Package: rsyslog Version: 8.24.0-1 Severity: normal Tags: security According to https://wiki.debian.org/NewInStretch 'dmesg' should require superuser privileges. /var/log/dmesg is world-readable which might undermine the restriction set by kernel.dmesg_restrict = 1.
-- System Information: Debian Release: 9.0 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores) Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8), LANGUAGE=de_DE.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages rsyslog depends on: ii init-system-helpers 1.48 ii libc6 2.24-11+deb9u1 ii libestr0 0.1.10-2 ii libfastjson4 0.99.4-1 ii liblogging-stdlog0 1.0.5-2+b2 ii liblognorm5 2.0.1-1.1+b1 ii libsystemd0 232-25 ii libuuid1 2.29.2-1 ii lsb-base 9.20161125 ii zlib1g 1:1.2.8.dfsg-5 Versions of packages rsyslog recommends: ii logrotate 3.11.0-0.1 Versions of packages rsyslog suggests: pn rsyslog-doc <none> pn rsyslog-gnutls <none> pn rsyslog-gssapi <none> pn rsyslog-mongodb <none> pn rsyslog-mysql | rsyslog-pgsql <none> pn rsyslog-relp <none> -- no debconf information _______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team
