logrotate-3.18.0-7.el9
エラータID: AXSA:2023-4595:01
The logrotate utility simplifies the administration of multiple log files by allowing their automatic rotation, compression, removal, and mailing.
Security Fix(es):
* logrotate: potential DoS from unprivileged users via the state file (CVE-2022-1348)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the MIRACLE LINUX 9.1 Release Notes linked from the References section.
CVE-2022-1348
A vulnerability was found in logrotate in how the state file is created. The state file is used to prevent parallel executions of multiple instances of logrotate by acquiring and releasing a file lock. When the state file does not exist, it is created with world-readable permission, allowing an unprivileged user to lock the state file, stopping any rotation. This flaw affects logrotate versions before 3.20.0.
Update packages.
A vulnerability was found in logrotate in how the state file is created. The state file is used to prevent parallel executions of multiple instances of logrotate by acquiring and releasing a file lock. When the state file does not exist, it is created with world-readable permission, allowing an unprivileged user to lock the state file, stopping any rotation. This flaw affects logrotate versions before 3.20.0.
N/A
SRPMS
- logrotate-3.18.0-7.el9.src.rpm
MD5: 210ea7ea5885f54573211628258e28ce
SHA-256: 08016724a79df9e029597e4bc9627c186cede58a7cc9299f480c1bd6aa95f473
Size: 185.49 kB
Asianux Server 9 for x86_64
- logrotate-3.18.0-7.el9.x86_64.rpm
MD5: 4a2db3f41c244fe767a63a727e5c78e9
SHA-256: 926ef30baa5e1f6bc5f9efe29d9eb1081ee8e9b2c553e986db039b55c8fa68be
Size: 74.53 kB
日本語