--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: buster-pu: package rsyslog/8.1901.0-1+deb10u1
- From: Adrian Bunk <bunk@debian.org>
- Date: Sun, 23 Jan 2022 22:59:21 +0200
- Message-id: <164297156121.31406.10024377635435778238.reportbug@localhost>
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian.org@packages.debian.org
Usertags: pu
X-Debbugs-Cc: Michael Biebl <biebl@debian.org>, team@security.debian.org
* CVE-2019-17041: Heap overflow in the AIX message parser.
(Closes: #942067)
* CVE-2019-17042: Heap overflow in the Cisco log message parser.
(Closes: #942065)
diff -Nru rsyslog-8.1901.0/debian/changelog rsyslog-8.1901.0/debian/changelog
--- rsyslog-8.1901.0/debian/changelog 2019-02-26 19:43:39.000000000 +0200
+++ rsyslog-8.1901.0/debian/changelog 2022-01-23 20:27:01.000000000 +0200
@@ -1,3 +1,13 @@
+rsyslog (8.1901.0-1+deb10u1) buster; urgency=medium
+
+ * Non-maintainer upload.
+ * CVE-2019-17041: Heap overflow in the AIX message parser.
+ (Closes: #942067)
+ * CVE-2019-17042: Heap overflow in the Cisco log message parser.
+ (Closes: #942065)
+
+ -- Adrian Bunk <bunk@debian.org> Sun, 23 Jan 2022 20:27:01 +0200
+
rsyslog (8.1901.0-1) unstable; urgency=medium
* New upstream version 8.1901.0
diff -Nru rsyslog-8.1901.0/debian/patches/0001-pmaixforwardedfrom-bugfix-potential-misadressing.patch rsyslog-8.1901.0/debian/patches/0001-pmaixforwardedfrom-bugfix-potential-misadressing.patch
--- rsyslog-8.1901.0/debian/patches/0001-pmaixforwardedfrom-bugfix-potential-misadressing.patch 1970-01-01 02:00:00.000000000 +0200
+++ rsyslog-8.1901.0/debian/patches/0001-pmaixforwardedfrom-bugfix-potential-misadressing.patch 2022-01-23 20:26:28.000000000 +0200
@@ -0,0 +1,39 @@
+From de51d602532835caafa401401424b61354f404fc Mon Sep 17 00:00:00 2001
+From: Rainer Gerhards <rgerhards@adiscon.com>
+Date: Fri, 27 Sep 2019 13:36:02 +0200
+Subject: pmaixforwardedfrom bugfix: potential misadressing
+
+---
+ contrib/pmaixforwardedfrom/pmaixforwardedfrom.c | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/contrib/pmaixforwardedfrom/pmaixforwardedfrom.c b/contrib/pmaixforwardedfrom/pmaixforwardedfrom.c
+index 37157c7d4..ebf12ebbe 100644
+--- a/contrib/pmaixforwardedfrom/pmaixforwardedfrom.c
++++ b/contrib/pmaixforwardedfrom/pmaixforwardedfrom.c
+@@ -109,6 +109,10 @@ CODESTARTparse
+ /* bump the message portion up by skipLen(23 or 5) characters to overwrite the "Message forwarded from
+ " or "From " with the hostname */
+ lenMsg -=skipLen;
++ if(lenMsg < 2) {
++ dbgprintf("not a AIX message forwarded from message has nothing after header\n");
++ ABORT_FINALIZE(RS_RET_COULD_NOT_PARSE);
++ }
+ memmove(p2parse, p2parse + skipLen, lenMsg);
+ *(p2parse + lenMsg) = '\n';
+ *(p2parse + lenMsg + 1) = '\0';
+@@ -120,6 +124,11 @@ really an AIX log, but has a similar preamble */
+ --lenMsg;
+ ++p2parse;
+ }
++ if (lenMsg < 1) {
++ dbgprintf("not a AIX message forwarded from message has nothing after colon "
++ "or no colon at all\n");
++ ABORT_FINALIZE(RS_RET_COULD_NOT_PARSE);
++ }
+ if (lenMsg && *p2parse != ':') {
+ DBGPRINTF("not a AIX message forwarded from mangled log but similar enough that the preamble has "
+ "been removed\n");
+--
+2.20.1
+
diff -Nru rsyslog-8.1901.0/debian/patches/0002-pmcisconames-bugfix-potential-misadressing.patch rsyslog-8.1901.0/debian/patches/0002-pmcisconames-bugfix-potential-misadressing.patch
--- rsyslog-8.1901.0/debian/patches/0002-pmcisconames-bugfix-potential-misadressing.patch 1970-01-01 02:00:00.000000000 +0200
+++ rsyslog-8.1901.0/debian/patches/0002-pmcisconames-bugfix-potential-misadressing.patch 2022-01-23 20:26:28.000000000 +0200
@@ -0,0 +1,37 @@
+From d53b97e5dc3cc1e7464967f7ace2c2bcda6bc938 Mon Sep 17 00:00:00 2001
+From: Rainer Gerhards <rgerhards@adiscon.com>
+Date: Fri, 27 Sep 2019 15:02:52 +0200
+Subject: pmcisconames bugfix: potential misadressing
+
+---
+ contrib/pmcisconames/pmcisconames.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/contrib/pmcisconames/pmcisconames.c b/contrib/pmcisconames/pmcisconames.c
+index 7f376ad17..39506ce59 100644
+--- a/contrib/pmcisconames/pmcisconames.c
++++ b/contrib/pmcisconames/pmcisconames.c
+@@ -119,6 +119,11 @@ CODESTARTparse
+ --lenMsg;
+ ++p2parse;
+ }
++ /* Note: we deliberately count the 0-byte below because we need to go chars+1! */
++ if(lenMsg < (int) sizeof(OpeningText)) {
++ dbgprintf("pmcisconames: too short for being cisco messages\n");
++ ABORT_FINALIZE(RS_RET_COULD_NOT_PARSE);
++ }
+ /* skip the space after the hostname */
+ lenMsg -=1;
+ p2parse +=1;
+@@ -126,7 +131,7 @@ CODESTARTparse
+ log and fix it */
+ if(strncasecmp((char*) p2parse, OpeningText, sizeof(OpeningText)-1) != 0) {
+ /* wrong opening text */
+- DBGPRINTF("not a cisco name mangled log!\n");
++ DBGPRINTF("not a cisco name mangled log!\n");
+ ABORT_FINALIZE(RS_RET_COULD_NOT_PARSE);
+ }
+ /* bump the message portion up by two characters to overwrite the extra : */
+--
+2.20.1
+
diff -Nru rsyslog-8.1901.0/debian/patches/series rsyslog-8.1901.0/debian/patches/series
--- rsyslog-8.1901.0/debian/patches/series 2019-02-26 19:43:39.000000000 +0200
+++ rsyslog-8.1901.0/debian/patches/series 2022-01-23 20:26:58.000000000 +0200
@@ -1,3 +1,5 @@
Don-t-create-a-database.patch
Run-queue-encryption-tests-only-if-gcrypt-support-is-enab.patch
Don-t-fail-test-suite-on-flaky-tests.patch
+0001-pmaixforwardedfrom-bugfix-potential-misadressing.patch
+0002-pmcisconames-bugfix-potential-misadressing.patch
--- End Message ---