(RHSA-2011:0324) Important: logwatch security update

2011-03-07T05:00:00
ID RHSA-2011:0324
Type redhat
Reporter RedHat
Modified 2018-06-06T20:24:07

Description

Logwatch is a customizable log analysis system. Logwatch parses through your system's logs for a given period of time and creates a report analyzing areas that you specify, in as much detail as you require.

A flaw was found in the way Logwatch processed log files. If an attacker were able to create a log file with a malicious file name, it could result in arbitrary code execution with the privileges of the root user when that log file is analyzed by Logwatch. (CVE-2011-1018)

Users of logwatch should upgrade to this updated package, which contains a backported patch to resolve this issue.