Paketname
logrotate
Datum
2011-04-05
Advisory ID
MDVSA-2011:065
Betroffene Versionen
2009.0 x86_64 , MES5 i586 , 2010.0 x86_64 , 2010.1 i586 , 2010.0 i586 , 2009.0 i586 , CS4.0 i586 , CS4.0 x86_64 , MES5 x86_64 , 2010.1 x86_64

Problembeschreibung

Multiple vulnerabilities were discovered and corrected in logrotate:

Race condition in the createOutputFile function in logrotate.c in
logrotate 3.7.9 and earlier allows local users to read log data
by opening a file before the intended permissions are in place
(CVE-2011-1098).

The shred_file function in logrotate.c in logrotate 3.7.9 and earlier
might allow context-dependent attackers to execute arbitrary commands
via shell metacharacters in a log filename, as demonstrated by a
filename that is automatically constructed on the basis of a hostname
or virtual machine name (CVE-2011-1154).

The writeState function in logrotate.c in logrotate 3.7.9 and earlier
might allow context-dependent attackers to cause a denial of service
(rotation outage) via a (1) \n (newline) or (2) \ (backslash)
character in a log filename, as demonstrated by a filename that
is automatically constructed on the basis of a hostname or virtual
machine name (CVE-2011-1155).

Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

The updated packages have been upgraded to the 3.7.9 version and
patched to correct these issues.

Aktualisierte Pakete

2009.0 x86_64

 2310e0214eaea3a34800a0a92038e09c  2009.0/x86_64/logrotate-3.7.9-0.1mdv2009.0.x86_64.rpm 
 e8fb014d36d7cbf3d9502a136d7461dc  2009.0/SRPMS/logrotate-3.7.9-0.1mdv2009.0.src.rpm

MES5 i586

 86fc9cddb1502105cca2ff0bd02ac7d2  mes5/i586/logrotate-3.7.9-0.1mdvmes5.2.i586.rpm 
 921136120d96209ed634a267bdb84906  mes5/SRPMS/logrotate-3.7.9-0.1mdvmes5.2.src.rpm

2010.0 x86_64

 5ec315b6769ae5229bcd08edc15fba5e  2010.0/x86_64/logrotate-3.7.9-0.1mdv2010.0.x86_64.rpm 
 c362d49b04ca344d0764696241eea515  2010.0/SRPMS/logrotate-3.7.9-0.1mdv2010.0.src.rpm

2010.1 i586

 12ffd6c9bcb6ea29a753b06090b9ce6c  2010.1/i586/logrotate-3.7.9-0.1mdv2010.2.i586.rpm 
 e2e7398998c057d5d5e0b58738717209  2010.1/SRPMS/logrotate-3.7.9-0.1mdv2010.2.src.rpm

2010.0 i586

 6367375a0a510b3cdd058dc03c1460dd  2010.0/i586/logrotate-3.7.9-0.1mdv2010.0.i586.rpm 
 c362d49b04ca344d0764696241eea515  2010.0/SRPMS/logrotate-3.7.9-0.1mdv2010.0.src.rpm

2009.0 i586

 d5dcb61132d97f7df268ca4eefe2cc32  2009.0/i586/logrotate-3.7.9-0.1mdv2009.0.i586.rpm 
 e8fb014d36d7cbf3d9502a136d7461dc  2009.0/SRPMS/logrotate-3.7.9-0.1mdv2009.0.src.rpm

CS4.0 i586

 25bb465cb5f43736421454ad8458064b  corporate/4.0/i586/logrotate-3.7.9-0.1.20060mlcs4.i586.rpm 
 e8851b4595095e2d554e8991466600f3  corporate/4.0/SRPMS/logrotate-3.7.9-0.1.20060mlcs4.src.rpm

CS4.0 x86_64

 1a855676110e3ca98a0b332daf92cbe0  corporate/4.0/x86_64/logrotate-3.7.9-0.1.20060mlcs4.x86_64.rpm 
 e8851b4595095e2d554e8991466600f3  corporate/4.0/SRPMS/logrotate-3.7.9-0.1.20060mlcs4.src.rpm

MES5 x86_64

 9020008a51baa7a662c2653c2a49f7d1  mes5/x86_64/logrotate-3.7.9-0.1mdvmes5.2.x86_64.rpm 
 921136120d96209ed634a267bdb84906  mes5/SRPMS/logrotate-3.7.9-0.1mdvmes5.2.src.rpm

2010.1 x86_64

 be26ee70cfa287f94c1a678ab18caa57  2010.1/x86_64/logrotate-3.7.9-0.1mdv2010.2.x86_64.rpm 
 e2e7398998c057d5d5e0b58738717209  2010.1/SRPMS/logrotate-3.7.9-0.1mdv2010.2.src.rpm

Referenzen