- Issued:
- 2006-09-06
- Updated:
- 2007-05-01
RHBA-2006:0631 - Bug Fix Advisory
Synopsis
logwatch bug fix update
Type/Severity
Bug Fix Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An updated logwatch package is now available.
Description
LogWatch is a customizable log analysis system. LogWatch parses through
your system's logs for a given period of time and creates a report
analyzing areas that you specify, in as much detail as you require.
Several bugs were found in the way logwatch parses messages from httpd
and pam_unix modules:
http module
- http service did not recognize routine mailman access.
- http service did not parse ssl_access_log properly.
- Perfectly valid URLs were caught as exploits in the http module.
- http service reported wrong status codes due to an error in the
way rpm behaves after LogWatch is updated.
- http service incorrectly counted certain file types.
- http service treated valid .Z files as possible exploits.
pam_unix module
- Instead of expecting jobs from cron to begin with 'crond', LogWatch
expected them to begin with 'cron'.
Users of LogWatch should upgrade to this updated package, which resolves
these issues.
Solution
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:
up2date
For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:
Affected Products
- Red Hat Enterprise Linux Server 4 x86_64
- Red Hat Enterprise Linux Server 4 ia64
- Red Hat Enterprise Linux Server 4 i386
- Red Hat Enterprise Linux Workstation 4 x86_64
- Red Hat Enterprise Linux Workstation 4 ia64
- Red Hat Enterprise Linux Workstation 4 i386
- Red Hat Enterprise Linux Desktop 4 x86_64
- Red Hat Enterprise Linux Desktop 4 i386
- Red Hat Enterprise Linux for IBM z Systems 4 s390x
- Red Hat Enterprise Linux for IBM z Systems 4 s390
- Red Hat Enterprise Linux for Power, big endian 4 ppc
Fixes
- BZ - 159567 - Logwatch doesn't recongnize routine mailman access
- BZ - 167925 - http script doesn't parse ssl_access_log
- BZ - 176324 - Logwatch http regex period escaping
- BZ - 178387 - logwatch http service reports wrong status codes
- BZ - 184363 - Logwatch looks for wrong service name for cron
- BZ - 189636 - logwatch http service incorrectly downshifts URL text
CVEs
(none)
References
(none)
Red Hat Enterprise Linux Server 4
SRPM | |
---|---|
logwatch-5.2.2-2.EL4.src.rpm | SHA-256: e7875017bca7db049e3eb0737e74b14af4da5b87f0912d99d016739b87e7fe84 |
x86_64 | |
logwatch-5.2.2-2.EL4.noarch.rpm | SHA-256: db8bf7984cfd53fdd522b435eb5216d0aab941ec27f4f1eaa9fde2a72518b9f8 |
logwatch-5.2.2-2.EL4.noarch.rpm | SHA-256: db8bf7984cfd53fdd522b435eb5216d0aab941ec27f4f1eaa9fde2a72518b9f8 |
ia64 | |
logwatch-5.2.2-2.EL4.noarch.rpm | SHA-256: db8bf7984cfd53fdd522b435eb5216d0aab941ec27f4f1eaa9fde2a72518b9f8 |
logwatch-5.2.2-2.EL4.noarch.rpm | SHA-256: db8bf7984cfd53fdd522b435eb5216d0aab941ec27f4f1eaa9fde2a72518b9f8 |
i386 | |
logwatch-5.2.2-2.EL4.noarch.rpm | SHA-256: db8bf7984cfd53fdd522b435eb5216d0aab941ec27f4f1eaa9fde2a72518b9f8 |
logwatch-5.2.2-2.EL4.noarch.rpm | SHA-256: db8bf7984cfd53fdd522b435eb5216d0aab941ec27f4f1eaa9fde2a72518b9f8 |
Red Hat Enterprise Linux Workstation 4
SRPM | |
---|---|
logwatch-5.2.2-2.EL4.src.rpm | SHA-256: e7875017bca7db049e3eb0737e74b14af4da5b87f0912d99d016739b87e7fe84 |
x86_64 | |
logwatch-5.2.2-2.EL4.noarch.rpm | SHA-256: db8bf7984cfd53fdd522b435eb5216d0aab941ec27f4f1eaa9fde2a72518b9f8 |
ia64 | |
logwatch-5.2.2-2.EL4.noarch.rpm | SHA-256: db8bf7984cfd53fdd522b435eb5216d0aab941ec27f4f1eaa9fde2a72518b9f8 |
i386 | |
logwatch-5.2.2-2.EL4.noarch.rpm | SHA-256: db8bf7984cfd53fdd522b435eb5216d0aab941ec27f4f1eaa9fde2a72518b9f8 |
Red Hat Enterprise Linux Desktop 4
SRPM | |
---|---|
logwatch-5.2.2-2.EL4.src.rpm | SHA-256: e7875017bca7db049e3eb0737e74b14af4da5b87f0912d99d016739b87e7fe84 |
x86_64 | |
logwatch-5.2.2-2.EL4.noarch.rpm | SHA-256: db8bf7984cfd53fdd522b435eb5216d0aab941ec27f4f1eaa9fde2a72518b9f8 |
i386 | |
logwatch-5.2.2-2.EL4.noarch.rpm | SHA-256: db8bf7984cfd53fdd522b435eb5216d0aab941ec27f4f1eaa9fde2a72518b9f8 |
Red Hat Enterprise Linux for IBM z Systems 4
SRPM | |
---|---|
logwatch-5.2.2-2.EL4.src.rpm | SHA-256: e7875017bca7db049e3eb0737e74b14af4da5b87f0912d99d016739b87e7fe84 |
s390x | |
logwatch-5.2.2-2.EL4.noarch.rpm | SHA-256: db8bf7984cfd53fdd522b435eb5216d0aab941ec27f4f1eaa9fde2a72518b9f8 |
s390 | |
logwatch-5.2.2-2.EL4.noarch.rpm | SHA-256: db8bf7984cfd53fdd522b435eb5216d0aab941ec27f4f1eaa9fde2a72518b9f8 |
Red Hat Enterprise Linux for Power, big endian 4
SRPM | |
---|---|
logwatch-5.2.2-2.EL4.src.rpm | SHA-256: e7875017bca7db049e3eb0737e74b14af4da5b87f0912d99d016739b87e7fe84 |
ppc | |
logwatch-5.2.2-2.EL4.noarch.rpm | SHA-256: db8bf7984cfd53fdd522b435eb5216d0aab941ec27f4f1eaa9fde2a72518b9f8 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.