c
+index 37157c7d4..ebf12ebbe 100644
+--- a/contrib/pmaixforwardedfrom/pmaixforwardedfrom.c
++++ b/contrib/pmaixforwardedfrom/pmaixforwardedfrom.c
+@@ -109,6 +109,10 @@ CODESTARTparse
+       /* bump the message portion up by skipLen(23 or 5) characters to 
overwrite the "Message forwarded from
+ " or "From " with the hostname */
+       lenMsg -=skipLen;
++      if(lenMsg < 2) {
++              dbgprintf("not a AIX message forwarded from message has nothing 
after header\n");
++              ABORT_FINALIZE(RS_RET_COULD_NOT_PARSE);
++      }
+       memmove(p2parse, p2parse + skipLen, lenMsg);
+       *(p2parse + lenMsg) = '\n';
+       *(p2parse + lenMsg + 1)  = '\0';
+@@ -120,6 +124,11 @@ really an AIX log, but has a similar preamble */
+               --lenMsg;
+               ++p2parse;
+       }
++      if (lenMsg < 1) {
++              dbgprintf("not a AIX message forwarded from message has nothing 
after colon "
++                      "or no colon at all\n");
++              ABORT_FINALIZE(RS_RET_COULD_NOT_PARSE);
++      }
+       if (lenMsg && *p2parse != ':') {
+       DBGPRINTF("not a AIX message forwarded from mangled log but similar 
enough that the preamble has "
+               "been removed\n");
+-- 
+2.20.1
+
diff -Nru 
rsyslog-8.1901.0/debian/patches/0002-pmcisconames-bugfix-potential-misadressing.patch
 
rsyslog-8.1901.0/debian/patches/0002-pmcisconames-bugfix-potential-misadressing.patch
--- 
rsyslog-8.1901.0/debian/patches/0002-pmcisconames-bugfix-potential-misadressing.patch
       1970-01-01 02:00:00.000000000 +0200
+++ 
rsyslog-8.1901.0/debian/patches/0002-pmcisconames-bugfix-potential-misadressing.patch
       2022-01-23 20:26:28.000000000 +0200
@@ -0,0 +1,37 @@
+From d53b97e5dc3cc1e7464967f7ace2c2bcda6bc938 Mon Sep 17 00:00:00 2001
+From: Rainer Gerhards <rgerha...@adiscon.com>
+Date: Fri, 27 Sep 2019 15:02:52 +0200
+Subject: pmcisconames bugfix: potential misadressing
+
+---
+ contrib/pmcisconames/pmcisconames.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/contrib/pmcisconames/pmcisconames.c 
b/contrib/pmcisconames/pmcisconames.c
+index 7f376ad17..39506ce59 100644
+--- a/contrib/pmcisconames/pmcisconames.c
++++ b/contrib/pmcisconames/pmcisconames.c
+@@ -119,6 +119,11 @@ CODESTARTparse
+               --lenMsg;
+               ++p2parse;
+       }
++      /* Note: we deliberately count the 0-byte below because we need to go 
chars+1! */
++      if(lenMsg < (int) sizeof(OpeningText)) {
++              dbgprintf("pmcisconames: too short for being cisco messages\n");
++              ABORT_FINALIZE(RS_RET_COULD_NOT_PARSE);
++      }
+       /* skip the space after the hostname */
+       lenMsg -=1;
+       p2parse +=1;
+@@ -126,7 +131,7 @@ CODESTARTparse
+       log and fix it */
+       if(strncasecmp((char*) p2parse, OpeningText, sizeof(OpeningText)-1) != 
0) {
+               /* wrong opening text */
+-      DBGPRINTF("not a cisco name mangled log!\n");
++              DBGPRINTF("not a cisco name mangled log!\n");
+               ABORT_FINALIZE(RS_RET_COULD_NOT_PARSE);
+       }
+       /* bump the message portion up by two characters to overwrite the extra 
: */
+-- 
+2.20.1
+
diff -Nru rsyslog-8.1901.0/debian/patches/series 
rsyslog-8.1901.0/debian/patches/series
--- rsyslog-8.1901.0/debian/patches/series      2019-02-26 19:43:39.000000000 
+0200
+++ rsyslog-8.1901.0/debian/patches/series      2022-01-23 20:26:58.000000000 
+0200
@@ -1,3 +1,5 @@
 Don-t-create-a-database.patch
 Run-queue-encryption-tests-only-if-gcrypt-support-is-enab.patch
 Don-t-fail-test-suite-on-flaky-tests.patch
+0001-pmaixforwardedfrom-bugfix-potential-misadressing.patch
+0002-pmcisconames-bugfix-potential-misadressing.patch

Reply via email to