Bug 25811 - rsyslog new security issues CVE-2019-17041 and CVE-2019-17042
Summary: rsyslog new security issues CVE-2019-17041 and CVE-2019-17042
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 7
Hardware: All Linux
Priority: Normal major
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA7-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2019-12-03 21:17 CET by David Walser
Modified: 2019-12-19 14:45 CET (History)
5 users (show)

See Also:
Source RPM: rsyslog-8.40.0-4.mga7.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2019-12-03 21:17:49 CET 
openSUSE has issued an advisory on November 14:
https://lists.opensuse.org/opensuse-updates/2019-11/msg00080.html

Mageia 7 is also affected.
David Walser 2019-12-03 21:18:01 CET

Whiteboard: (none) => MGA7TOO

Comment 1 Lewis Smith 2019-12-06 17:54:34 CET 
Assigning to DavidG as the most recent active maintainer.

Assignee: bugsquad => geiger.david68210

Comment 2 David GEIGER 2019-12-15 10:46:27 CET 
Done for both Cauldron and mga7!
Comment 3 David Walser 2019-12-15 15:52:09 CET 
Advisory:
========================

Updated rsyslog packages fix security vulnerabilities:

Heap overflow in the parser for AIX log messages (CVE-2019-17041).

Heap overflow in the parser for Cisco log messages (CVE-2019-17042).

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17041
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17042
https://lists.opensuse.org/opensuse-updates/2019-11/msg00080.html
========================

Updated packages in core/updates_testing:
========================
rsyslog-8.40.0-4.1.mga7
rsyslog-mysql-8.40.0-4.1.mga7
rsyslog-pgsql-8.40.0-4.1.mga7
rsyslog-gssapi-8.40.0-4.1.mga7
rsyslog-relp-8.40.0-4.1.mga7
rsyslog-dbi-8.40.0-4.1.mga7
rsyslog-snmp-8.40.0-4.1.mga7
rsyslog-gnutls-8.40.0-4.1.mga7
rsyslog-crypto-8.40.0-4.1.mga7
rsyslog-elasticsearch-8.40.0-4.1.mga7
rsyslog-journald-8.40.0-4.1.mga7

from rsyslog-8.40.0-4.1.mga7.src.rpm

Version: Cauldron => 7
CC: (none) => geiger.david68210
Assignee: geiger.david68210 => qa-bugs
Whiteboard: MGA7TOO => (none)

Comment 4 Herman Viaene 2019-12-17 10:10:43 CET 
MGA7-64 Plasma on Lenovo B50
No installation issues.
Ref to bug 24342 Comment 6
# systemctl  start rsyslog
# systemctl  -l status rsyslog
● rsyslog.service - System Logging Service
   Loaded: loaded (/usr/lib/systemd/system/rsyslog.service; enabled; vendor preset: enabled)
   Active: active (running) since Tue 2019-12-17 09:52:34 CET; 13s ago
     Docs: man:rsyslogd(8)
           https://www.rsyslog.com/doc/
 Main PID: 9058 (rsyslogd)
   Memory: 144.1M
   CGroup: /system.slice/rsyslog.service
           └─9058 /sbin/rsyslogd -n

dec 17 09:52:34 mach5.hviaene.thuis systemd[1]: Starting System Logging Service...
dec 17 09:52:34 mach5.hviaene.thuis rsyslogd[9058]: imuxsock: Acquired UNIX socket '/run/systemd/journal/syslog' (fd 3) from systemd.  [v8.40.0]
dec 17 09:52:34 mach5.hviaene.thuis rsyslogd[9058]:  [origin software="rsyslogd" swVersion="8.40.0" x-pid="9058" x-info="https://www.rsyslog.com"] start
dec 17 09:52:34 mach5.hviaene.thuis systemd[1]: Started System Logging Service.
dec 17 09:52:37 mach5.hviaene.thuis rsyslogd[9058]: imjournal from <mach5:tester7>: begin to drop messages due to rate-limiting
Made sure firewall was active, then from remote desktop:
$ logger -n <rsyslog host> --prio-prefix '<201>' testlogmessage

On this laptop then:
# tail /var/log/syslog
Dec 17 09:56:55 mach5 shorewall[27834]: Preparing iptables-restore input...
Dec 17 09:56:55 mach5 shorewall[27834]: Running /sbin/iptables-restore --wait 60...
Dec 17 09:56:55 mach5 shorewall[27834]: Processing /etc/shorewall/start ...
Dec 17 09:56:55 mach5 kernel: [ 1388.803291] netfilter PSD loaded - (c) astaro AG
Dec 17 09:56:55 mach5 kernel: [ 1388.819524] IFWLOG: register target
Dec 17 09:56:55 mach5 shorewall[27834]: Processing /etc/shorewall/started ...
Dec 17 09:56:55 mach5 root: Shorewall started
Dec 17 09:56:55 mach5 shorewall[27834]: done.
Dec 17 09:56:55 mach5 systemd[1]: Started Shorewall IPv4 firewall.
Dec 17 09:57:22 mach5 kernel: [ 1415.175790] net-fw DROP IN=wlp9s0 OUT= MAC=b4:6d:83:0d:0c:14:c8:60:00:da:37:ff:08:00 SRC=192.168.2.1 DST=192.168.2.5 LEN=178 TOS=0x00 PREC=0x00 TTL=64 ID=56116 DF PROTO=UDP SPT=45707 DPT=514 LEN=158 
shows dropping of test in firewall
Then allowed 514/udp in firewall, did same command in remote desktop and get here now:
# tail /var/log/syslog
Dec 17 09:58:58 mach5 shorewall[6208]: Setting up Route Filtering...
Dec 17 09:58:58 mach5 shorewall[6208]: Setting up Martian Logging...
Dec 17 09:58:58 mach5 shorewall[6208]: Setting up Proxy ARP...
Dec 17 09:58:58 mach5 shorewall[6208]: Preparing iptables-restore input...
Dec 17 09:58:58 mach5 shorewall[6208]: Running /sbin/iptables-restore --wait 60...
Dec 17 09:58:58 mach5 shorewall[6208]: Processing /etc/shorewall/start ...
Dec 17 09:58:58 mach5 shorewall[6208]: Processing /etc/shorewall/started ...
Dec 17 09:58:58 mach5 root: Shorewall started
Dec 17 09:58:58 mach5 shorewall[6208]: done.
Dec 17 09:58:58 mach5 systemd[1]: Started Shorewall IPv4 firewall.
nothing intercepted in firewall, as could be expected.
Feedback is not 100% the same as in bug 24342, but seems OK.
Good to go for me.

CC: (none) => herman.viaene
Whiteboard: (none) => MGA7-64-OK

Comment 5 Thomas Andrews 2019-12-17 18:00:33 CET 
Validating. Advisory in Comment 3.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Thomas Backlund 2019-12-19 13:27:29 CET

CC: (none) => tmb
Keywords: (none) => advisory

Comment 6 Mageia Robot 2019-12-19 14:45:58 CET 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2019-0400.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED
Note You need to log in before you can comment on or make changes to this bug.