This is a copy/paste from https://rhn.redhat.com/errata/RHSA-2011-0407.html Also, I don't have test cases. Fixed package(s) is logrotate-3.7.9-3.1.mga1 from the core/updates_testing repository. Proposed Advisory text: ========================================= Some security issues were found in the logrotate package: A shell command injection flaw was found in the way logrotate handled the shred directive. A specially-crafted log file could cause logrotate to execute arbitrary commands with the privileges of the user running logrotate (root, by default). (CVE-2011-1154) A race condition flaw was found in the way logrotate applied permissions when creating new log files. In some specific configurations, a local attacker could use this flaw to open new log files before logrotate applies the final permissions, possibly leading to the disclosure of sensitive information. (CVE-2011-1098) An input sanitization flaw was found in logrotate. A log file with a specially-crafted file name could cause logrotate to abort when attempting to process that file a subsequent time. (CVE-2011-1155) This update fixes all those issues. ======================================
Assignee: bugsquad => qa-bugs
Installed on my i586 system, and it ran ok with cron.daily this morning. I'll wait till Sunday to confirm it will actually rotate the log. Hopefully someone with an x86-64 system will have it installed for testing on Sunday. Package logrotate srpm logrotate-3.7.9-3.1.mga1.src.rpm It's currently in Core Updates Testing.
CC: (none) => davidwhodgins
Testing complete on i586. The logs were rotated as expected. Anyone testing on x86-64?
This update still needs testing on x86_64
CC: (none) => stormi
You are right, I forgot to report : installed on x86_64 for one week, all seems OK.
CC: (none) => lists.jjorge
Sent to updates
Status: NEW => RESOLVEDCC: (none) => miscResolution: (none) => FIXED