SUSE has issued an advisory on July 14: https://lists.suse.com/pipermail/sle-security-updates/2022-July/011550.html The issue was fixed upstream in 3.19.0: https://github.com/logrotate/logrotate/releases/tag/3.19.0 It's this one: "enforce stricter parsing of configuration files (#427, #431)"
Status comment: (none) => Fixed upstream in 3.19.0
We have both version 3.19.0 & version 3.20.1 already in Cauldron, but note this bug is for Mageia 8. All sort of packagers have committed this, but assigning it to NicolasS because you did the most recent version update to fix a CVE.
Assignee: bugsquad => nicolas.salguero
Suggested advisory: ======================== The updated package fixes a security vulnerability: Improved coredump handing for SUID binaries. (bsc#1192449) References: https://lists.suse.com/pipermail/sle-security-updates/2022-July/011550.html https://github.com/logrotate/logrotate/releases/tag/3.19.0 ======================== Updated package in core/updates_testing: ======================== logrotate-3.17.0-3.2.mga8 from SRPM: logrotate-3.17.0-3.2.mga8.src.rpm
CC: (none) => nicolas.salgueroStatus comment: Fixed upstream in 3.19.0 => (none)Status: NEW => ASSIGNEDAssignee: nicolas.salguero => qa-bugs
MGA8-64 Plasma on Acer Aspire 5253 No installation issues Just followed the tests as in bug 30473 # logrotate -l=logr.log //etc/logrotate.conf # ll /var/lib/logrotate.status -rw-r----- 1 root root 1071 Jul 20 10:39 /var/lib/logrotate.status # /etc/cron.daily/logrotate ]# ll /var/lib/logrotate.status -rw-r----- 1 root root 1071 Jul 20 10:40 /var/lib/logrotate.status Looks all OK.
Whiteboard: (none) => MGA8-64-OKCC: (none) => herman.viaene
Validating. Advisory in Comment 2.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => advisoryCC: (none) => davidwhodgins
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0266.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED
openSUSE advisory for this: https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/H72NRWXOTSJIR4DONVTBYZNQDXZNPXJE/