Bug 30383

Summary: rsyslog new security issue CVE-2022-24903
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: critical    
Priority: Normal CC: andrewsfarm, brtians1, davidwhodgins, mageia, sysadmin-bugs
Version: 8Keywords: advisory, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA8-64-OK
Source RPM: rsyslog-8.2106.0-2.mga9.src.rpm CVE: CVE-2022-24903
Status comment:

Description David Walser 2022-05-05 17:27:21 CEST 
Upstream has issued an advisory today (May 5):
https://github.com/rsyslog/rsyslog/security/advisories/GHSA-ggw7-xr6h-mmr8

The issue is fixed upstream in 8.2204.1.

Mageia 8 is also affected.
David Walser 2022-05-05 17:27:31 CEST

Whiteboard: (none) => MGA8TOO
Status comment: (none) => Fixed upstream in 8.2204.1

Comment 1 Nicolas Lécureuil 2022-05-05 22:32:10 CEST 
Fixed in mga9

Version: Cauldron => 8
CC: (none) => mageia
Whiteboard: MGA8TOO => (none)

Comment 2 Nicolas Lécureuil 2022-05-05 22:33:52 CEST 
Fixed in mga8

src.rpm:
        - rsyslog-8.2204.1-1.mga8

Assignee: bugsquad => qa-bugs
Status comment: Fixed upstream in 8.2204.1 => (none)
CVE: (none) => CVE-2022-24903

Comment 3 David Walser 2022-05-05 23:23:05 CEST 
rsyslog-8.2204.1-1.mga8
rsyslog-gssapi-8.2204.1-1.mga8
rsyslog-elasticsearch-8.2204.1-1.mga8
rsyslog-journald-8.2204.1-1.mga8
rsyslog-relp-8.2204.1-1.mga8
rsyslog-crypto-8.2204.1-1.mga8
rsyslog-gnutls-8.2204.1-1.mga8
rsyslog-mysql-8.2204.1-1.mga8
rsyslog-snmp-8.2204.1-1.mga8
rsyslog-dbi-8.2204.1-1.mga8
rsyslog-pgsql-8.2204.1-1.mga8

from rsyslog-8.2204.1-1.mga8.src.rpm
Comment 4 Brian Rockwell 2022-05-07 01:13:41 CEST 
The following 15 packages are going to be installed:

- lib64estr0-0.1.11-3.mga8.x86_64
- lib64fastjson4-0.99.9-1.mga8.x86_64
- lib64pq5-13.6-1.mga8.x86_64
- lib64relp0-1.9.0-1.mga8.x86_64
- rsyslog-8.2204.1-1.mga8.x86_64
- rsyslog-crypto-8.2204.1-1.mga8.x86_64
- rsyslog-dbi-8.2204.1-1.mga8.x86_64
- rsyslog-elasticsearch-8.2204.1-1.mga8.x86_64
- rsyslog-gnutls-8.2204.1-1.mga8.x86_64
- rsyslog-gssapi-8.2204.1-1.mga8.x86_64
- rsyslog-journald-8.2204.1-1.mga8.x86_64
- rsyslog-mysql-8.2204.1-1.mga8.x86_64
- rsyslog-pgsql-8.2204.1-1.mga8.x86_64
- rsyslog-relp-8.2204.1-1.mga8.x86_64
- rsyslog-snmp-8.2204.1-1.mga8.x86_64

3MB of additional disk space will be used.


---

# rsyslogd -v
rsyslogd  8.2204.1 (aka 2022.04) compiled with:
	PLATFORM:				x86_64-mageia-linux-gnu
	PLATFORM (lsb_release -d):		Description:	Mageia 8
	FEATURE_REGEXP:				Yes
	GSSAPI Kerberos 5 support:		Yes
	FEATURE_DEBUG (debug build, slow code):	No
	32bit Atomic operations supported:	Yes
	64bit Atomic operations supported:	Yes
	memory allocator:			system default
	Runtime Instrumentation (slow code):	No
	uuid support:				Yes
	systemd support:			Yes
	Config file:				/etc/rsyslog.conf
	PID file:				/var/run/rsyslogd.pid
	Number of Bits in RainerScript integers: 64

See https://www.rsyslog.com for more information.


# systemctl start rsyslog

# ps -ef | grep rsys
root        3431       1  1 18:07 ?        00:00:02 /usr/sbin/rsyslogd -n

# logger "Hello World"

# pwd
/var/log

# cat messages

May  6 18:12:27 localhost brian: Hello World on May 6



works for me

CC: (none) => brtians1
Whiteboard: (none) => MGA8-64-OK

Comment 5 Thomas Andrews 2022-05-07 15:02:05 CEST 
Validating.

CC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => validated_update

Dave Hodgins 2022-05-08 02:02:14 CEST

Keywords: (none) => advisory
CC: (none) => davidwhodgins

Comment 6 Mageia Robot 2022-05-08 10:01:17 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2022-0165.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED

Comment 7 David Walser 2022-05-17 15:50:45 CEST 
Fedora has issued an advisory for this today (May 17):
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/GMNNXLCU2UORRVSZO24HL4KMVPK5PHVW/