librelp: Remote code execution A vulnerability has been found in librelp that may allow a remote attacker to execute arbitrary code. librelp 2018-04-22 2018-04-22 651192 remote 1.2.15 1.2.15

A reliable logging program.

A buffer overflow was discovered in librelp with the handling of x509 certificates.

A remote attacker, by sending a specially crafted x509 certificate, could execute arbitrary code.

There is no known workaround at this time.

All librelp users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/librelp-1.2.15" CVE-2018-1000140 b-man b-man