Errata overview
Errata ID 56
Date 2018-05-16
Source package librelp
Fixed in version 1.2.12-1+deb9u1
This update addresses the following issue:
* librelp contains a Buffer Overflow vulnerability in the checking of x509
  certificates from a peer that can result in Remote code execution. This
  attack appear to be exploitable a remote attacker that can connect to
  rsyslog and trigger a stack buffer overflow by sending a specially crafted
  x509 certificate. (CVE-2018-1000140)
Additional notes
CVE ID CVE-2018-1000140
UCS Bug number #46775