* [gentoo-commits] gentoo commit in xml/htdocs/security/en/glsa: glsa-201206-36.xml
@ 2012-06-25 19:20 Stefan Behte (craig)
0 siblings, 0 replies; only message in thread
From: Stefan Behte (craig) @ 2012-06-25 19:20 UTC (permalink / raw
To: gentoo-commits
craig 12/06/25 19:20:44
Added: glsa-201206-36.xml
Log:
GLSA 201206-36
Revision Changes Path
1.1 xml/htdocs/security/en/glsa/glsa-201206-36.xml
file : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/glsa/glsa-201206-36.xml?rev=1.1&view=markup
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/glsa/glsa-201206-36.xml?rev=1.1&content-type=text/plain
Index: glsa-201206-36.xml
===================================================================
<?xml version="1.0" encoding="UTF-8"?>
<?xml-stylesheet type="text/xsl" href="/xsl/glsa.xsl"?>
<?xml-stylesheet type="text/xsl" href="/xsl/guide.xsl"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201206-36">
<title>logrotate: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities were found in logrotate, which could lead
to arbitrary system command execution.
</synopsis>
<product type="ebuild">logrotate</product>
<announced>June 25, 2012</announced>
<revised>June 25, 2012: 1</revised>
<bug>356811</bug>
<bug>372973</bug>
<access>local</access>
<affected>
<package name="app-admin/logrotate" auto="yes" arch="*">
<unaffected range="ge">3.8.0</unaffected>
<vulnerable range="lt">3.8.0</vulnerable>
</package>
</affected>
<background>
<p>logrotate rotates, compresses, and mails system logs.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in logrotate. Please
review the CVE identifiers referenced below for details.
</p>
</description>
<impact type="high">
<p>A local attacker could use this flaw to truncate arbitrary system file,
to change file owner or mode on arbitrary system files, to conduct
symlink attacks and send arbitrary system files, to execute arbitrary
system commands, to cause abort in subsequent logrotate runs, to disclose
sensitive information, to execute arbitrary code or cause a Denial of
Service condition.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All logrotate users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-admin/logrotate-3.8.0"
</code>
</resolution>
<references>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1098">CVE-2011-1098</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1154">CVE-2011-1154</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1155">CVE-2011-1155</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1549">CVE-2011-1549</uri>
</references>
<metadata timestamp="Fri, 07 Oct 2011 23:37:29 +0000" tag="requester">
underling
</metadata>
<metadata timestamp="Mon, 25 Jun 2012 19:17:59 +0000" tag="submitter">craig</metadata>
</glsa>
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2012-06-25 19:21 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-06-25 19:20 [gentoo-commits] gentoo commit in xml/htdocs/security/en/glsa: glsa-201206-36.xml Stefan Behte (craig)
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox