[SECURITY UPDATE] logcheck ignore database v0.13

tier1.jp released logcheck ignore database v0.13 for Debian GNU/Linux stretch and buster.

Security Issue

logcheck may cause a security issue which leaks restricted dmesg information.

v0.13 adds more suppression rules for kernel dmesg outputs.


Please update our ignore database ASAP, if you are using.

  1. Minimize the system.
    • If possible, purge development tool chains.
  2. Do not add daily normal users into logcheck recipient lists.
    • Especially do exclude developer accounts.
  3. Restrict web access.
    • Never execute anything from the Internet directly.
    • Use browser tracking protections as much as possible.
  4. Create special (but normal) user to receive those logcheck summary mails.
    • who does nothing but to read summary mails.
  5. Use buster (Linux Kernel 4.19)
    • Or use backported 4.19 kernel for stretch.
    • Linux Kernel 4.15-rc1 addressed this issue.


The tar file is available at the software page.

published: MODIFIED: