Bug 1030040 - Ads and 3rd party tracking in TLS section of rsyslog documentation
Summary: Ads and 3rd party tracking in TLS section of rsyslog documentation
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: rsyslog7
Version: 6.4
Hardware: Unspecified
OS: Unspecified
low
low
Target Milestone: rc
: ---
Assignee: Tomas Heinrich
QA Contact: Dalibor Pospíšil
URL:
Whiteboard:
Depends On:
Blocks: 1030041 1030043 1030044
TreeView+ depends on / blocked
 
Reported: 2013-11-13 19:11 UTC by Filip Krska
Modified: 2014-10-14 07:30 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
: 1030041 1030043 1030044 1227287 (view as bug list)
Environment:
Last Closed: 2014-10-14 07:30:40 UTC
Target Upstream Version:

Attachments (Terms of Use)
proposed patch (9.23 KB, patch)
2013-11-18 12:19 UTC, Marcel Kolaja 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHEA-2014:1540 0 normal SHIPPED_LIVE new package: rsyslog7 2014-10-14 01:21:40 UTC

Description Filip Krska 2013-11-13 19:11:49 UTC 
Description of problem:

There are unsolicited ads loaded from 3rd party servers (implies unsolicited and unexpected tracking by the 3rd party, so privacy concerns may apply) via following markup:

<span style="float: left">
<script type="text/javascript"><!--
google_ad_client = "pub-3204610807458280";
/* rsyslog doc inline */
google_ad_slot = "5958614527";
google_ad_width = 125;
google_ad_height = 125;
//-->
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
</span>

in following doc pages:

/usr/share/doc/rsyslog-4.6.2/rsyslog_secure_tls.html
/usr/share/doc/rsyslog-4.6.2/tls_cert_errmsgs.html
/usr/share/doc/rsyslog-4.6.2/tls_cert_ca.html
/usr/share/doc/rsyslog-4.6.2/tls_cert_machine.html
/usr/share/doc/rsyslog-4.6.2/tls_cert_scenario.html
/usr/share/doc/rsyslog-4.6.2/tls_cert_server.html
/usr/share/doc/rsyslog-4.6.2/tls_cert_client.html
/usr/share/doc/rsyslog-4.6.2/tls_cert_udp_relay.html
/usr/share/doc/rsyslog-4.6.2/tls_cert_summary.html


Version-Release number of selected component (if applicable):

All versions (RHEL 5,6,7, latest Fedora affected)

How reproducible:

Allways

Steps to Reproduce:
1. browse e.g. file:///usr/share/doc/rsyslog-5.8.10/rsyslog_secure_tls.html with web browser

Actual results:

Ads are loaded from http://pagead2.googlesyndication.com

Expected results:

No http request to 3rd party site is performed, no ads displayed when browsing local docs

Additional info:
Comment 1 Tomas Heinrich 2013-11-14 14:40:45 UTC 
Good catch, thanks.
Comment 2 Marcel Kolaja 2013-11-18 12:19:25 UTC 
Created attachment 825574 [details]
proposed patch
Comment 3 Tomas Heinrich 2013-11-18 15:45:25 UTC 
Thanks for the patch, I've already sent a variation of it patch to upstream. They need to review whether there aren't any other glitches and when they merge, I'll use the final version.
Comment 8 errata-xmlrpc 2014-10-14 07:30:40 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHEA-2014-1540.html
Note You need to log in before you can comment on or make changes to this bug.