Upstream has issued an advisory today (May 5): https://github.com/rsyslog/rsyslog/security/advisories/GHSA-ggw7-xr6h-mmr8 The issue is fixed upstream in 8.2204.1. Mageia 8 is also affected.
Whiteboard: (none) => MGA8TOOStatus comment: (none) => Fixed upstream in 8.2204.1
Fixed in mga9
Version: Cauldron => 8CC: (none) => mageiaWhiteboard: MGA8TOO => (none)
Fixed in mga8 src.rpm: - rsyslog-8.2204.1-1.mga8
Assignee: bugsquad => qa-bugsStatus comment: Fixed upstream in 8.2204.1 => (none)CVE: (none) => CVE-2022-24903
rsyslog-8.2204.1-1.mga8 rsyslog-gssapi-8.2204.1-1.mga8 rsyslog-elasticsearch-8.2204.1-1.mga8 rsyslog-journald-8.2204.1-1.mga8 rsyslog-relp-8.2204.1-1.mga8 rsyslog-crypto-8.2204.1-1.mga8 rsyslog-gnutls-8.2204.1-1.mga8 rsyslog-mysql-8.2204.1-1.mga8 rsyslog-snmp-8.2204.1-1.mga8 rsyslog-dbi-8.2204.1-1.mga8 rsyslog-pgsql-8.2204.1-1.mga8 from rsyslog-8.2204.1-1.mga8.src.rpm
The following 15 packages are going to be installed: - lib64estr0-0.1.11-3.mga8.x86_64 - lib64fastjson4-0.99.9-1.mga8.x86_64 - lib64pq5-13.6-1.mga8.x86_64 - lib64relp0-1.9.0-1.mga8.x86_64 - rsyslog-8.2204.1-1.mga8.x86_64 - rsyslog-crypto-8.2204.1-1.mga8.x86_64 - rsyslog-dbi-8.2204.1-1.mga8.x86_64 - rsyslog-elasticsearch-8.2204.1-1.mga8.x86_64 - rsyslog-gnutls-8.2204.1-1.mga8.x86_64 - rsyslog-gssapi-8.2204.1-1.mga8.x86_64 - rsyslog-journald-8.2204.1-1.mga8.x86_64 - rsyslog-mysql-8.2204.1-1.mga8.x86_64 - rsyslog-pgsql-8.2204.1-1.mga8.x86_64 - rsyslog-relp-8.2204.1-1.mga8.x86_64 - rsyslog-snmp-8.2204.1-1.mga8.x86_64 3MB of additional disk space will be used. --- # rsyslogd -v rsyslogd 8.2204.1 (aka 2022.04) compiled with: PLATFORM: x86_64-mageia-linux-gnu PLATFORM (lsb_release -d): Description: Mageia 8 FEATURE_REGEXP: Yes GSSAPI Kerberos 5 support: Yes FEATURE_DEBUG (debug build, slow code): No 32bit Atomic operations supported: Yes 64bit Atomic operations supported: Yes memory allocator: system default Runtime Instrumentation (slow code): No uuid support: Yes systemd support: Yes Config file: /etc/rsyslog.conf PID file: /var/run/rsyslogd.pid Number of Bits in RainerScript integers: 64 See https://www.rsyslog.com for more information. # systemctl start rsyslog # ps -ef | grep rsys root 3431 1 1 18:07 ? 00:00:02 /usr/sbin/rsyslogd -n # logger "Hello World" # pwd /var/log # cat messages May 6 18:12:27 localhost brian: Hello World on May 6 works for me
CC: (none) => brtians1Whiteboard: (none) => MGA8-64-OK
Validating.
CC: (none) => andrewsfarm, sysadmin-bugsKeywords: (none) => validated_update
Keywords: (none) => advisoryCC: (none) => davidwhodgins
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0165.html
Status: NEW => RESOLVEDResolution: (none) => FIXED
Fedora has issued an advisory for this today (May 17): https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/GMNNXLCU2UORRVSZO24HL4KMVPK5PHVW/