Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 7 articles for you...
98
security advisorymoderatesecurity updateRed Hat 9: RHSA-2022-8393 Moderate: logrotate DoS Threat Fix
An update for logrotate is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: logrotate security update Advisory ID: RHSA-2022:8393-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:8393 Issue date: 2022-11-15 CVE Names: CVE-2022-1348 ==================================================================== 1. Summary: An update for logrotate is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux BaseOS (v. 9) - aarch64, ppc64le, s390x, x86_64 3. Description: The logrotate utility simplifies the administration of multiple log files by allowing their automatic rotation, compression, removal, and mailing. Security Fix(es): * logrotate: potential DoS from unprivileged users via the state file (CVE-2022-1348) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.1 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, referto: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2075074 - CVE-2022-1348 logrotate: potential DoS from unprivileged users via the state file 6. Package List: Red Hat Enterprise Linux BaseOS (v. 9): Source: logrotate-3.18.0-7.el9.src.rpm aarch64: logrotate-3.18.0-7.el9.aarch64.rpm logrotate-debuginfo-3.18.0-7.el9.aarch64.rpm logrotate-debugsource-3.18.0-7.el9.aarch64.rpm ppc64le: logrotate-3.18.0-7.el9.ppc64le.rpm logrotate-debuginfo-3.18.0-7.el9.ppc64le.rpm logrotate-debugsource-3.18.0-7.el9.ppc64le.rpm s390x: logrotate-3.18.0-7.el9.s390x.rpm logrotate-debuginfo-3.18.0-7.el9.s390x.rpm logrotate-debugsource-3.18.0-7.el9.s390x.rpm x86_64: logrotate-3.18.0-7.el9.x86_64.rpm logrotate-debuginfo-3.18.0-7.el9.x86_64.rpm logrotate-debugsource-3.18.0-7.el9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-1348 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.1_release_notes/index 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBY3PgwtzjgjWX9erEAQgPmg//XDihBmjNzDGuBNxDN3mZYrK3THeevs/u ii9c+qJK83fFK+dagldHlyZOtR12qWRtBjrw91E9I5zIVTgzkcFv8hu/8v8p9Ocr WlHTRzE2Kblai9pXRr49km3GL9thG7KTYNDT/BwV09jqYqVJsrly1AHf96rvHIUp uyL3Be+PMO6Q18KwvpBd3m3BaaJOhhi8NHZHIF/FhIqdPfLnxRMSJP7dOAnycZAH 6wNV8XqtHt332/PQoZSUmg9Y1NmcCeQlbIVgCn6z4G5qP8EXTSMCr21ZoP3UuWv8 HjGjGg+B/5AU4Wj9wzjm3R/ruITxJLQtN0tew7h9tBiVsRj0j6xaD5BZg25DbSV4 fDPGLTyDFWPk6TJhW0SQ5/Ohc11XgiwGF7sTwMeig+1DXuWr9qFfxwYiW3zQtEpi Ko7C+s0Yrv35jfZMRLIz1w+3Iu35Zg93+ZHCbtbWoJZ4pKYR9H4JB9dhGuijhN/x 4G0zgpNppzUoVkeVT3heLpBLNDck0T3sfYqEdw+CEMgLfwMmxlAas49JVGQO8Alo 3H/dwSXUepnwYm1TiBSTZR4u9FB7280VjMN8oKsFFNX16FWhmi09X+NLnvyCRIUp tdN3Z1Uqr5lNlJ6QdQ+ZWCvmLHHYnBRHBFlJE/A7fqjlNJ3z3eeumulif9Py6xHu JfZ7LQO99Lc=8Hyc -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Nov 15, 2022
Red Hat
100
security advisorypatch managementimportant updateopenSUSE: 2022:2547-2 Critical: Logrotate Coredump Handling Fix
An update that contains security fixes can now be installed. . SUSE Security Update: Security update for logrotate ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2547-2 Rating: important References: #1192449 #1200278 #1200802 Affected Products: openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for logrotate fixes the following issues: Security issues fixed: - Improved coredump handing for SUID binaries (bsc#1192449). Non-security issues fixed: - Fixed "logrotate emits unintended warning: keyword size not properly separated, found 0x3d" (bsc#1200278, bsc#1200802). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-2547=1 Package List: - openSUSE Leap Micro 5.2 (aarch64 x86_64): logrotate-3.13.0-150000.4.7.1 logrotate-debuginfo-3.13.0-150000.4.7.1 logrotate-debugsource-3.13.0-150000.4.7.1 References: https://bugzilla.suse.com/1192449 https://bugzilla.suse.com/1200278 https://bugzilla.suse.com/1200802 . SUSE Security Update introduces vital enhancements for logrotate. Learn more about these important updates.. SUSE Security Update, logrotate fixes, important updates. . Severity: Important. LinuxSecurity.com Team
Sep 01, 2022
•Important
SuSE
100
security advisoryupdateSUSESUSE: 2023:3678-1 Critical: Logrotate Error Logging Improvement
