Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Evergreen:11.4
patchinfo.import4580
_patchinfo
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo.import4580
<patchinfo incident="logrotate" version="4580"> <issue tracker="bnc" id="677336" /> <issue tracker="bnc" id="679661" /> <issue tracker="bnc" id="679662" /> <issue tracker="CVE" id="CVE-2011-1154" /> <issue tracker="CVE" id="CVE-2011-1155" /> <issue tracker="CVE" id="CVE-2011-1098" /> <category>security</category> <rating>low</rating> <summary>logrotate: Multiple security fixes</summary> <description>This update for logrotate provides the following fixes: * The shred_file function in logrotate might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name (CVE-2011-1154) (bnc#679661) * Race condition in the createOutputFile function in logrotate allows local users to read log data by opening a file before the intended permissions are in place (CVE-2011-1098) (bnc#677336) * The writeState function in logrotate might allow context-dependent attackers to cause a denial of service (rotation outage) via a (1) \n (newline) or (2) \ (backslash) character in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name (CVE-2011-1155) (bnc#679662) </description> <packager>adrianSuSE</packager> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor