[Secure-testing-team] Bug#763829: rsyslogd is not correctly restarted, vulnerable version still running

[Vincent Lefevre]

Package: rsyslog
Version: 8.4.2-1
Severity: grave
Tags: security
Justification: user security hole

When a vulnerability is corrected, it is important to restart
the daemon. But this was not done correctly, and the vulnerable
version is still running!

root      1990     1  0 Sep29 ?        00:00:00 /usr/sbin/rsyslogd

And from the output during the upgrade:

Setting up rsyslog (8.4.2-1) ...
[ ok ] Stopping enhanced syslogd: rsyslogd already stopped.
[....] Starting enhanced syslogd: rsyslogd Already running. If you want to run multiple instances, you need to specify different pid files (use -i option)
[ ok ady started.

Something seems to be really wrong...

-- System Information:
Debian Release: jessie/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16-2-amd64 (SMP w/8 CPU cores)
Locale: LANG=POSIX, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages rsyslog depends on:
ii  init-system-helpers  1.21
ii  initscripts          2.88dsf-53.4
ii  libc6                2.19-11
ii  libestr0             0.1.9-1.1
ii  libjson-c2           0.11-4
ii  liblogging-stdlog0   1.0.4-1
ii  liblognorm1          1.0.1-3
ii  libuuid1             2.20.1-5.9
ii  lsb-base             4.1+Debian13
ii  zlib1g               1:1.2.8.dfsg-2

Versions of packages rsyslog recommends:
ii  logrotate  3.8.7-1

Versions of packages rsyslog suggests:
ii  rsyslog-doc                    8.4.1-1
pn  rsyslog-gnutls                 <none>
pn  rsyslog-gssapi                 <none>
pn  rsyslog-mongodb                <none>
pn  rsyslog-mysql | rsyslog-pgsql  <none>
pn  rsyslog-relp                   <none>

-- no debconf information