Bug 24342

Summary: rsyslog new security issue CVE-2018-16881
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: major    
Priority: Normal CC: davidwhodgins, herman.viaene, sysadmin-bugs
Version: 6Keywords: advisory, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA-64-OK
Source RPM: rsyslog-8.16.0-1.1.mga6.src.rpm CVE:
Status comment:

Description David Walser 2019-02-10 22:54:38 CET 
openSUSE has issued an advisory on February 8:
https://lists.opensuse.org/opensuse-updates/2019-02/msg00043.html

The upstream fix is already included in the version in Cauldron.

Patched package uploaded for Mageia 6.

Advisory:
========================

Updated rsyslog packages fix security vulnerability:

A denial of service vulnerability was found in rsyslog in the imptcp module.
An attacker could send a specially crafted message to the imptcp socket, which
would cause rsyslog to crash (CVE-2018-16881).

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16881
https://lists.opensuse.org/opensuse-updates/2019-02/msg00043.html
========================

Updated packages in core/updates_testing:
========================
rsyslog-8.16.0-1.2.mga6
rsyslog-mysql-8.16.0-1.2.mga6
rsyslog-pgsql-8.16.0-1.2.mga6
rsyslog-gssapi-8.16.0-1.2.mga6
rsyslog-relp-8.16.0-1.2.mga6
rsyslog-dbi-8.16.0-1.2.mga6
rsyslog-snmp-8.16.0-1.2.mga6
rsyslog-gnutls-8.16.0-1.2.mga6
rsyslog-crypto-8.16.0-1.2.mga6
rsyslog-elasticsearch-8.16.0-1.2.mga6
rsyslog-journald-8.16.0-1.2.mga6

from rsyslog-8.16.0-1.2.mga6.src.rpm
Comment 1 Herman Viaene 2019-02-11 15:00:12 CET 
MGA6-32 MATE on IBM Thinkpad R50e
No installation issues
Ref to bug 14206 for test:
# systemctl  start rsyslog
# systemctl  -l status rsyslog
● rsyslog.service - System Logging Service
   Loaded: loaded (/usr/lib/systemd/system/rsyslog.service; enabled; vendor preset: enabled)
   Active: active (running) since ma 2019-02-11 14:38:40 CET; 20s ago
     Docs: man:rsyslogd(8)
           http://www.rsyslog.com/doc/
 Main PID: 24378 (rsyslogd)
   CGroup: /system.slice/rsyslog.service
           └─24378 /sbin/rsyslogd -n

feb 11 14:38:38 mach6.hviaene.thuis systemd[1]: Starting System Logging Service...
feb 11 14:38:40 mach6.hviaene.thuis systemd[1]: Started System Logging Service.

then on remote desktop:
logger -n <rsyslog host> --prio-prefix '<201>' testlogmessage

and I get here:
# tail /var/log/syslog
Feb 11 14:39:09 mach6 kernel: [ 8573.991927] Shorewall:net-fw:DROP:IN=enp2s8 OUT= MAC=00:0a:e4:c3:73:39:c8:60:00:da:37:ff:08:00 SRC=192.168.2.1 DST=192.168.2.6 LEN=156 TOS=0x00 PREC=0x00 TTL=64 ID=30856 DF PROTO=UDP SPT=49941 DPT=514 LEN=136 
So shorewall intercepted the message on port 514
Opened 514/udp in MCC, entered same command in remote desktop and got
# tail /var/log/syslog
Feb 11 14:55:25 mach6 root: Shorewall started
Feb 11 14:55:25 mach6 shorewall[27884]: done.
Feb 11 14:55:25 mach6 systemd[1]: Started Shorewall IPv4 firewall.
Feb 11 14:55:25 mach6 systemd[1]: Started Network monitoring daemon (Interactive Firewall and wireless).
Feb 11 14:55:25 mach6 root: Shorewall started
Feb 11 14:55:25 mach6 shorewall: done.
Feb 11 14:55:25 mach6 systemd: Started Shorewall IPv4 firewall.
Feb 11 14:55:25 mach6 systemd: Started Network monitoring daemon (Interactive Firewall and wireless).
Feb 11 14:55:34 mach6 mandi[28112]: skipping known address: 192.168.2.1
Feb 11 14:55:34 mach6 mandi: skipping known address: 192.168.2.1
but no message showing up.
repeated same test after switching off firewall completely, but still no message showing up.

CC: (none) => herman.viaene

Comment 2 Dave Hodgins 2019-03-14 20:22:06 CET 
No regressions found. Advisory committed to svn. Validating the update.

Whiteboard: (none) => MGA-64-OK
Keywords: (none) => advisory, validated_update
CC: (none) => davidwhodgins, sysadmin-bugs

Comment 3 Mageia Robot 2019-03-14 22:41:14 CET 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2019-0110.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED