openSUSE has issued an advisory on February 8: https://lists.opensuse.org/opensuse-updates/2019-02/msg00043.html The upstream fix is already included in the version in Cauldron. Patched package uploaded for Mageia 6. Advisory: ======================== Updated rsyslog packages fix security vulnerability: A denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send a specially crafted message to the imptcp socket, which would cause rsyslog to crash (CVE-2018-16881). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16881 https://lists.opensuse.org/opensuse-updates/2019-02/msg00043.html ======================== Updated packages in core/updates_testing: ======================== rsyslog-8.16.0-1.2.mga6 rsyslog-mysql-8.16.0-1.2.mga6 rsyslog-pgsql-8.16.0-1.2.mga6 rsyslog-gssapi-8.16.0-1.2.mga6 rsyslog-relp-8.16.0-1.2.mga6 rsyslog-dbi-8.16.0-1.2.mga6 rsyslog-snmp-8.16.0-1.2.mga6 rsyslog-gnutls-8.16.0-1.2.mga6 rsyslog-crypto-8.16.0-1.2.mga6 rsyslog-elasticsearch-8.16.0-1.2.mga6 rsyslog-journald-8.16.0-1.2.mga6 from rsyslog-8.16.0-1.2.mga6.src.rpm
MGA6-32 MATE on IBM Thinkpad R50e No installation issues Ref to bug 14206 for test: # systemctl start rsyslog # systemctl -l status rsyslog ● rsyslog.service - System Logging Service Loaded: loaded (/usr/lib/systemd/system/rsyslog.service; enabled; vendor preset: enabled) Active: active (running) since ma 2019-02-11 14:38:40 CET; 20s ago Docs: man:rsyslogd(8) http://www.rsyslog.com/doc/ Main PID: 24378 (rsyslogd) CGroup: /system.slice/rsyslog.service └─24378 /sbin/rsyslogd -n feb 11 14:38:38 mach6.hviaene.thuis systemd[1]: Starting System Logging Service... feb 11 14:38:40 mach6.hviaene.thuis systemd[1]: Started System Logging Service. then on remote desktop: logger -n <rsyslog host> --prio-prefix '<201>' testlogmessage and I get here: # tail /var/log/syslog Feb 11 14:39:09 mach6 kernel: [ 8573.991927] Shorewall:net-fw:DROP:IN=enp2s8 OUT= MAC=00:0a:e4:c3:73:39:c8:60:00:da:37:ff:08:00 SRC=192.168.2.1 DST=192.168.2.6 LEN=156 TOS=0x00 PREC=0x00 TTL=64 ID=30856 DF PROTO=UDP SPT=49941 DPT=514 LEN=136 So shorewall intercepted the message on port 514 Opened 514/udp in MCC, entered same command in remote desktop and got # tail /var/log/syslog Feb 11 14:55:25 mach6 root: Shorewall started Feb 11 14:55:25 mach6 shorewall[27884]: done. Feb 11 14:55:25 mach6 systemd[1]: Started Shorewall IPv4 firewall. Feb 11 14:55:25 mach6 systemd[1]: Started Network monitoring daemon (Interactive Firewall and wireless). Feb 11 14:55:25 mach6 root: Shorewall started Feb 11 14:55:25 mach6 shorewall: done. Feb 11 14:55:25 mach6 systemd: Started Shorewall IPv4 firewall. Feb 11 14:55:25 mach6 systemd: Started Network monitoring daemon (Interactive Firewall and wireless). Feb 11 14:55:34 mach6 mandi[28112]: skipping known address: 192.168.2.1 Feb 11 14:55:34 mach6 mandi: skipping known address: 192.168.2.1 but no message showing up. repeated same test after switching off firewall completely, but still no message showing up.
CC: (none) => herman.viaene
No regressions found. Advisory committed to svn. Validating the update.
Whiteboard: (none) => MGA-64-OKKeywords: (none) => advisory, validated_updateCC: (none) => davidwhodgins, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2019-0110.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED