Package logrotate updated to version 3.20.1-alt2 for branch p10 in task 321948.

Published: 2011-03-31

BDU:2015-06014

Уязвимости операционной системы Red Hat Enterprise Linux, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

Severity: MEDIUM (6.9) Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

References:

Published: 2011-03-31

BDU:2015-06014

Severity: MEDIUM (6.9) Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

References:

Published: 2011-03-31

BDU:2015-06014

Severity: MEDIUM (6.9) Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

References:

Published: 2011-03-31

BDU:2015-06015

Severity: MEDIUM (6.9) Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

References:

Published: 2011-03-31

BDU:2015-06015

Severity: MEDIUM (6.9) Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

References:

Published: 2011-03-31

BDU:2015-06015

Severity: MEDIUM (6.9) Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

References:

Published: 2012-06-25

BDU:2015-09654

Уязвимости операционной системы Gentoo Linux, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

Severity: MEDIUM (6.9) Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

References:

Published: 2012-06-25

BDU:2015-09654

Severity: MEDIUM (6.9) Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

References:

Published: 2012-06-25

BDU:2015-09654

Severity: MEDIUM (6.9) Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

References:

Published: 2011-03-30
Modified: 2025-04-11

CVE-2011-1098

Race condition in the createOutputFile function in logrotate.c in logrotate 3.7.9 and earlier allows local users to read log data by opening a file before the intended permissions are in place.

Severity: LOW (1.9) Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N

References:

Published: 2011-03-30
Modified: 2025-04-11

CVE-2011-1154

The shred_file function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name.

Severity: MEDIUM (6.9) Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

References:

Published: 2011-03-30
Modified: 2025-04-11

CVE-2011-1155

The writeState function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to cause a denial of service (rotation outage) via a (1) \n (newline) or (2) \ (backslash) character in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name.

Severity: LOW (1.9) Vector: AV:L/AC:M/Au:N/C:N/I:N/A:P

References:

Published: 2022-05-25
Modified: 2025-06-09

CVE-2022-1348

A vulnerability was found in logrotate in how the state file is created. The state file is used to prevent parallel executions of multiple instances of logrotate by acquiring and releasing a file lock. When the state file does not exist, it is created with world-readable permission, allowing an unprivileged user to lock the state file, stopping any rotation. This flaw affects logrotate versions before 3.20.0.

Severity: MEDIUM (4.0) Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

Version: 2.1.2

Package logrotate update in p10 on 2023-06-01

ALT-PU-2023-1925-2

Closed vulnerabilities

BDU:2015-06014

BDU:2015-06014

BDU:2015-06014

BDU:2015-06015

BDU:2015-06015

BDU:2015-06015

BDU:2015-09654

BDU:2015-09654

BDU:2015-09654

CVE-2011-1098

CVE-2011-1154

CVE-2011-1155

CVE-2022-1348