-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2011-3739 2011-03-21 20:27:13 --------------------------------------------------------------------------------
Name : logrotate Product : Fedora 14 Version : 3.7.9 Release : 2.fc14 URL : None Summary : Rotates, compresses, removes and mails system log files Description : The logrotate utility is designed to simplify the administration of log files on a system which generates a lot of log files. Logrotate allows for the automatic rotation compression, removal and mailing of log files. Logrotate can be set to handle a log file daily, weekly, monthly or when the log file gets to a certain size. Normally, logrotate runs as a daily cron job. Install the logrotate package if you need a utility to deal with the log files on your system. -------------------------------------------------------------------------------- Update Information: Fixes CVE-2011-1154, CVE-2011-1155 and CVE-2011-1098. -------------------------------------------------------------------------------- ChangeLog: * Mon Mar 21 2011 Jan Kaluza <[email protected]> 3.7.9-2 - fix #688520 - fixed CVE-2011-1154, CVE-2011-1155 and CVE-2011-1098 -------------------------------------------------------------------------------- References: [ 1 ] Bug #680798 - CVE-2011-1098 logrotate: TOCTOU race condition by creation of new files (between opening the file and moment, final permissions have been applied) [information disclosure] https://bugzilla.redhat.com/show_bug.cgi?id=680798 [ 2 ] Bug #680796 - CVE-2011-1154 logrotate: Shell command injection by using the shred configuration directive https://bugzilla.redhat.com/show_bug.cgi?id=680796 [ 3 ] Bug #680797 - CVE-2011-1155 logrotate: DoS due improper escaping of file names within 'write state' action https://bugzilla.redhat.com/show_bug.cgi?id=680797 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update logrotate' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/package-announce
