logrotate-3.7.8-12.AXS4.1
エラータID: AXSA:2011-134:01
The logrotate utility is designed to simplify the administration of log files on a system which generates a lot of log files. Logrotate allows for the automatic rotation compression, removal and mailing of log files. Logrotate can be set to handle a log file daily, weekly, monthly or when the log file gets to a certain size. Normally, logrotate runs as a daily cron job.
Install the logrotate package if you need a utility to deal with the log files on your system.
Security issues fixed with this release:
CVE-2011-1098
Race condition in the createOutputFile function in logrotate.c in logrotate 3.7.9 and earlier allows local users to read log data by opening a file before the intended permissions are in place.
CVE-2011-1154
The shred_file function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name.
CVE-2011-1155
The writeState function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to cause a denial of service (rotation outage) via a (1) n (newline) or (2) (backslash) character in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name.
Update packages.
Race condition in the createOutputFile function in logrotate.c in logrotate 3.7.9 and earlier allows local users to read log data by opening a file before the intended permissions are in place.
The shred_file function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name.
The writeState function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to cause a denial of service (rotation outage) via a (1) \n (newline) or (2) \ (backslash) character in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name.
N/A
SRPMS
- logrotate-3.7.8-12.AXS4.1.src.rpm
MD5: 26588cf7d7430abef5d073af8da8b231
SHA-256: a9d71ad3ede06a7d60ce87dac95c30edbe400e7b3f81bd36e701266c9efeb03b
Size: 71.46 kB
Asianux Server 4 for x86
- logrotate-3.7.8-12.AXS4.1.i686.rpm
MD5: 2bdaa5e94ebc5a87c3707496f8dcc8e5
SHA-256: b4f15dd7e7cab123802ab8250f4a799fa398885cac6cafad6c5c47e464c52775
Size: 52.55 kB
Asianux Server 4 for x86_64
- logrotate-3.7.8-12.AXS4.1.x86_64.rpm
MD5: 8011dcd3fa98c22f561905c5bdaa8dbf
SHA-256: 0a587efc6ac728f6db7856a30dcacd1241c40b0fc3ad08063131d7252b97dbe2
Size: 52.80 kB