ELSA-2022-8393

Опубликовано: 22 нояб. 2022

Источник: oracle-oval

Платформа: Oracle Linux 9

Описание

ELSA-2022-8393: logrotate security update (MODERATE)

[3.18.0-7]

lockState: do not print error: when exit code is unaffected (#2090926)

[3.18.0-6]

fix potential DoS from unprivileged users via the state file (CVE-2022-1348)

Mon Aug 09 2021 Mohan Boddu mboddu@redhat.com

Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688

[3.18.0-4]

make renamecopy and copytruncate override each other (#1934601)
unify documentation of copy/copytruncate/renamecopy (#1934629)
fix resource leaks reported by Coverity

[3.18.0-3]

Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937

[3.18.0-2]

Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild

[3.18.0-1]

new upstream version 3.18.0

[3.17.0-3]

Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild

[3.17.0-2]

Use make macros
https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro

[3.17.0-1]

new upstream version 3.17.0

Обновленные пакеты

Oracle Linux 9

Oracle Linux aarch64

logrotate

3.18.0-7.el9

Oracle Linux x86_64

logrotate

3.18.0-7.el9

Связанные CVE

CVE-2022-1348

Ссылки на источники

Связанные уязвимости

CVE-2022-1348

CVSS3: 6.5

ubuntu

около 3 лет назад

A vulnerability was found in logrotate in how the state file is created. The state file is used to prevent parallel executions of multiple instances of logrotate by acquiring and releasing a file lock. When the state file does not exist, it is created with world-readable permission, allowing an unprivileged user to lock the state file, stopping any rotation. This flaw affects logrotate versions before 3.20.0.