- Issued:
- 2013-07-18
- Updated:
- 2013-11-20
RHBA-2013:1095 - Bug Fix Advisory
Synopsis
logrotate bug fix update
Type/Severity
Bug Fix Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
Updated logrotate packages that fix several bugs are now available for Red Hat
Enterprise Linux 6.
Description
The logrotate utility simplifies the administration of multiple log files,
allowing the automatic rotation, compression, removal, and mailing of log files.
This update fixes the following bugs:
- The logrotate utility always tried to set owner of the rotated log even when
the owner was the same as the current owner of the log file. Conseqeuntly, the
rotation failed on file systems or systems where changing the ownership was not
supported. With this update, before the ownership is changed, logrotate check if
it is a real ownership change; that is, logrotate verifies if the new ownership
is not the same as the previous one, and skips the change if the ownership
change has not been real. The logrotate utility now rotates logs as expected in
this scenario. (BZ#841520)
- Setting the Access control list (ACL) on a rotated log overwrote the
previously set mode of the log file. As a consequence, the "create" directive
was ignored. To fix this bug, the ACL is no longer copied from the old log file
when using the "create" directive and the mode defined using the "create"
directive is used instead. As a result, "create" mode works as expected and it
is no longer ignored in the described scenario. (BZ#847338)
- Both the acl_set_fd() and fchmod() functions were called to set the log files
permissions. Consequently, there was a race condition where the log file could
have unsafe permissions for a short time during its creation. With this update,
only one of those functions is now called depending on directives combination
used in the configuration file and race condition between the acl_set_fd() and
fchmod() function is not possible in the described scenario. (BZ#847339)
- Because the inverse umask value 0000 was used when creating a new log file,
the newly created log file could have unwanted 0600 permissions for a short time
before the permissions were set to the proper value using the fchmod() function.
With this update, umask is set to 0777 and the newly created log file has proper
0000 permissions for this short period. (BZ#848131)
- The default SELinux context was set after the compressed log file had been
created. Consequently, the compressed log did not have the proper SELinux
context. With this update, the default SELinux context is now set before the
compressed log file creation and compressed log files have proper SELinux
context. (BZ#920030)
- Temporary files created by the logrotate utility were not removed if an error
occurred during its use. With this update, temporary files are now removed in
such a case. (BZ#922169)
Users of logrotate are advised to upgrade to these updated packages, which fix
these bugs.
Solution
Before applying this update, make sure all previously-released errata relevant
to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red
Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258
Affected Products
- Red Hat Enterprise Linux Server 6 x86_64
