Kod programskog paketa LogWatch, distribuiranog s operacijskim sustavima Fedora 13, 14 i 15, uočen je novi sigurnosni nedostatak. Radi se o prilagodljivom alatu namijenjenom nadzoru logova na računalu. Problem se javlja prilikom obrade datoteka koje sadrže specijalne znakove u svom nazivu. Udaljeni napadač može iskoristiti navedeni propust za povećanje ovlasti na ranjivom sustavu i pokretanje proizvoljnih naredbi. Budući da je dostupna odgovarajuća programska nadogradnja, svi se korisnici spomenutog paketa potiču na njenu primjenu.
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-2396
2011-03-01 06:42:27
--------------------------------------------------------------------------------
Name : logwatch
Product : Fedora 15
Version : 7.3.6
Release : 66.20110203svn25.fc15
URL : http://www.logwatch.org/
Summary : A log file analysis program
Description :
Logwatch is a customizable, pluggable log-monitoring system. It will go
through your logs for a given period of time and make a report in the areas
that you wish with the detail that you wish. Easy to use - works right out
of the package on many systems.
--------------------------------------------------------------------------------
Update Information:
This update fixes CVE-2011-1018: Privilege escalation due improper sanitization
of special characters in log file names
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #680237 - CVE-2011-1018 logwatch: Privilege escalation due improper
sanitization of special characters in log file names
https://bugzilla.redhat.com/show_bug.cgi?id=680237
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update logwatch' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-2318
2011-03-01 03:42:19
--------------------------------------------------------------------------------
Name : logwatch
Product : Fedora 13
Version : 7.3.6
Release : 55.fc13
URL : http://www.logwatch.org/
Summary : A log file analysis program
Description :
Logwatch is a customizable, pluggable log-monitoring system. It will go
through your logs for a given period of time and make a report in the areas
that you wish with the detail that you wish. Easy to use - works right out
of the package on many systems.
--------------------------------------------------------------------------------
Update Information:
This update fixes CVE-2011-1018: Privilege escalation due improper sanitization
of special characters in log file names
--------------------------------------------------------------------------------
ChangeLog:
* Mon Feb 28 2011 Karel Klic <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 7.3.6-55
- Added fix for CVE-2011-1018: Privilege escalation due improper
sanitization of special characters in log file names (rhbz#680237)
* Sat Oct 9 2010 Richard Fearn <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 7.3.6-54
- named: match "DNS format error", and variants of existing messages
(rhbz#595222)
* Sat Oct 9 2010 Richard Fearn <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 7.3.6-53
- named: match "clients-per-query increased" as well as "decreased"
* Sat Oct 9 2010 Richard Fearn <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 7.3.6-52
- Update dhcpd patch so that "Information-request" messages are matched
(rhbz#624590)
* Mon Apr 19 2010 Karel Klic <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 7.3.6-51
- Removed obsolete chmod and touch calls from the spec file
- Added manpages for configuration files (rhbz#525644)
- Ignore broken trust chain messages in named service (rhbz#581186)
- Re-enabled zz-fortune service (#573450)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #680237 - CVE-2011-1018 logwatch: Privilege escalation due improper
sanitization of special characters in log file names
https://bugzilla.redhat.com/show_bug.cgi?id=680237
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update logwatch' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-2328
2011-03-01 03:42:39
--------------------------------------------------------------------------------
Name : logwatch
Product : Fedora 14
Version : 7.3.6
Release : 60.fc14
URL : http://www.logwatch.org/
Summary : A log file analysis program
Description :
Logwatch is a customizable, pluggable log-monitoring system. It will go
through your logs for a given period of time and make a report in the areas
that you wish with the detail that you wish. Easy to use - works right out
of the package on many systems.
--------------------------------------------------------------------------------
Update Information:
This update fixes CVE-2011-1018: Privilege escalation due improper sanitization
of special characters in log file names
--------------------------------------------------------------------------------
ChangeLog:
* Mon Feb 28 2011 Karel Klic <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 7.3.6-60
- Added fix for CVE-2011-1018: Privilege escalation due improper
sanitization of special characters in log file names (rhbz#680237)
* Tue Jan 18 2011 Karel Klic <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 7.3.6-59
- Added -dovecot4 patch (#666376)
- Added -smartd2 patch (#666382)
- Added -dhcpd3 patch (#666393)
- Added -xntpd2 patch (#666498)
- Added -pam_unix5.patch (#666586)
- Added -automount.patch (#666582)
* Sat Oct 9 2010 Richard Fearn <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 7.3.6-58
- named: match "DNS format error", and variants of existing messages
(rhbz#595222)
* Sat Oct 9 2010 Richard Fearn <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 7.3.6-57
- named: match "clients-per-query increased" as well as "decreased"
* Sat Oct 9 2010 Richard Fearn <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 7.3.6-56
- Update dhcpd patch so that "Information-request" messages are matched
(rhbz#624590)
* Thu Aug 19 2010 Karel Klic <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 7.3.6-55
- Removed BuildRoot tag and %clean section
- Deleted trailing whitespaces in the spec file
- Updated patch upstream status
- Added fetchmail service (rhbz#528838)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #680237 - CVE-2011-1018 logwatch: Privilege escalation due improper
sanitization of special characters in log file names
https://bugzilla.redhat.com/show_bug.cgi?id=680237
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update logwatch' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Posljednje sigurnosne preporuke