An update that contains security fixes can now be installed. . SUSE Security Update: Security update for logrotate ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2547-1 Rating: important References: #1192449 #1200278 #1200802 Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSEManager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for logrotate fixes the following issues: Security issues fixed: - Improved coredump handing for SUID binaries (bsc#1192449). Non-security issues fixed: - Fixed "logrotate emits unintended warning: keyword size not properly separated, found 0x3d" (bsc#1200278, bsc#1200802). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2547=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2547=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2547=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2547=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2547=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2547=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-2547=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2547=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2547=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patchSUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2547=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2547=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-2547=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2547=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2547=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-2547=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2547=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2547=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-2547=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-2547=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2547=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2547=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-2547=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-2547=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): logrotate-3.13.0-150000.4.7.1 logrotate-debuginfo-3.13.0-150000.4.7.1 logrotate-debugsource-3.13.0-150000.4.7.1 - SUSE ManagerServer 4.1 (ppc64le s390x x86_64): logrotate-3.13.0-150000.4.7.1 logrotate-debuginfo-3.13.0-150000.4.7.1 logrotate-debugsource-3.13.0-150000.4.7.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): logrotate-3.13.0-150000.4.7.1 logrotate-debuginfo-3.13.0-150000.4.7.1 logrotate-debugsource-3.13.0-150000.4.7.1 - SUSE Manager Proxy 4.1 (x86_64): logrotate-3.13.0-150000.4.7.1 logrotate-debuginfo-3.13.0-150000.4.7.1 logrotate-debugsource-3.13.0-150000.4.7.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): logrotate-3.13.0-150000.4.7.1 logrotate-debuginfo-3.13.0-150000.4.7.1 logrotate-debugsource-3.13.0-150000.4.7.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): logrotate-3.13.0-150000.4.7.1 logrotate-debuginfo-3.13.0-150000.4.7.1 logrotate-debugsource-3.13.0-150000.4.7.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): logrotate-3.13.0-150000.4.7.1 logrotate-debuginfo-3.13.0-150000.4.7.1 logrotate-debugsource-3.13.0-150000.4.7.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): logrotate-3.13.0-150000.4.7.1 logrotate-debuginfo-3.13.0-150000.4.7.1 logrotate-debugsource-3.13.0-150000.4.7.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): logrotate-3.13.0-150000.4.7.1 logrotate-debuginfo-3.13.0-150000.4.7.1 logrotate-debugsource-3.13.0-150000.4.7.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): logrotate-3.13.0-150000.4.7.1 logrotate-debuginfo-3.13.0-150000.4.7.1 logrotate-debugsource-3.13.0-150000.4.7.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): logrotate-3.13.0-150000.4.7.1 logrotate-debuginfo-3.13.0-150000.4.7.1 logrotate-debugsource-3.13.0-150000.4.7.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): logrotate-3.13.0-150000.4.7.1 logrotate-debuginfo-3.13.0-150000.4.7.1 logrotate-debugsource-3.13.0-150000.4.7.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): logrotate-3.13.0-150000.4.7.1 logrotate-debuginfo-3.13.0-150000.4.7.1 logrotate-debugsource-3.13.0-150000.4.7.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): logrotate-3.13.0-150000.4.7.1 logrotate-debuginfo-3.13.0-150000.4.7.1 logrotate-debugsource-3.13.0-150000.4.7.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): logrotate-3.13.0-150000.4.7.1 logrotate-debuginfo-3.13.0-150000.4.7.1 logrotate-debugsource-3.13.0-150000.4.7.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): logrotate-3.13.0-150000.4.7.1 logrotate-debuginfo-3.13.0-150000.4.7.1 logrotate-debugsource-3.13.0-150000.4.7.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): logrotate-3.13.0-150000.4.7.1 logrotate-debuginfo-3.13.0-150000.4.7.1 logrotate-debugsource-3.13.0-150000.4.7.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): logrotate-3.13.0-150000.4.7.1 logrotate-debuginfo-3.13.0-150000.4.7.1 logrotate-debugsource-3.13.0-150000.4.7.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): logrotate-3.13.0-150000.4.7.1 logrotate-debuginfo-3.13.0-150000.4.7.1 logrotate-debugsource-3.13.0-150000.4.7.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): logrotate-3.13.0-150000.4.7.1 logrotate-debuginfo-3.13.0-150000.4.7.1 logrotate-debugsource-3.13.0-150000.4.7.