Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: Michael Biebl , t...@security.debian.org
* CVE-2019-17041: Heap overflow in the AIX message parser.
(Closes: #942067)
* CVE-2019-17042: Heap overflow in the Cisco log message parser.
(Closes: #942065)
diff -Nru rsyslog-8.1901.0/debian/changelog rsyslog-8.1901.0/debian/changelog
--- rsyslog-8.1901.0/debian/changelog 2019-02-26 19:43:39.0 +0200
+++ rsyslog-8.1901.0/debian/changelog 2022-01-23 20:27:01.0 +0200
@@ -1,3 +1,13 @@
+rsyslog (8.1901.0-1+deb10u1) buster; urgency=medium
+
+ * Non-maintainer upload.
+ * CVE-2019-17041: Heap overflow in the AIX message parser.
+(Closes: #942067)
+ * CVE-2019-17042: Heap overflow in the Cisco log message parser.
+(Closes: #942065)
+
+ -- Adrian Bunk Sun, 23 Jan 2022 20:27:01 +0200
+
rsyslog (8.1901.0-1) unstable; urgency=medium
* New upstream version 8.1901.0
diff -Nru
rsyslog-8.1901.0/debian/patches/0001-pmaixforwardedfrom-bugfix-potential-misadressing.patch
rsyslog-8.1901.0/debian/patches/0001-pmaixforwardedfrom-bugfix-potential-misadressing.patch
---
rsyslog-8.1901.0/debian/patches/0001-pmaixforwardedfrom-bugfix-potential-misadressing.patch
1970-01-01 02:00:00.0 +0200
+++
rsyslog-8.1901.0/debian/patches/0001-pmaixforwardedfrom-bugfix-potential-misadressing.patch
2022-01-23 20:26:28.0 +0200
@@ -0,0 +1,39 @@
+From de51d602532835caafa401401424b61354f404fc Mon Sep 17 00:00:00 2001
+From: Rainer Gerhards
+Date: Fri, 27 Sep 2019 13:36:02 +0200
+Subject: pmaixforwardedfrom bugfix: potential misadressing
+
+---
+ contrib/pmaixforwardedfrom/pmaixforwardedfrom.c | 9 +
+ 1 file changed, 9 insertions(+)
+
+diff --git a/contrib/pmaixforwardedfrom/pmaixforwardedfrom.c
b/contrib/pmaixforwardedfrom/pmaixforwardedfrom.c
+index 37157c7d4..ebf12ebbe 100644
+--- a/contrib/pmaixforwardedfrom/pmaixforwardedfrom.c
b/contrib/pmaixforwardedfrom/pmaixforwardedfrom.c
+@@ -109,6 +109,10 @@ CODESTARTparse
+ /* bump the message portion up by skipLen(23 or 5) characters to
overwrite the "Message forwarded from
+ " or "From " with the hostname */
+ lenMsg -=skipLen;
++ if(lenMsg < 2) {
++ dbgprintf("not a AIX message forwarded from message has nothing
after header\n");
++ ABORT_FINALIZE(RS_RET_COULD_NOT_PARSE);
++ }
+ memmove(p2parse, p2parse + skipLen, lenMsg);
+ *(p2parse + lenMsg) = '\n';
+ *(p2parse + lenMsg + 1) = '\0';
+@@ -120,6 +124,11 @@ really an AIX log, but has a similar preamble */
+ --lenMsg;
+ ++p2parse;
+ }
++ if (lenMsg < 1) {
++ dbgprintf("not a AIX message forwarded from message has nothing
after colon "
++ "or no colon at all\n");
++ ABORT_FINALIZE(RS_RET_COULD_NOT_PARSE);
++ }
+ if (lenMsg && *p2parse != ':') {
+ DBGPRINTF("not a AIX message forwarded from mangled log but similar
enough that the preamble has "
+ "been removed\n");
+--
+2.20.1
+
diff -Nru
rsyslog-8.1901.0/debian/patches/0002-pmcisconames-bugfix-potential-misadressing.patch
rsyslog-8.1901.0/debian/patches/0002-pmcisconames-bugfix-potential-misadressing.patch
---
rsyslog-8.1901.0/debian/patches/0002-pmcisconames-bugfix-potential-misadressing.patch
1970-01-01 02:00:00.0 +0200
+++
rsyslog-8.1901.0/debian/patches/0002-pmcisconames-bugfix-potential-misadressing.patch
2022-01-23 20:26:28.0 +0200
@@ -0,0 +1,37 @@
+From d53b97e5dc3cc1e7464967f7ace2c2bcda6bc938 Mon Sep 17 00:00:00 2001
+From: Rainer Gerhards
+Date: Fri, 27 Sep 2019 15:02:52 +0200
+Subject: pmcisconames bugfix: potential misadressing
+
+---
+ contrib/pmcisconames/pmcisconames.c | 7 ++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/contrib/pmcisconames/pmcisconames.c
b/contrib/pmcisconames/pmcisconames.c
+index 7f376ad17..39506ce59 100644
+--- a/contrib/pmcisconames/pmcisconames.c
b/contrib/pmcisconames/pmcisconames.c
+@@ -119,6 +119,11 @@ CODESTARTparse
+ --lenMsg;
+ ++p2parse;
+ }
++ /* Note: we deliberately count the 0-byte below because we need to go
chars+1! */
++ if(lenMsg < (int) sizeof(OpeningText)) {
++ dbgprintf("pmcisconames: too short for being cisco messages\n");
++ ABORT_FINALIZE(RS_RET_COULD_NOT_PARSE);
++ }
+ /* skip the space after the hostname */
+ lenMsg -=1;
+ p2parse +=1;
+@@ -126,7 +131,7 @@ CODESTARTparse
+ log and fix it */
+ if(strncasecmp((char*) p2parse, OpeningText, sizeof(OpeningText)-1) !=
0) {
+ /* wrong opening text */
+- DBGPRINTF("not a cisco name mangled log!\n");
++ DBGPRINTF("not a cisco name mangled log!\n");
+ ABORT_FINALIZE(RS_RET_COULD_NOT_PARSE);
+ }
+ /* bump the message portion up by