- Red Hat Enterprise Linux Server 6 i386
- Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 x86_64
- Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 i386
- Red Hat Enterprise Linux Workstation 6 x86_64
- Red Hat Enterprise Linux Workstation 6 i386
- Red Hat Enterprise Linux Desktop 6 x86_64
- Red Hat Enterprise Linux Desktop 6 i386
- Red Hat Enterprise Linux for IBM z Systems 6 s390x
- Red Hat Enterprise Linux for Power, big endian 6 ppc64
- Red Hat Enterprise Linux for Scientific Computing 6 x86_64
- Red Hat Enterprise Linux Server from RHUI 6 x86_64
- Red Hat Enterprise Linux Server from RHUI 6 i386
- Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 6 s390x
- Red Hat Enterprise Linux Server - Retired Extended Life Cycle Support 6 x86_64
Fixes
- BZ - 841520 - logrotate is unable to compress log files on NFS mounted directory
- BZ - 847338 - logrotate ignores create mode
- BZ - 847339 - logrotate ACL fix race condition
- BZ - 848131 - logrotate uses inverse umask
CVEs
(none)
References
(none)
Red Hat Enterprise Linux Server 6
SRPM | |
---|---|
logrotate-3.7.8-17.el6.src.rpm | SHA-256: bc42cf70cdc7f9c595a5d8bd1ff54edb23146e7d88206959867c04e23900a416 |
x86_64 | |
logrotate-3.7.8-17.el6.x86_64.rpm | SHA-256: d777161414195b4b753dc6158ed8b3ebf9fff74b681875bc527e67621a3730c6 |
logrotate-debuginfo-3.7.8-17.el6.x86_64.rpm | SHA-256: be91ad1234374d1f3ce8c48bd852cbd87e1db4431d05fbcf4ce22e6163b0ac37 |
i386 | |
logrotate-3.7.8-17.el6.i686.rpm | SHA-256: 23ea59dbf142cef5fd16961e2d6c063339c772b3e40ea9c3e64410ba6e5dfe86 |
logrotate-debuginfo-3.7.8-17.el6.i686.rpm | SHA-256: 3adfab8316aca4357983c82c8b75a187cc0ab5ff399eca2eec0cca2ff464d43f |
Red Hat Enterprise Linux Server - Extended Life Cycle Support 6
SRPM | |
---|---|
logrotate-3.7.8-17.el6.src.rpm | SHA-256: bc42cf70cdc7f9c595a5d8bd1ff54edb23146e7d88206959867c04e23900a416 |
x86_64 | |
logrotate-3.7.8-17.el6.x86_64.rpm | SHA-256: d777161414195b4b753dc6158ed8b3ebf9fff74b681875bc527e67621a3730c6 |
logrotate-debuginfo-3.7.8-17.el6.x86_64.rpm | SHA-256: be91ad1234374d1f3ce8c48bd852cbd87e1db4431d05fbcf4ce22e6163b0ac37 |
i386 | |
logrotate-3.7.8-17.el6.i686.rpm | SHA-256: 23ea59dbf142cef5fd16961e2d6c063339c772b3e40ea9c3e64410ba6e5dfe86 |
logrotate-debuginfo-3.7.8-17.el6.i686.rpm | SHA-256: 3adfab8316aca4357983c82c8b75a187cc0ab5ff399eca2eec0cca2ff464d43f |
Red Hat Enterprise Linux Workstation 6
SRPM | |
---|---|
logrotate-3.7.8-17.el6.src.rpm | SHA-256: bc42cf70cdc7f9c595a5d8bd1ff54edb23146e7d88206959867c04e23900a416 |
x86_64 | |
logrotate-3.7.8-17.el6.x86_64.rpm | SHA-256: d777161414195b4b753dc6158ed8b3ebf9fff74b681875bc527e67621a3730c6 |
logrotate-debuginfo-3.7.8-17.el6.x86_64.rpm | SHA-256: be91ad1234374d1f3ce8c48bd852cbd87e1db4431d05fbcf4ce22e6163b0ac37 |
i386 | |
logrotate-3.7.8-17.el6.i686.rpm | SHA-256: 23ea59dbf142cef5fd16961e2d6c063339c772b3e40ea9c3e64410ba6e5dfe86 |
logrotate-debuginfo-3.7.8-17.el6.i686.rpm | SHA-256: 3adfab8316aca4357983c82c8b75a187cc0ab5ff399eca2eec0cca2ff464d43f |
Red Hat Enterprise Linux Desktop 6
SRPM | |
---|---|
logrotate-3.7.8-17.el6.src.rpm | SHA-256: bc42cf70cdc7f9c595a5d8bd1ff54edb23146e7d88206959867c04e23900a416 |
x86_64 | |
logrotate-3.7.8-17.el6.x86_64.rpm | SHA-256: d777161414195b4b753dc6158ed8b3ebf9fff74b681875bc527e67621a3730c6 |
