tier1.jp

[SECURITY UPDATE] logcheck ignore database v0.13

tier1.jp released logcheck ignore database v0.13 for Debian GNU/Linux stretch and buster.

Security Issue

logcheck may cause a security issue which leaks restricted dmesg information.

v0.13 adds more suppression rules for kernel dmesg outputs.

Mitigation

Please update our ignore database ASAP, if you are using.

  1. Minimize the system.
    • If possible, purge development tool chains.
  2. Do not add daily normal users into logcheck recipient lists.
    • Especially do exclude developer accounts.
  3. Restrict web access.
    • Never execute anything from the Internet directly.
    • Use browser tracking protections as much as possible.
  4. Create special (but normal) user to receive those logcheck summary mails.
    • who does nothing but to read summary mails.
  5. Use buster (Linux Kernel 4.19)
    • Or use backported 4.19 kernel for stretch.
    • Linux Kernel 4.15-rc1 addressed this issue.

Download

The tar file is available at the software page.

published: MODIFIED:
UP