Package: rsyslog Version: 8.4.2-1 Severity: grave Tags: security Justification: user security hole
When a vulnerability is corrected, it is important to restart the daemon. But this was not done correctly, and the vulnerable version is still running! root 1990 1 0 Sep29 ? 00:00:00 /usr/sbin/rsyslogd And from the output during the upgrade: Setting up rsyslog (8.4.2-1) ... [ ok ] Stopping enhanced syslogd: rsyslogd already stopped. [....] Starting enhanced syslogd: rsyslogd Already running. If you want to run multiple instances, you need to specify different pid files (use -i option) [ ok ady started. Something seems to be really wrong... -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16-2-amd64 (SMP w/8 CPU cores) Locale: LANG=POSIX, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages rsyslog depends on: ii init-system-helpers 1.21 ii initscripts 2.88dsf-53.4 ii libc6 2.19-11 ii libestr0 0.1.9-1.1 ii libjson-c2 0.11-4 ii liblogging-stdlog0 1.0.4-1 ii liblognorm1 1.0.1-3 ii libuuid1 2.20.1-5.9 ii lsb-base 4.1+Debian13 ii zlib1g 1:1.2.8.dfsg-2 Versions of packages rsyslog recommends: ii logrotate 3.8.7-1 Versions of packages rsyslog suggests: ii rsyslog-doc 8.4.1-1 pn rsyslog-gnutls <none> pn rsyslog-gssapi <none> pn rsyslog-mongodb <none> pn rsyslog-mysql | rsyslog-pgsql <none> pn rsyslog-relp <none> -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