logrotate-debuginfo-3.7.8-17.el6.x86_64.rpm | SHA-256: be91ad1234374d1f3ce8c48bd852cbd87e1db4431d05fbcf4ce22e6163b0ac37 |
i386 | |
logrotate-3.7.8-17.el6.i686.rpm | SHA-256: 23ea59dbf142cef5fd16961e2d6c063339c772b3e40ea9c3e64410ba6e5dfe86 |
logrotate-debuginfo-3.7.8-17.el6.i686.rpm | SHA-256: 3adfab8316aca4357983c82c8b75a187cc0ab5ff399eca2eec0cca2ff464d43f |
Red Hat Enterprise Linux for IBM z Systems 6
SRPM | |
---|---|
logrotate-3.7.8-17.el6.src.rpm | SHA-256: bc42cf70cdc7f9c595a5d8bd1ff54edb23146e7d88206959867c04e23900a416 |
s390x | |
logrotate-3.7.8-17.el6.s390x.rpm | SHA-256: 2bd5aa378af19be91dfede5fd88b60a85350ce399c1fb3c2314cd29daae333f0 |
logrotate-debuginfo-3.7.8-17.el6.s390x.rpm | SHA-256: 28699de78daafe48faaf62a56116c634ae2c556133e0e7ee8adc5a53d402ce27 |
Red Hat Enterprise Linux for Power, big endian 6
SRPM | |
---|---|
logrotate-3.7.8-17.el6.src.rpm | SHA-256: bc42cf70cdc7f9c595a5d8bd1ff54edb23146e7d88206959867c04e23900a416 |
ppc64 | |
logrotate-3.7.8-17.el6.ppc64.rpm | SHA-256: 7d36089491ec5482ea29947b6e29bc790400c12911d885878a9ae93de5ffd277 |
logrotate-debuginfo-3.7.8-17.el6.ppc64.rpm | SHA-256: f8f2f74dc8b1c4bc7433a90769033e281a1c33458dc04169842b42a06b0d0d5c |
Red Hat Enterprise Linux for Scientific Computing 6
SRPM | |
---|---|
logrotate-3.7.8-17.el6.src.rpm | SHA-256: bc42cf70cdc7f9c595a5d8bd1ff54edb23146e7d88206959867c04e23900a416 |
x86_64 | |
logrotate-3.7.8-17.el6.x86_64.rpm | SHA-256: d777161414195b4b753dc6158ed8b3ebf9fff74b681875bc527e67621a3730c6 |
logrotate-debuginfo-3.7.8-17.el6.x86_64.rpm | SHA-256: be91ad1234374d1f3ce8c48bd852cbd87e1db4431d05fbcf4ce22e6163b0ac37 |
Red Hat Enterprise Linux Server from RHUI 6
SRPM | |
---|---|
logrotate-3.7.8-17.el6.src.rpm | SHA-256: bc42cf70cdc7f9c595a5d8bd1ff54edb23146e7d88206959867c04e23900a416 |
x86_64 | |
logrotate-3.7.8-17.el6.x86_64.rpm | SHA-256: d777161414195b4b753dc6158ed8b3ebf9fff74b681875bc527e67621a3730c6 |
logrotate-debuginfo-3.7.8-17.el6.x86_64.rpm | SHA-256: be91ad1234374d1f3ce8c48bd852cbd87e1db4431d05fbcf4ce22e6163b0ac37 |
i386 | |
logrotate-3.7.8-17.el6.i686.rpm | SHA-256: 23ea59dbf142cef5fd16961e2d6c063339c772b3e40ea9c3e64410ba6e5dfe86 |
logrotate-debuginfo-3.7.8-17.el6.i686.rpm | SHA-256: 3adfab8316aca4357983c82c8b75a187cc0ab5ff399eca2eec0cca2ff464d43f |
Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 6
SRPM | |
---|---|
logrotate-3.7.8-17.el6.src.rpm | SHA-256: bc42cf70cdc7f9c595a5d8bd1ff54edb23146e7d88206959867c04e23900a416 |
s390x | |
logrotate-3.7.8-17.el6.s390x.rpm | SHA-256: 2bd5aa378af19be91dfede5fd88b60a85350ce399c1fb3c2314cd29daae333f0 |
logrotate-debuginfo-3.7.8-17.el6.s390x.rpm | SHA-256: 28699de78daafe48faaf62a56116c634ae2c556133e0e7ee8adc5a53d402ce27 |
Red Hat Enterprise Linux Server - Retired Extended Life Cycle Support 6
SRPM | |
---|---|
logrotate-3.7.8-17.el6.src.rpm | SHA-256: bc42cf70cdc7f9c595a5d8bd1ff54edb23146e7d88206959867c04e23900a416 |
x86_64 | |
logrotate-3.7.8-17.el6.x86_64.rpm | SHA-256: d777161414195b4b753dc6158ed8b3ebf9fff74b681875bc527e67621a3730c6 |
logrotate-debuginfo-3.7.8-17.el6.x86_64.rpm | SHA-256: be91ad1234374d1f3ce8c48bd852cbd87e1db4431d05fbcf4ce22e6163b0ac37 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.