Описание
Security update for rsyslog
This update for rsyslog fixes the following security issue:
- CVE-2015-3243: Prevent weak permissions for generated log files, which allowed local users to obtain sensitive information (bsc#935393).
This update was imported from the SUSE:SLE-15:Update update project.
Список пакетов
openSUSE Leap 15.0
rsyslog-8.33.1-lp150.2.3.2
rsyslog-diag-tools-8.33.1-lp150.2.3.2
rsyslog-doc-8.33.1-lp150.2.3.2
rsyslog-module-dbi-8.33.1-lp150.2.3.2
rsyslog-module-elasticsearch-8.33.1-lp150.2.3.2
rsyslog-module-gcrypt-8.33.1-lp150.2.3.2
rsyslog-module-gssapi-8.33.1-lp150.2.3.2
rsyslog-module-gtls-8.33.1-lp150.2.3.2
rsyslog-module-mmnormalize-8.33.1-lp150.2.3.2
rsyslog-module-mysql-8.33.1-lp150.2.3.2
rsyslog-module-omamqp1-8.33.1-lp150.2.3.2
rsyslog-module-omhttpfs-8.33.1-lp150.2.3.2
rsyslog-module-omtcl-8.33.1-lp150.2.3.2
rsyslog-module-pgsql-8.33.1-lp150.2.3.2
rsyslog-module-relp-8.33.1-lp150.2.3.2
rsyslog-module-snmp-8.33.1-lp150.2.3.2
rsyslog-module-udpspoof-8.33.1-lp150.2.3.2
Ссылки
- E-Mail link for openSUSE-SU-2018:2019-1
- SUSE Security Ratings
Описание
rsyslog uses weak permissions for generating log files, which allows local users to obtain sensitive information by reading files in /var/log/cron.
Затронутые продукты
openSUSE Leap 15.0:rsyslog-8.33.1-lp150.2.3.2
openSUSE Leap 15.0:rsyslog-diag-tools-8.33.1-lp150.2.3.2
openSUSE Leap 15.0:rsyslog-doc-8.33.1-lp150.2.3.2
openSUSE Leap 15.0:rsyslog-module-dbi-8.33.1-lp150.2.3.2
Ссылки
- CVE-2015-3243
- SUSE Bug 1098851
- SUSE Bug 1126233
- SUSE Bug 935393