MDVSA-2011:065
- Nom du paquet
- logrotate
- Date
- 2011-04-05
- Advisory ID
- MDVSA-2011:065
- Affected versions
- 2009.0 x86_64 , MES5 i586 , 2010.0 x86_64 , 2010.1 i586 , 2010.0 i586 , 2009.0 i586 , CS4.0 i586 , CS4.0 x86_64 , MES5 x86_64 , 2010.1 x86_64
Problem description
Multiple vulnerabilities were discovered and corrected in logrotate:
Race condition in the createOutputFile function in logrotate.c in
logrotate 3.7.9 and earlier allows local users to read log data
by opening a file before the intended permissions are in place
(CVE-2011-1098).
The shred_file function in logrotate.c in logrotate 3.7.9 and earlier
might allow context-dependent attackers to execute arbitrary commands
via shell metacharacters in a log filename, as demonstrated by a
filename that is automatically constructed on the basis of a hostname
or virtual machine name (CVE-2011-1154).
The writeState function in logrotate.c in logrotate 3.7.9 and earlier
might allow context-dependent attackers to cause a denial of service
(rotation outage) via a (1) \n (newline) or (2) \ (backslash)
character in a log filename, as demonstrated by a filename that
is automatically constructed on the basis of a hostname or virtual
machine name (CVE-2011-1155).
Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
The updated packages have been upgraded to the 3.7.9 version and
patched to correct these issues.
Updated packages
2009.0 x86_64
2310e0214eaea3a34800a0a92038e09c 2009.0/x86_64/logrotate-3.7.9-0.1mdv2009.0.x86_64.rpm e8fb014d36d7cbf3d9502a136d7461dc 2009.0/SRPMS/logrotate-3.7.9-0.1mdv2009.0.src.rpm
MES5 i586
86fc9cddb1502105cca2ff0bd02ac7d2 mes5/i586/logrotate-3.7.9-0.1mdvmes5.2.i586.rpm 921136120d96209ed634a267bdb84906 mes5/SRPMS/logrotate-3.7.9-0.1mdvmes5.2.src.rpm
2010.0 x86_64
5ec315b6769ae5229bcd08edc15fba5e 2010.0/x86_64/logrotate-3.7.9-0.1mdv2010.0.x86_64.rpm c362d49b04ca344d0764696241eea515 2010.0/SRPMS/logrotate-3.7.9-0.1mdv2010.0.src.rpm
2010.1 i586
12ffd6c9bcb6ea29a753b06090b9ce6c 2010.1/i586/logrotate-3.7.9-0.1mdv2010.2.i586.rpm e2e7398998c057d5d5e0b58738717209 2010.1/SRPMS/logrotate-3.7.9-0.1mdv2010.2.src.rpm
2010.0 i586
6367375a0a510b3cdd058dc03c1460dd 2010.0/i586/logrotate-3.7.9-0.1mdv2010.0.i586.rpm c362d49b04ca344d0764696241eea515 2010.0/SRPMS/logrotate-3.7.9-0.1mdv2010.0.src.rpm
2009.0 i586
d5dcb61132d97f7df268ca4eefe2cc32 2009.0/i586/logrotate-3.7.9-0.1mdv2009.0.i586.rpm e8fb014d36d7cbf3d9502a136d7461dc 2009.0/SRPMS/logrotate-3.7.9-0.1mdv2009.0.src.rpm
CS4.0 i586
25bb465cb5f43736421454ad8458064b corporate/4.0/i586/logrotate-3.7.9-0.1.20060mlcs4.i586.rpm e8851b4595095e2d554e8991466600f3 corporate/4.0/SRPMS/logrotate-3.7.9-0.1.20060mlcs4.src.rpm
CS4.0 x86_64
1a855676110e3ca98a0b332daf92cbe0 corporate/4.0/x86_64/logrotate-3.7.9-0.1.20060mlcs4.x86_64.rpm e8851b4595095e2d554e8991466600f3 corporate/4.0/SRPMS/logrotate-3.7.9-0.1.20060mlcs4.src.rpm
MES5 x86_64
9020008a51baa7a662c2653c2a49f7d1 mes5/x86_64/logrotate-3.7.9-0.1mdvmes5.2.x86_64.rpm 921136120d96209ed634a267bdb84906 mes5/SRPMS/logrotate-3.7.9-0.1mdvmes5.2.src.rpm
2010.1 x86_64
be26ee70cfa287f94c1a678ab18caa57 2010.1/x86_64/logrotate-3.7.9-0.1mdv2010.2.x86_64.rpm e2e7398998c057d5d5e0b58738717209 2010.1/SRPMS/logrotate-3.7.9-0.1mdv2010.2.src.rpm