Описание
Security update for rsyslog
This update for rsyslog fixes the following issues:
The following security vulnerability was addressed:
CVE-2015-3243: Make sure that log files are not created world-readable (bsc#935393)
This update was imported from the SUSE:SLE-12-SP3:Update update project.
Список пакетов
openSUSE Leap 42.3
rsyslog-8.24.0-2.3.1
rsyslog-diag-tools-8.24.0-2.3.1
rsyslog-doc-8.24.0-2.3.1
rsyslog-module-dbi-8.24.0-2.3.1
rsyslog-module-elasticsearch-8.24.0-2.3.1
rsyslog-module-gcrypt-8.24.0-2.3.1
rsyslog-module-gssapi-8.24.0-2.3.1
rsyslog-module-gtls-8.24.0-2.3.1
rsyslog-module-guardtime-8.24.0-2.3.1
rsyslog-module-mmnormalize-8.24.0-2.3.1
rsyslog-module-mysql-8.24.0-2.3.1
rsyslog-module-omamqp1-8.24.0-2.3.1
rsyslog-module-omhttpfs-8.24.0-2.3.1
rsyslog-module-omtcl-8.24.0-2.3.1
rsyslog-module-pgsql-8.24.0-2.3.1
rsyslog-module-relp-8.24.0-2.3.1
rsyslog-module-snmp-8.24.0-2.3.1
rsyslog-module-udpspoof-8.24.0-2.3.1
Ссылки
- E-Mail link for openSUSE-SU-2018:2166-1
- SUSE Security Ratings
Описание
rsyslog uses weak permissions for generating log files, which allows local users to obtain sensitive information by reading files in /var/log/cron.
Затронутые продукты
openSUSE Leap 42.3:rsyslog-8.24.0-2.3.1
openSUSE Leap 42.3:rsyslog-diag-tools-8.24.0-2.3.1
openSUSE Leap 42.3:rsyslog-doc-8.24.0-2.3.1
openSUSE Leap 42.3:rsyslog-module-dbi-8.24.0-2.3.1
Ссылки
- CVE-2015-3243
- SUSE Bug 1098851
- SUSE Bug 1126233
- SUSE Bug 935393