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): logrotate-3.13.0-150000.4.7.1 logrotate-debuginfo-3.13.0-150000.4.7.1 logrotate-debugsource-3.13.0-150000.4.7.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): logrotate-3.13.0-150000.4.7.1 logrotate-debuginfo-3.13.0-150000.4.7.1 logrotate-debugsource-3.13.0-150000.4.7.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): logrotate-3.13.0-150000.4.7.1 logrotate-debuginfo-3.13.0-150000.4.7.1 logrotate-debugsource-3.13.0-150000.4.7.1 - SUSE CaaS Platform 4.0 (x86_64): logrotate-3.13.0-150000.4.7.1 logrotate-debuginfo-3.13.0-150000.4.7.1 logrotate-debugsource-3.13.0-150000.4.7.1 References: https://bugzilla.suse.com/1192449 https://bugzilla.suse.com/1200278 https://bugzilla.suse.com/1200802 . Discover significant enhancements in the recent SUSE update for logrotate, which focuses on improving core dump management and resolving various non-security related bugs.. Logrotate Update, SUSE Security Fixes, Patch Management, Risk Mitigation, Enterprise Storage. . Severity: Important. LinuxSecurity.com Team
Jul 25, 2022
•Important
SuSE
203
security advisorycriticalsecurity fixMageia 8 MGASA-2022-0266 Critical: Logrotate Coredump Handling Issue
Improved coredump handing for SUID binaries. (bsc#1192449) References: - https://bugs.mageia.org/show_bug.cgi?id=30638 - https://lists.suse.com/pipermail/sle-security-updates/2022-July/011550.html . MGASA-2022-0266 - Updated logrotate packages fix security vulnerability Publication date: 25 Jul 2022 URL: https://advisories.mageia.org/MGASA-2022-0266.html Type: security Affected Mageia releases: 8 Improved coredump handing for SUID binaries. (bsc#1192449) References: - https://bugs.mageia.org/show_bug.cgi?id=30638 - https://lists.suse.com/pipermail/sle-security-updates/2022-July/011550.html - https://github.com/logrotate/logrotate/releases/tag/3.19.0 SRPMS: - 8/core/logrotate-3.17.0-3.2.mga8 . Mageia 2022-0266 resolves a significant weakness in logrotate, improving coredump management to bolster security.. Mageia Logrotate Update, Coredump Handling Fix, Security Advisory. . Severity: Critical. LinuxSecurity.com Team
Jul 25, 2022
•Critical
Mageia
100
security advisorySUSE Linuximportant updateSUSE: 2022:2304-1 Critical: Logrotation Memory Dump Management Update
An update that contains security fixes can now be installed. . SUSE Security Update: Security update for logrotate ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2398-1 Rating: important References: #1192449 #1200278 #1200802 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for logrotate fixes the following issues: Security issues fixed: - Improved coredump handing for SUID binaries (bsc#1192449). Non-security issues fixed: - Fixed "logrotate emits unintended warning: keyword size not properly separated, found 0x3d" (bsc#1200278, bsc#1200802). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-2398=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): logrotate-3.11.0-2.20.1 logrotate-debuginfo-3.11.0-2.20.1 logrotate-debugsource-3.11.0-2.20.1 References: https://bugzilla.suse.com/1192449 https://bugzilla.suse.com/1200278 https://bugzilla.suse.com/1200802 . SUSE Security Update for logrotate addresses coredump processing and problems on SLES 12-SP5.. Logrotate Fixes, SUSE Security Advisory, Coredump Handling, Important Updates. . Severity: Important. LinuxSecurity.com Team
Jul 14, 2022
•Important
SuSE
100
security advisoryimportantSUSESUSE: 2022:2396-1 Critical Logrotate State File Permission Issue Resolved
An update that solves one vulnerability and has three fixes is now available. . SUSE Security Update: Security update for logrotate ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2396-1 Rating: important References: #1192449 #1199652 #1200278 #1200802 Cross-References: CVE-2022-1348 CVSS scores: CVE-2022-1348 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-1348 (SUSE): 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves one vulnerability and has three fixes is now available. Description: This update for logrotate fixes the following issues: Security issues fixed: - CVE-2022-1348: Fixed insecure permissions for state file creation (bsc#1199652). - Improved coredump handing for SUID binaries (bsc#1192449). Non-security issues fixed: - Fixed "logrotate emits unintended warning: keyword size not properly separated, found 0x3d" (bsc#1200278, bsc#1200802). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2396=1 - SUSE Linux Enterprise Module forBasesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2396=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): logrotate-3.18.1-150400.3.7.1 logrotate-debuginfo-3.18.1-150400.3.7.1 logrotate-debugsource-3.18.1-150400.3.7.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): logrotate-3.18.1-150400.3.7.1 logrotate-debuginfo-3.18.1-150400.3.7.1 logrotate-debugsource-3.18.1-150400.3.7.1 References: https://www.suse.com/security/cve/CVE-2022-1348.html https://bugzilla.suse.com/1192449 https://bugzilla.suse.com/1199652 https://bugzilla.suse.com/1200278 https://bugzilla.suse.com/1200802 . SUSE Security Patch for logrotate resolves a critical vulnerability related to state file permissions and SUID executables.. logrotate update,SUSE security,permissions fix,coredump handling,important update. . Severity: Important. LinuxSecurity.com Team
