[oe-commits] [meta-openembedded] 03/08: rsyslog: CVE-2015-3243

Martin Jansa martin.jansa at gmail.com
Tue Aug 22 13:36:35 UTC 2017 

Done

On Tue, Aug 22, 2017 at 3:54 AM, ChenQi <Qi.Chen at windriver.com> wrote:

> Hi Martin,
>
> Please help drop this patch. After discussing with Zhixiong, we think this
> patch is not necessary.
>
> Best Regards,
> Chen Qi
>
>
> On 08/21/2017 03:09 PM, git at git.openembedded.org wrote:
>
>> This is an automated email from the git hooks/post-receive script.
>>
>> martin_jansa pushed a commit to branch master-next
>> in repository meta-openembedded.
>>
>> commit 13fef515d292ff571e5d68a8b1094e3f6d10a02a
>> Author: Zhixiong Chi <zhixiong.chi at windriver.com>
>> AuthorDate: Sun Aug 20 10:51:48 2017 +0800
>>
>>      rsyslog: CVE-2015-3243
>>           rsyslog uses weak permissions for generating log files, which
>> allows
>>      local users to obtain sensitive information by reading files in
>>      /var/log/cron.log
>>           We add "create 0600 root root" to the /etc/logrotate.d/syslog
>> file,
>>      this will ensure the file is created with permissions when logrotate
>>      runs. It is also recommended that users manually set the permissions
>>      on existing or newly installed log files in order to prevent access
>>      by untrusted users.
>>      https://bugzilla.redhat.com/show_bug.cgi?id=1232826
>>           CVE: CVE-2015-3243
>>           Signed-off-by: Zhixiong Chi <zhixiong.chi at windriver.com>
>>      Signed-off-by: Martin Jansa <Martin.Jansa at gmail.com>
>> ---
>>   meta-oe/recipes-extended/rsyslog/rsyslog/rsyslog.logrotate | 3 +++
>>   1 file changed, 3 insertions(+)
>>
>> diff --git a/meta-oe/recipes-extended/rsyslog/rsyslog/rsyslog.logrotate
>> b/meta-oe/recipes-extended/rsyslog/rsyslog/rsyslog.logrotate
>> index 94ec517..7960815 100644
>> --- a/meta-oe/recipes-extended/rsyslog/rsyslog/rsyslog.logrotate
>> +++ b/meta-oe/recipes-extended/rsyslog/rsyslog/rsyslog.logrotate
>> @@ -23,6 +23,9 @@
>>   /var/log/user.log
>>   /var/log/lpr.log
>>   /var/log/cron.log
>> +{
>> +        create 0600 root root
>> +}
>>   /var/log/debug
>>   /var/log/messages
>>   {
>>
>>
>

More information about the Openembedded-commits mailing list