SUSE-SU-2018:1937-2: moderate: Security update for rsyslog

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Thu Jul 12 10:08:42 MDT 2018 

   SUSE Security Update: Security update for rsyslog
______________________________________________________________________________

Announcement ID:    SUSE-SU-2018:1937-2
Rating:             moderate
References:         #935393 
Cross-References:   CVE-2015-3243
Affected Products:
                    SUSE Linux Enterprise Module for Server Applications 15
                    SUSE Linux Enterprise Module for Basesystem 15
______________________________________________________________________________

   An update that fixes one vulnerability is now available.

Description:

   This update for rsyslog fixes the following security issue:

   - CVE-2015-3243: Prevent weak permissions for generated log files, which
     allowed local users to obtain sensitive information (bsc#935393).


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Module for Server Applications 15:

      zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2018-1318=1

   - SUSE Linux Enterprise Module for Basesystem 15:

      zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-1318=1



Package List:

   - SUSE Linux Enterprise Module for Server Applications 15 (x86_64):

      rsyslog-debuginfo-8.33.1-3.3.1
      rsyslog-debugsource-8.33.1-3.3.1
      rsyslog-module-gssapi-8.33.1-3.3.1
      rsyslog-module-gssapi-debuginfo-8.33.1-3.3.1
      rsyslog-module-mysql-8.33.1-3.3.1
      rsyslog-module-mysql-debuginfo-8.33.1-3.3.1
      rsyslog-module-pgsql-8.33.1-3.3.1
      rsyslog-module-pgsql-debuginfo-8.33.1-3.3.1
      rsyslog-module-relp-8.33.1-3.3.1
      rsyslog-module-relp-debuginfo-8.33.1-3.3.1
      rsyslog-module-snmp-8.33.1-3.3.1
      rsyslog-module-snmp-debuginfo-8.33.1-3.3.1
      rsyslog-module-udpspoof-8.33.1-3.3.1
      rsyslog-module-udpspoof-debuginfo-8.33.1-3.3.1

   - SUSE Linux Enterprise Module for Basesystem 15 (x86_64):

      rsyslog-8.33.1-3.3.1
      rsyslog-debuginfo-8.33.1-3.3.1
      rsyslog-debugsource-8.33.1-3.3.1


References:

   https://www.suse.com/security/cve/CVE-2015-3243.html
   https://bugzilla.suse.com/935393

More information about the sle-security-updates mailing list