diff options
author | Zhixiong Chi <zhixiong.chi@windriver.com> | 2017-08-20 10:51:48 +0800 |
---|---|---|
committer | Martin Jansa <Martin.Jansa@gmail.com> | 2017-08-31 15:22:57 +0200 |
commit | d802d780321f47fb691626286d60f3e7a2f70057 (patch) | |
tree | 8faae8d29f3d142e71a96a106e873bb3cd1c169b /meta-oe/recipes-devtools/rapidjson | |
parent | 24230a7fe13ac91531361b829df0524d6d9cbadc (diff) | |
download | meta-openembedded-contrib-d802d780321f47fb691626286d60f3e7a2f70057.tar.gz |
rsyslog: CVE-2015-3243
rsyslog uses weak permissions for generating log files, which allows
local users to obtain sensitive information by reading files in
/var/log/cron.log
We add "create 0600 root root" to the /etc/logrotate.d/syslog file,
this will ensure the file is created with permissions when logrotate
runs. It is also recommended that users manually set the permissions
on existing or newly installed log files in order to prevent access
by untrusted users.
https://bugzilla.redhat.com/show_bug.cgi?id=1232826
CVE: CVE-2015-3243
Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Diffstat (limited to 'meta-oe/recipes-devtools/rapidjson')
0 files changed, 0 insertions, 0 deletions