Bug#1004265: buster-pu: package rsyslog/8.1901.0-1+deb10u1

[Michael Biebl]

On Sun, 23 Jan 2022 22:59:21 +0200 Adrian Bunk  wrote:

Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: Michael Biebl , t...@security.debian.org

  * CVE-2019-17041: Heap overflow in the AIX message parser.
(Closes: #942067)
  * CVE-2019-17042: Heap overflow in the Cisco log message parser.
(Closes: #942065)


Adrian,

can you please push your changes (once uploaded), to a
debian/buster branch (including a proper tag).

Thanks for the update.

Regards,
Michael


OpenPGP_signature
Description: OpenPGP digital signature

Processed: Re: Bug#1004265: buster-pu: package rsyslog/8.1901.0-1+deb10u1

[Debian Bug Tracking System]

Processing control commands:

> tags -1 + confirmed
Bug #1004265 [release.debian.org] buster-pu: package rsyslog/8.1901.0-1+deb10u1
Added tag(s) confirmed.

-- 
1004265: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004265
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1004265: buster-pu: package rsyslog/8.1901.0-1+deb10u1

[Adam D. Barratt]

Control: tags -1 + confirmed

On Sun, 2022-01-23 at 22:59 +0200, Adrian Bunk wrote:
>   * CVE-2019-17041: Heap overflow in the AIX message parser.
> (Closes: #942067)
>   * CVE-2019-17042: Heap overflow in the Cisco log message parser.
> (Closes: #942065)

Please go ahead.

Regards,

Adam

Bug#1004265: buster-pu: package rsyslog/8.1901.0-1+deb10u1

[Adrian Bunk]

Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: Michael Biebl , t...@security.debian.org

  * CVE-2019-17041: Heap overflow in the AIX message parser.
(Closes: #942067)
  * CVE-2019-17042: Heap overflow in the Cisco log message parser.
(Closes: #942065)
diff -Nru rsyslog-8.1901.0/debian/changelog rsyslog-8.1901.0/debian/changelog
--- rsyslog-8.1901.0/debian/changelog   2019-02-26 19:43:39.0 +0200
+++ rsyslog-8.1901.0/debian/changelog   2022-01-23 20:27:01.0 +0200
@@ -1,3 +1,13 @@
+rsyslog (8.1901.0-1+deb10u1) buster; urgency=medium
+
+  * Non-maintainer upload.
+  * CVE-2019-17041: Heap overflow in the AIX message parser.
+(Closes: #942067)
+  * CVE-2019-17042: Heap overflow in the Cisco log message parser.
+(Closes: #942065)
+
+ -- Adrian Bunk   Sun, 23 Jan 2022 20:27:01 +0200
+
 rsyslog (8.1901.0-1) unstable; urgency=medium
 
   * New upstream version 8.1901.0
diff -Nru 
rsyslog-8.1901.0/debian/patches/0001-pmaixforwardedfrom-bugfix-potential-misadressing.patch
 
rsyslog-8.1901.0/debian/patches/0001-pmaixforwardedfrom-bugfix-potential-misadressing.patch
--- 
rsyslog-8.1901.0/debian/patches/0001-pmaixforwardedfrom-bugfix-potential-misadressing.patch
 1970-01-01 02:00:00.0 +0200
+++ 
rsyslog-8.1901.0/debian/patches/0001-pmaixforwardedfrom-bugfix-potential-misadressing.patch
 2022-01-23 20:26:28.0 +0200
@@ -0,0 +1,39 @@
+From de51d602532835caafa401401424b61354f404fc Mon Sep 17 00:00:00 2001
+From: Rainer Gerhards 
+Date: Fri, 27 Sep 2019 13:36:02 +0200
+Subject: pmaixforwardedfrom bugfix: potential misadressing
+
+---
+ contrib/pmaixforwardedfrom/pmaixforwardedfrom.c | 9 +
+ 1 file changed, 9 insertions(+)
+
+diff --git a/contrib/pmaixforwardedfrom/pmaixforwardedfrom.c 
b/contrib/pmaixforwardedfrom/pmaixforwardedfrom.c
+index 37157c7d4..ebf12ebbe 100644
+--- a/contrib/pmaixforwardedfrom/pmaixforwardedfrom.c
 b/contrib/pmaixforwardedfrom/pmaixforwardedfrom.c
+@@ -109,6 +109,10 @@ CODESTARTparse
+   /* bump the message portion up by skipLen(23 or 5) characters to 
overwrite the "Message forwarded from
+ " or "From " with the hostname */
+   lenMsg -=skipLen;
++  if(lenMsg < 2) {
++  dbgprintf("not a AIX message forwarded from message has nothing 
after header\n");
++  ABORT_FINALIZE(RS_RET_COULD_NOT_PARSE);
++  }
+   memmove(p2parse, p2parse + skipLen, lenMsg);
+   *(p2parse + lenMsg) = '\n';
+   *(p2parse + lenMsg + 1)  = '\0';
+@@ -120,6 +124,11 @@ really an AIX log, but has a similar preamble */
+   --lenMsg;
+   ++p2parse;
+   }
++  if (lenMsg < 1) {
++  dbgprintf("not a AIX message forwarded from message has nothing 
after colon "
++  "or no colon at all\n");
++  ABORT_FINALIZE(RS_RET_COULD_NOT_PARSE);
++  }
+   if (lenMsg && *p2parse != ':') {
+   DBGPRINTF("not a AIX message forwarded from mangled log but similar 
enough that the preamble has "
+   "been removed\n");
+-- 
+2.20.1
+
diff -Nru 
rsyslog-8.1901.0/debian/patches/0002-pmcisconames-bugfix-potential-misadressing.patch
 
rsyslog-8.1901.0/debian/patches/0002-pmcisconames-bugfix-potential-misadressing.patch
--- 
rsyslog-8.1901.0/debian/patches/0002-pmcisconames-bugfix-potential-misadressing.patch
   1970-01-01 02:00:00.0 +0200
+++ 
rsyslog-8.1901.0/debian/patches/0002-pmcisconames-bugfix-potential-misadressing.patch
   2022-01-23 20:26:28.0 +0200
@@ -0,0 +1,37 @@
+From d53b97e5dc3cc1e7464967f7ace2c2bcda6bc938 Mon Sep 17 00:00:00 2001
+From: Rainer Gerhards 
+Date: Fri, 27 Sep 2019 15:02:52 +0200
+Subject: pmcisconames bugfix: potential misadressing
+
+---
+ contrib/pmcisconames/pmcisconames.c | 7 ++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/contrib/pmcisconames/pmcisconames.c 
b/contrib/pmcisconames/pmcisconames.c
+index 7f376ad17..39506ce59 100644
+--- a/contrib/pmcisconames/pmcisconames.c
 b/contrib/pmcisconames/pmcisconames.c
+@@ -119,6 +119,11 @@ CODESTARTparse
+   --lenMsg;
+   ++p2parse;
+   }
++  /* Note: we deliberately count the 0-byte below because we need to go 
chars+1! */
++  if(lenMsg < (int) sizeof(OpeningText)) {
++  dbgprintf("pmcisconames: too short for being cisco messages\n");
++  ABORT_FINALIZE(RS_RET_COULD_NOT_PARSE);
++  }
+   /* skip the space after the hostname */
+   lenMsg -=1;
+   p2parse +=1;
+@@ -126,7 +131,7 @@ CODESTARTparse
+   log and fix it */
+   if(strncasecmp((char*) p2parse, OpeningText, sizeof(OpeningText)-1) != 
0) {
+   /* wrong opening text */
+-  DBGPRINTF("not a cisco name mangled log!\n");
++  DBGPRINTF("not a cisco name mangled log!\n");
+   ABORT_FINALIZE(RS_RET_COULD_NOT_PARSE);
+   }
+   /* bump the message portion up by