drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebiger Kommandos in Logwatch
| Name: |
Ausführen beliebiger Kommandos in Logwatch |
|
| ID: |
FEDORA-2011-2328 |
|
| Distribution: |
Fedora |
|
| Plattformen: |
Fedora 14 |
|
| Datum: |
Do, 10. März 2011, 21:56 |
|
| Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1018 |
|
| Applikationen: |
Logwatch |
|
Originalnachricht |
-------------------------------------------------------------------------------
-
Fedora Update Notification
FEDORA-2011-2328
2011-03-01 03:42:39
-------------------------------------------------------------------------------
-
Name : logwatch
Product : Fedora 14
Version : 7.3.6
Release : 60.fc14
URL : http://www.logwatch.org/
Summary : A log file analysis program
Description :
Logwatch is a customizable, pluggable log-monitoring system. It will go
through your logs for a given period of time and make a report in the areas
that you wish with the detail that you wish. Easy to use - works right out
of the package on many systems.
-------------------------------------------------------------------------------
-
Update Information:
This update fixes CVE-2011-1018: Privilege escalation due improper sanitization
of special characters in log file names
-------------------------------------------------------------------------------
-
ChangeLog:
* Mon Feb 28 2011 Karel Klic <kklic@redhat.com> - 7.3.6-60
- Added fix for CVE-2011-1018: Privilege escalation due improper
sanitization of special characters in log file names (rhbz#680237)
* Tue Jan 18 2011 Karel Klic <kklic@redhat.com> 7.3.6-59
- Added -dovecot4 patch (#666376)
- Added -smartd2 patch (#666382)
- Added -dhcpd3 patch (#666393)
- Added -xntpd2 patch (#666498)
- Added -pam_unix5.patch (#666586)
- Added -automount.patch (#666582)
* Sat Oct 9 2010 Richard Fearn <richardfearn@gmail.com> 7.3.6-58
- named: match "DNS format error", and variants of existing messages
(rhbz#595222)
* Sat Oct 9 2010 Richard Fearn <richardfearn@gmail.com> 7.3.6-57
- named: match "clients-per-query increased" as well as
"decreased"
* Sat Oct 9 2010 Richard Fearn <richardfearn@gmail.com> 7.3.6-56
- Update dhcpd patch so that "Information-request" messages are matched
(rhbz#624590)
* Thu Aug 19 2010 Karel Klic <kklic@redhat.com> 7.3.6-55
- Removed BuildRoot tag and %clean section
- Deleted trailing whitespaces in the spec file
- Updated patch upstream status
- Added fetchmail service (rhbz#528838)
-------------------------------------------------------------------------------
-
References:
[ 1 ] Bug #680237 - CVE-2011-1018 logwatch: Privilege escalation due improper
sanitization of special characters in log file names
https://bugzilla.redhat.com/show_bug.cgi?id=680237
-------------------------------------------------------------------------------
-
This update can be installed with the "yum" update program. Use
su -c 'yum update logwatch' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce
|
|
|
|
