Описание
Security update for rsyslog
This update for rsyslog fixes the following issues:
The following security vulnerability was addressed:
CVE-2015-3243: Make sure that log files are not created world-readable (bsc#935393)
Список пакетов
SUSE Linux Enterprise Desktop 12 SP3
rsyslog-8.24.0-3.3.1
SUSE Linux Enterprise Server 12 SP3
rsyslog-8.24.0-3.3.1
rsyslog-diag-tools-8.24.0-3.3.1
rsyslog-doc-8.24.0-3.3.1
rsyslog-module-gssapi-8.24.0-3.3.1
rsyslog-module-gtls-8.24.0-3.3.1
rsyslog-module-mysql-8.24.0-3.3.1
rsyslog-module-pgsql-8.24.0-3.3.1
rsyslog-module-relp-8.24.0-3.3.1
rsyslog-module-snmp-8.24.0-3.3.1
rsyslog-module-udpspoof-8.24.0-3.3.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3
rsyslog-8.24.0-3.3.1
rsyslog-diag-tools-8.24.0-3.3.1
rsyslog-doc-8.24.0-3.3.1
rsyslog-module-gssapi-8.24.0-3.3.1
rsyslog-module-gtls-8.24.0-3.3.1
rsyslog-module-mysql-8.24.0-3.3.1
rsyslog-module-pgsql-8.24.0-3.3.1
rsyslog-module-relp-8.24.0-3.3.1
rsyslog-module-snmp-8.24.0-3.3.1
rsyslog-module-udpspoof-8.24.0-3.3.1
Ссылки
- Link for SUSE-SU-2018:2038-1
- E-Mail link for SUSE-SU-2018:2038-1
- SUSE Security Ratings
- SUSE Bug 935393
- SUSE CVE CVE-2015-3243 page
Описание
rsyslog uses weak permissions for generating log files, which allows local users to obtain sensitive information by reading files in /var/log/cron.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP3:rsyslog-8.24.0-3.3.1
SUSE Linux Enterprise Server 12 SP3:rsyslog-8.24.0-3.3.1
SUSE Linux Enterprise Server 12 SP3:rsyslog-diag-tools-8.24.0-3.3.1
SUSE Linux Enterprise Server 12 SP3:rsyslog-doc-8.24.0-3.3.1
Ссылки
- CVE-2015-3243
- SUSE Bug 1098851
- SUSE Bug 1126233
- SUSE Bug 935393