| Message ID | 20251114124845.3317228-1-skandigraun@gmail.com |
|---|---|
| State | Accepted |
| Headers | show |
| Series | [meta-oe] rsyslog: set status for CVE-2015-3243 | expand |
diff --git a/meta-oe/recipes-extended/rsyslog/rsyslog/rsyslog.conf b/meta-oe/recipes-extended/rsyslog/rsyslog/rsyslog.conf index dbfefb7597..388c4e70bb 100644 --- a/meta-oe/recipes-extended/rsyslog/rsyslog/rsyslog.conf +++ b/meta-oe/recipes-extended/rsyslog/rsyslog/rsyslog.conf @@ -13,6 +13,7 @@ $ModLoad imklog # kernel logging (formerly provided by rklogd) # # Set the default permissions +# Setting the $FileCreateMode not world readable fixes CVE-2015-3243 # $FileOwner root $FileGroup adm diff --git a/meta-oe/recipes-extended/rsyslog/rsyslog_8.2506.0.bb b/meta-oe/recipes-extended/rsyslog/rsyslog_8.2506.0.bb index 4ba41678aa..bcac76a231 100644 --- a/meta-oe/recipes-extended/rsyslog/rsyslog_8.2506.0.bb +++ b/meta-oe/recipes-extended/rsyslog/rsyslog_8.2506.0.bb @@ -38,6 +38,7 @@ UPSTREAM_CHECK_URI = "https://github.com/rsyslog/rsyslog/tags" UPSTREAM_CHECK_REGEX = "(?P<pver>\d+(\.\d+)+)" CVE_PRODUCT = "rsyslog:rsyslog" +CVE_STATUS[CVE-2015-3243] = "fix-file-included: The shipped default rsyslog.conf contains the fix" inherit autotools pkgconfig systemd update-rc.d ptest
Details: https://nvd.nist.gov/vuln/detail/CVE-2015-3243 The issue is about file permissions: by default rsyslog creates world-readable files. In case a log message contains some sensitive information, then that's exposed to every user on the system. However the rsyslog.conf file that is shipped with the recipe solves it: it already sets non-world-readable default permissions on all files, so this vulnerability is fixed in the default OE recipe. See also this package in OpenSuse[1], where it is solved the same way. [1]: https://build.opensuse.org/requests/619439/changes (rsyslog.conf.in) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> --- meta-oe/recipes-extended/rsyslog/rsyslog/rsyslog.conf | 1 + meta-oe/recipes-extended/rsyslog/rsyslog_8.2506.0.bb | 1 + 2 files changed, 2 insertions(+)