logrotate security update

3.18.0-7 - lockState: do not print error: when exit code is unaffected 2090926 3.18.0-6 - fix potential DoS from unprivileged users via the state file CVE-2022-1348 Mon Aug 09 2021 Mohan Boddu - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz1991688 3.18.0-4 - make renamecopy and...

SUSE-SU-2022:2398-1 Security update for logrotate

This update for logrotate fixes the following issues: Security issues fixed: - Improved coredump handing for SUID binaries bsc1192449. Non-security issues fixed: - Fixed 'logrotate emits unintended warning: keyword size not properly separated, found 0x3d' bsc1200278, bsc1200802...

Red Hat Enterprise Linux logrotate任意执行命令及信息泄露漏洞

CVE ID: CVE-2011-1155,CVE-2011-1154,CVE-2011-1098 logrotate程序可简化多个日志文件的管理，允许日志文件的自动循环、压缩、删除和 邮寄。 logrotate处理shred指令时存在shell命令注入漏洞，特制日志文件可造成logrotate 以运行logrotate默认root的用户权限执行任意命令。注意：默认没有启用shred指令。 logrotate在创建新日志文件时应用权限的方式中存在竞争条件漏洞，在一些特定配置 中，本地攻击者可利用此漏洞在logrotate应用最终权限之前打开新的日志文件，可导 致泄露敏感信息。...