rsyslog: set status for CVE-2015-3243 - linux/meta-openembedded.git - Mirror of git.openembedded.org/meta-openembedded

diff options

author	Gyorgy Sarvari <skandigraun@gmail.com>	2025-11-14 13:48:45 +0100
committer	Khem Raj <raj.khem@gmail.com>	2025-11-14 07:39:48 -0800
commit	38ea8a4617ad395b2addd24bd1f6b57a8242fa0b (patch)
tree	902893a01e885f07fc8a777bf69e84fdec997d7d /meta-python/recipes-devtools/python/python3-checksec-py/0001-main-Add-option-to-ignore-symlinks.patch
parent	fe8d5e0cc0abbe19aa267ab7f9e78cbb5adc153b (diff)
download	meta-openembedded-38ea8a4617ad395b2addd24bd1f6b57a8242fa0b.tar.gz

rsyslog: set status for CVE-2015-3243

Details: https://nvd.nist.gov/vuln/detail/CVE-2015-3243 The issue is about file permissions: by default rsyslog creates world-readable files. In case a log message contains some sensitive information, then that's exposed to every user on the system. However the rsyslog.conf file that is shipped with the recipe solves it: it already sets non-world-readable default permissions on all files, so this vulnerability is fixed in the default OE recipe. See also this package in OpenSuse[1], where it is solved the same way. [1]: https://build.opensuse.org/requests/619439/changes (rsyslog.conf.in) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>

Diffstat (limited to 'meta-python/recipes-devtools/python/python3-checksec-py/0001-main-Add-option-to-ignore-symlinks.patch')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: