[oe] [meta-oe][PATCH] rsyslog: set status for CVE-2015-3243

Fri, 14 Nov 2025 04:48:52 -0800 

Details: https://nvd.nist.gov/vuln/detail/CVE-2015-3243

The issue is about file permissions: by default rsyslog creates world-readable
files. In case a log message contains some sensitive information, then that's
exposed to every user on the system.

However the rsyslog.conf file that is shipped with the recipe solves it: it
already sets non-world-readable default permissions on all files, so this
vulnerability is fixed in the default OE recipe.

See also this package in OpenSuse[1], where it is solved the same way.

[1]: https://build.opensuse.org/requests/619439/changes (rsyslog.conf.in)

Signed-off-by: Gyorgy Sarvari <[email protected]>
---
 meta-oe/recipes-extended/rsyslog/rsyslog/rsyslog.conf | 1 +
 meta-oe/recipes-extended/rsyslog/rsyslog_8.2506.0.bb  | 1 +
 2 files changed, 2 insertions(+)

diff --git a/meta-oe/recipes-extended/rsyslog/rsyslog/rsyslog.conf 
b/meta-oe/recipes-extended/rsyslog/rsyslog/rsyslog.conf
index dbfefb7597..388c4e70bb 100644
--- a/meta-oe/recipes-extended/rsyslog/rsyslog/rsyslog.conf
+++ b/meta-oe/recipes-extended/rsyslog/rsyslog/rsyslog.conf
@@ -13,6 +13,7 @@ $ModLoad imklog   # kernel logging (formerly provided by 
rklogd)
 
 #
 # Set the default permissions
+# Setting the $FileCreateMode not world readable fixes CVE-2015-3243
 #
 $FileOwner root
 $FileGroup adm
diff --git a/meta-oe/recipes-extended/rsyslog/rsyslog_8.2506.0.bb 
b/meta-oe/recipes-extended/rsyslog/rsyslog_8.2506.0.bb
index 4ba41678aa..bcac76a231 100644
--- a/meta-oe/recipes-extended/rsyslog/rsyslog_8.2506.0.bb
+++ b/meta-oe/recipes-extended/rsyslog/rsyslog_8.2506.0.bb
@@ -38,6 +38,7 @@ UPSTREAM_CHECK_URI = "https://github.com/rsyslog/rsyslog/tags";
 UPSTREAM_CHECK_REGEX = "(?P<pver>\d+(\.\d+)+)"
 
 CVE_PRODUCT = "rsyslog:rsyslog"
+CVE_STATUS[CVE-2015-3243] = "fix-file-included: The shipped default 
rsyslog.conf contains the fix"
 
 inherit autotools pkgconfig systemd update-rc.d ptest
 

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#121708): 
https://lists.openembedded.org/g/openembedded-devel/message/121708
Mute This Topic: https://lists.openembedded.org/mt/116290885/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub 
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to