Jul 14, 2022
•Important
SuSE
89
security advisoryFedorasystem managementUbuntu 22.04: 2023-ff4290a67c High: Vulnerability in Apache HTTP Server
- lockState: do not print `error:` when exit code is unaffected (#2090926) ---- - fix potential DoS from unprivileged users via the state file (CVE-2022-1348). --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-ff0188b37c 2022-06-12 01:16:07.760740 --------------------------------------------------------------------------------Name : logrotate Product : Fedora 35 Version : 3.18.1 Release : 4.fc35 URL : https://github.com/logrotate/logrotate Summary : Rotates, compresses, removes and mails system log files Description : The logrotate utility is designed to simplify the administration of log files on a system which generates a lot of log files. Logrotate allows for the automatic rotation compression, removal and mailing of log files. Logrotate can be set to handle a log file daily, weekly, monthly or when the log file gets to a certain size. Install the logrotate package if you need a utility to deal with the log files on your system. --------------------------------------------------------------------------------Update Information: - lockState: do not print `error:` when exit code is unaffected (#2090926) ----- fix potential DoS from unprivileged users via the state file (CVE-2022-1348) --------------------------------------------------------------------------------ChangeLog: * Fri May 27 2022 Kamil Dudka - 3.18.1-4 - lockState: do not print `error:` when exit code is unaffected (#2090926) * Wed May 25 2022 Kamil Dudka - 3.18.1-3 - fix potential DoS from unprivileged users via the state file (CVE-2022-1348) --------------------------------------------------------------------------------References: [ 1 ] Bug #2090272 - CVE-2022-1348 logrotate: potential DoS from unprivileged users via the state file [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2090272 [ 2 ] Bug #2090926 - error: state file /var/lib/logrotate/logrotate.status is world-readable andthus can be locked from other unprivileged users. Skipping lock acquisition https://bugzilla.redhat.com/show_bug.cgi?id=2090926 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-ff0188b37c' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Jun 11, 2022
Fedora
203
security advisorycritical issuepermissions issueMageia 8 MGASA-2022-0217 Critical: Logrotate Permissions Lock Issue
A vulnerability was found in logrotate in how the state file is created. The state file is used to prevent parallel executions of multiple instances of logrotate by acquiring and releasing a file lock. When the state file does not exist, it is created with world-readable permission, allowing an unprivileged user to lock the state file, stopping any rotation. This flaw . MGASA-2022-0217 - Updated logrotate packages fix security vulnerability Publication date: 03 Jun 2022 URL: https://advisories.mageia.org/MGASA-2022-0217.html Type: security Affected Mageia releases: 8 CVE: CVE-2022-1348 A vulnerability was found in logrotate in how the state file is created. The state file is used to prevent parallel executions of multiple instances of logrotate by acquiring and releasing a file lock. When the state file does not exist, it is created with world-readable permission, allowing an unprivileged user to lock the state file, stopping any rotation. This flaw affects logrotate versions before 3.20.0. (CVE-2022-1348) Note the change in permission does not apply until the first time logrotate runs after installing the update. References: - https://bugs.mageia.org/show_bug.cgi?id=30473 - https://www.openwall.com/lists/oss-security/2022/05/25/3 - https://www.openwall.com/lists/oss-security/2022/05/25/5 - https://ubuntu.com/security/notices/USN-5447-1 - https://www.cve.org/CVERecord?id=CVE-2022-1348 SRPMS: - 8/core/logrotate-3.17.0-3.1.mga8 . A significant vulnerability in logrotate allows non-privileged users to secure the state file, thereby interrupting functionalities. The remedy is substantial.. Logrotate Security Fix, Mageia Update, Permissions Management. . Severity: Critical. LinuxSecurity.com Team
Jun 03, 2022
•Critical
Mageia
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!