| |||||||||||||||||||
Pardus alert 2011-85 (logrotate)
------------------------------------------------------------------------ Pardus Linux Security Advisory 2011-85 security@pardus.org.tr ------------------------------------------------------------------------ Date: 2011-06-21 Type: Local ------------------------------------------------------------------------ Summary ======= A vulnerability has been fixed in logrotate, which allows local attackers could use this flaw to trick the logrotate utility into creating the compressed or copied file. Description =========== CVE-2011-1098: Race condition in the createOutputFile function in logrotate.c in logrotate 3.7.9 and earlier allows local users to read log data by opening a file before the intended permissions are in place. Affected packages: Pardus 2009: logrotate, all before 3.7.8-8-3 Resolution ========== There are update(s) for logrotate. You can update them via Package Manager or with a single command from console: pisi up logrotate References ========== * http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-... * http://bugs.pardus.org.tr/show_bug.cgi?id=17293 ------------------------------------------------------------------------ _______________________________________________ Pardus-Security mailing list Pardus-Security@pardus.org.tr http://liste.pardus.org.tr/mailman/listinfo/pardus-security (Log in to post comments)
|
|||||||||||||||||||