安全公告详情

NS-SA-2022-0037

2022-05-08 20:17:09

简介

moderate: logrotate/ipa security update

严重级别

moderate

主题

An update for logrotate/ipa is now available for NewStart CGSL MAIN 5.05/CGSL CORE 5.05.
NewStart Security has rated this update as having a security impact of moderate. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.

详细描述

logrotate: The logrotate utility is designed to simplify the administration of log files on a system which generates a lot of log files. Logrotate allows for the automatic rotation compression, removal and mailing of log files. Logrotate can be set to handle a log file daily, weekly, monthly or when the log file gets to a certain size. Normally, logrotate runs as a daily cron job. Install the logrotate package if you need a utility to deal with the log files on your system.
ipa: Cross-realm trusts with Active Directory in IPA require working Samba 4 installation. This package is provided for convenience to install all required dependencies at once.


Security Fix(es):
logrotate: Race condition in the createOutputFile function in logrotate.c in logrotate 3.7.9 and earlier allows local users to read log data by opening a file before the intended permissions are in place.(CVE-2011-1098)
logrotate: The shred_file function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name.(CVE-2011-1154)
logrotate: The writeState function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to cause a denial of service (rotation outage) via a (1) \n (newline) or (2) \ (backslash) character in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name.(CVE-2011-1155)
logrotate: bugfix
ipa: A flaw was found in jQuery. HTML containing

影响组件

  • logrotate
  • ipa

影响产品

  • CGSL MAIN 5.05
  • CGSL CORE 5.05

更新包

{"fix":[{"product":"CGSL MAIN 5.05","pkgs":[{"binary":["logrotate-3.8.6-17.el7.cgslv5_5.0.1.gcda2743.x86_64.rpm","logrotate-debuginfo-3.8.6-17.el7.cgslv5_5.0.1.gcda2743.x86_64.rpm"],"source":"logrotate-3.8.6-17.el7.cgslv5_5.0.1.gcda2743.src.rpm"},{"binary":["ipa-debuginfo-4.6.8-5.el7.centos.4.x86_64.rpm","ipa-python-compat-4.6.8-5.el7.centos.4.noarch.rpm","ipa-server-common-4.6.8-5.el7.centos.4.noarch.rpm","ipa-common-4.6.8-5.el7.centos.4.noarch.rpm","ipa-server-dns-4.6.8-5.el7.centos.4.noarch.rpm","python2-ipaserver-4.6.8-5.el7.centos.4.noarch.rpm","ipa-client-common-4.6.8-5.el7.centos.4.noarch.rpm","ipa-server-4.6.8-5.el7.centos.4.x86_64.rpm","ipa-server-trust-ad-4.6.8-5.el7.centos.4.x86_64.rpm","ipa-client-4.6.8-5.el7.centos.4.x86_64.rpm","python2-ipalib-4.6.8-5.el7.centos.4.noarch.rpm","python2-ipaclient-4.6.8-5.el7.centos.4.noarch.rpm"],"source":"ipa-4.6.8-5.el7.centos.4.src.rpm"}]},{"product":"CGSL CORE 5.05","pkgs":[{"binary":["logrotate-3.8.6-17.el7.cgslv5_5.0.1.gcda2743.x86_64.rpm","logrotate-debuginfo-3.8.6-17.el7.cgslv5_5.0.1.gcda2743.x86_64.rpm"],"source":"logrotate-3.8.6-17.el7.cgslv5_5.0.1.gcda2743.src.rpm"},{"binary":["ipa-debuginfo-4.6.8-5.el7.centos.4.x86_64.rpm","ipa-python-compat-4.6.8-5.el7.centos.4.noarch.rpm","ipa-server-common-4.6.8-5.el7.centos.4.noarch.rpm","ipa-common-4.6.8-5.el7.centos.4.noarch.rpm","ipa-server-dns-4.6.8-5.el7.centos.4.noarch.rpm","python2-ipaserver-4.6.8-5.el7.centos.4.noarch.rpm","ipa-client-common-4.6.8-5.el7.centos.4.noarch.rpm","ipa-server-4.6.8-5.el7.centos.4.x86_64.rpm","ipa-server-trust-ad-4.6.8-5.el7.centos.4.x86_64.rpm","ipa-client-4.6.8-5.el7.centos.4.x86_64.rpm","python2-ipalib-4.6.8-5.el7.centos.4.noarch.rpm","python2-ipaclient-4.6.8-5.el7.centos.4.noarch.rpm"],"source":"ipa-4.6.8-5.el7.centos.4.src.rpm"}]}]}

CVE

参考