Bug Fix Advisory logwatch bug fix update

Advisory: RHBA-2013:1247-1
Type: Bug Fix Advisory
Severity: N/A
Issued on: 2013-09-10
Last updated on: 2013-11-20
Affected Products: Red Hat Enterprise Linux Desktop (v. 6)
Red Hat Enterprise Linux HPC Node (v. 6)
Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Workstation (v. 6)

Details

An updated logwatch package that fixes several bugs is now available for Red Hat
Enterprise Linux 6.

Logwatch is a customizable, pluggable log-monitoring system. It will go through
the user's logs for a given period of time and make a report in the areas that
the user needs.

This update fixes the following bugs:

* Previously, logwatch did not correctly parse the up2date service's
"updateLoginInfo() login info" messages and displayed them as unmatched entries.
With this update, parsing of such log messages has been fixed and works as
expected. (BZ#737247)

* Prior to this update, logwatch did not correctly parse many Openswan log
messages and displayed them as unmatched entries. With this update, parsing of
such log messages has been fixed and works as expected. (BZ#799690)

* Logwatch did not parse Dovecot 2.x log messages properly. That resulted in a
lot of unmatched entries in its reports. This patch adds additional logic to
correctly parse Dovecot 2.x logs, thus unmatched entries related to Dovecot 2.x
messages no longer appear. (BZ#799987)

* The .hdr files are headers for RPM packages; they are essentially metadata.
Logwatch's HTTP service parser emitted warnings for the .hdr files, even when
the "Detail" parameter was set to "Low". With this update, the .hdr files are
now parsed as archives, which removes spurious warnings about the .hdr files.
(BZ#800843)

* Previously, logwatch did not correctly handle the "MailTo" option in its
configuration. That resulted in no output, even though a report should have been
displayed. This patch adds additional logic to correctly handle an empty
"MailTo" option. As a result, output is correctly produced even when this option
is empty. (BZ#837034)

* Prior to this update, logwatch did not correctly parse many smartd log
messages and displayed them as unmatched entries. With this update, parsing of
such log messages has been fixed and works as expected. (BZ#888007)

* Prior to this update, logwatch did not correctly parse DNS log messages with
DNSSEC validation enabled and displayed them as unmatched entries. With this
update, parsing of such log messages has been fixed and works as expected.
(BZ#894134)

* Previously, logwatch did not correctly parse the postfix service's "improper
command pipelining" messages and displayed them as unmatched entries. With this
update, parsing of such log messages has been fixed and works as expected.
(BZ#894185)

* Previously, logwatch did not correctly parse user names in the secure log. It
improperly assumed that such names are composed of letters only and displayed
messages containing names with other symbols, such as digits, as unmatched
entries. With this update, parsing of user names has been enhanced to include
underscores and digits, thus log messages containing such user names no longer
display as unmatched entries. (BZ#894191)

* Logins initiated with the "su -" or "su -l" command were not correctly parsed
by logwatch and were displayed as unmatched entries. This update fixes this bug.
(BZ#974042)

* Prior to this update, logwatch did not correctly parse the RSYSLOG_FileFormat
time stamps and displayed them as unmatched entries. With this update, parsing
of the rsyslog time stamps has been fixed and works as expected. (BZ#974044)

* SSH Kerberos (GSS) logins were not correctly parsed by logwatch and were
displayed as unmatched entries. This update fixes this bug. (BZ#974046)

* Xen virtual console logins were not correctly parsed by logwatch and were
displayed as unmatched entries. This update fixes this bug. (BZ#974047)

Users of logwatch are advised to upgrade to this updated package, which fixes
these bugs.


Solution

Before applying this update, make sure all previously-released errata relevant
to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red
Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258

Updated packages

Red Hat Enterprise Linux Desktop (v. 6)

SRPMS:
logwatch-7.3.6-52.el6.src.rpm
File outdated by:  RHBA-2017:0610
    MD5: 1744efee71d037146eafdf5e655a5874
SHA-256: 77c170eef31a35262b4995b0eee445037e67744505a110e338f72e2b59ac69ef
 
IA-32:
logwatch-7.3.6-52.el6.noarch.rpm
File outdated by:  RHBA-2017:0610
    MD5: 6ae05d14d1cb2a0a9905c7b971d8e21b
SHA-256: 2f28c7d22b9f5067bd153033f43652973d3b5799d17b43c590894b211b4aa7e8
 
x86_64:
logwatch-7.3.6-52.el6.noarch.rpm
File outdated by:  RHBA-2017:0610
    MD5: 6ae05d14d1cb2a0a9905c7b971d8e21b
SHA-256: 2f28c7d22b9f5067bd153033f43652973d3b5799d17b43c590894b211b4aa7e8
 
Red Hat Enterprise Linux HPC Node (v. 6)

SRPMS:
logwatch-7.3.6-52.el6.src.rpm
File outdated by:  RHBA-2017:0610
    MD5: 1744efee71d037146eafdf5e655a5874
SHA-256: 77c170eef31a35262b4995b0eee445037e67744505a110e338f72e2b59ac69ef
 
x86_64:
logwatch-7.3.6-52.el6.noarch.rpm
File outdated by:  RHBA-2017:0610
    MD5: 6ae05d14d1cb2a0a9905c7b971d8e21b
SHA-256: 2f28c7d22b9f5067bd153033f43652973d3b5799d17b43c590894b211b4aa7e8
 
Red Hat Enterprise Linux Server (v. 6)

SRPMS:
logwatch-7.3.6-52.el6.src.rpm
File outdated by:  RHBA-2017:0610
    MD5: 1744efee71d037146eafdf5e655a5874
SHA-256: 77c170eef31a35262b4995b0eee445037e67744505a110e338f72e2b59ac69ef
 
IA-32:
logwatch-7.3.6-52.el6.noarch.rpm
File outdated by:  RHBA-2017:0610
    MD5: 6ae05d14d1cb2a0a9905c7b971d8e21b
SHA-256: 2f28c7d22b9f5067bd153033f43652973d3b5799d17b43c590894b211b4aa7e8
 
PPC:
logwatch-7.3.6-52.el6.noarch.rpm
File outdated by:  RHBA-2017:0610
    MD5: 6ae05d14d1cb2a0a9905c7b971d8e21b
SHA-256: 2f28c7d22b9f5067bd153033f43652973d3b5799d17b43c590894b211b4aa7e8
 
s390x:
logwatch-7.3.6-52.el6.noarch.rpm
File outdated by:  RHBA-2017:0610
    MD5: 6ae05d14d1cb2a0a9905c7b971d8e21b
SHA-256: 2f28c7d22b9f5067bd153033f43652973d3b5799d17b43c590894b211b4aa7e8
 
x86_64:
logwatch-7.3.6-52.el6.noarch.rpm
File outdated by:  RHBA-2017:0610
    MD5: 6ae05d14d1cb2a0a9905c7b971d8e21b
SHA-256: 2f28c7d22b9f5067bd153033f43652973d3b5799d17b43c590894b211b4aa7e8
 
Red Hat Enterprise Linux Workstation (v. 6)

SRPMS:
logwatch-7.3.6-52.el6.src.rpm
File outdated by:  RHBA-2017:0610
    MD5: 1744efee71d037146eafdf5e655a5874
SHA-256: 77c170eef31a35262b4995b0eee445037e67744505a110e338f72e2b59ac69ef
 
IA-32:
logwatch-7.3.6-52.el6.noarch.rpm
File outdated by:  RHBA-2017:0610
    MD5: 6ae05d14d1cb2a0a9905c7b971d8e21b
SHA-256: 2f28c7d22b9f5067bd153033f43652973d3b5799d17b43c590894b211b4aa7e8
 
x86_64:
logwatch-7.3.6-52.el6.noarch.rpm
File outdated by:  RHBA-2017:0610
    MD5: 6ae05d14d1cb2a0a9905c7b971d8e21b
SHA-256: 2f28c7d22b9f5067bd153033f43652973d3b5799d17b43c590894b211b4aa7e8
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

737247 - logwatch/up2date fix and extension
799690 - Ignore the ignorable openswan messages
800843 - logwatch "http" script should treat APT .hdr files as "archives" (and not as "other")
888007 - logwatch a bit chatty with smartd
894185 - Logwatch does not handle "improper command pipelining after (NOOP|RSET)"
894191 - Logwatch doesn't proper ignore "password check failed for user"


Keywords

logwatch


These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/