Skip to navigation

Security Advisory Important: logwatch security update

Advisory: RHSA-2011:0324-1
Type: Security Advisory
Severity: Important
Issued on: 2011-03-07
Last updated on: 2011-03-07
Affected Products: Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux Desktop (v. 6)
Red Hat Enterprise Linux EUS (v. 5.6.z server)
Red Hat Enterprise Linux HPC Node (v. 6)
Red Hat Enterprise Linux Long Life (v. 5.6 server)
Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Server EUS (v. 6.0.z)
Red Hat Enterprise Linux Workstation (v. 6)
CVEs (cve.mitre.org): CVE-2011-1018

Details

An updated logwatch package that fixes one security issue is now available
for Red Hat Enterprise Linux 5 and 6.

The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.

Logwatch is a customizable log analysis system. Logwatch parses through
your system's logs for a given period of time and creates a report
analyzing areas that you specify, in as much detail as you require.

A flaw was found in the way Logwatch processed log files. If an attacker
were able to create a log file with a malicious file name, it could result
in arbitrary code execution with the privileges of the root user when that
log file is analyzed by Logwatch. (CVE-2011-1018)

Users of logwatch should upgrade to this updated package, which contains a
backported patch to resolve this issue.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Updated packages

Red Hat Enterprise Linux (v. 5 server)

SRPMS:
logwatch-7.3-9.el5_6.src.rpm
File outdated by:  RHBA-2012:1217
    MD5: ad618347ee2b79ee055756412e7af7a1
SHA-256: 75aadfcf31110f2b748bcca4e55248b789c4d586315755f81896ab6af71533df
 
IA-32:
logwatch-7.3-9.el5_6.noarch.rpm
File outdated by:  RHBA-2012:1217
    MD5: 38746ea893f6622926b187fe9e3776b7
SHA-256: 038c51acd4a1653db3a46a5c49acddf963c6c8cf40c59a9fefbaa5d5a43290c2
 
IA-64:
logwatch-7.3-9.el5_6.noarch.rpm
File outdated by:  RHBA-2012:1217
    MD5: 38746ea893f6622926b187fe9e3776b7
SHA-256: 038c51acd4a1653db3a46a5c49acddf963c6c8cf40c59a9fefbaa5d5a43290c2
 
PPC:
logwatch-7.3-9.el5_6.noarch.rpm
File outdated by:  RHBA-2012:1217
    MD5: 38746ea893f6622926b187fe9e3776b7
SHA-256: 038c51acd4a1653db3a46a5c49acddf963c6c8cf40c59a9fefbaa5d5a43290c2
 
s390x:
logwatch-7.3-9.el5_6.noarch.rpm
File outdated by:  RHBA-2012:1217
    MD5: 38746ea893f6622926b187fe9e3776b7
SHA-256: 038c51acd4a1653db3a46a5c49acddf963c6c8cf40c59a9fefbaa5d5a43290c2
 
x86_64:
logwatch-7.3-9.el5_6.noarch.rpm
File outdated by:  RHBA-2012:1217
    MD5: 38746ea893f6622926b187fe9e3776b7
SHA-256: 038c51acd4a1653db3a46a5c49acddf963c6c8cf40c59a9fefbaa5d5a43290c2
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
logwatch-7.3-9.el5_6.src.rpm
File outdated by:  RHBA-2012:1217
    MD5: ad618347ee2b79ee055756412e7af7a1
SHA-256: 75aadfcf31110f2b748bcca4e55248b789c4d586315755f81896ab6af71533df
 
IA-32:
logwatch-7.3-9.el5_6.noarch.rpm
File outdated by:  RHBA-2012:1217
    MD5: 38746ea893f6622926b187fe9e3776b7
SHA-256: 038c51acd4a1653db3a46a5c49acddf963c6c8cf40c59a9fefbaa5d5a43290c2
 
x86_64:
logwatch-7.3-9.el5_6.noarch.rpm
File outdated by:  RHBA-2012:1217
    MD5: 38746ea893f6622926b187fe9e3776b7
SHA-256: 038c51acd4a1653db3a46a5c49acddf963c6c8cf40c59a9fefbaa5d5a43290c2
 
Red Hat Enterprise Linux Desktop (v. 6)

SRPMS:
logwatch-7.3.6-49.el6.src.rpm
File outdated by:  RHBA-2013:1247
    MD5: 626ce1ea732fedcda1406875f02bee97
SHA-256: d2772d6318251812242bf8eec93595ffa47ce1abecf35081e6a2ea822db0d692
 
IA-32:
logwatch-7.3.6-49.el6.noarch.rpm
File outdated by:  RHBA-2013:1247
    MD5: 1bdc02815d5ef9a9c4ad203547d2869c
SHA-256: e6b9d293e0f399f117cc48c7e5e61b683f058810748e16697c587600838dc4d1
 
x86_64:
logwatch-7.3.6-49.el6.noarch.rpm
File outdated by:  RHBA-2013:1247
    MD5: 1bdc02815d5ef9a9c4ad203547d2869c
SHA-256: e6b9d293e0f399f117cc48c7e5e61b683f058810748e16697c587600838dc4d1
 
Red Hat Enterprise Linux EUS (v. 5.6.z server)

SRPMS:
logwatch-7.3-9.el5_6.src.rpm
File outdated by:  RHBA-2012:1217
    MD5: ad618347ee2b79ee055756412e7af7a1
SHA-256: 75aadfcf31110f2b748bcca4e55248b789c4d586315755f81896ab6af71533df
 
IA-32:
logwatch-7.3-9.el5_6.noarch.rpm     MD5: 38746ea893f6622926b187fe9e3776b7
SHA-256: 038c51acd4a1653db3a46a5c49acddf963c6c8cf40c59a9fefbaa5d5a43290c2
 
IA-64:
logwatch-7.3-9.el5_6.noarch.rpm     MD5: 38746ea893f6622926b187fe9e3776b7
SHA-256: 038c51acd4a1653db3a46a5c49acddf963c6c8cf40c59a9fefbaa5d5a43290c2
 
PPC:
logwatch-7.3-9.el5_6.noarch.rpm     MD5: 38746ea893f6622926b187fe9e3776b7
SHA-256: 038c51acd4a1653db3a46a5c49acddf963c6c8cf40c59a9fefbaa5d5a43290c2
 
s390x:
logwatch-7.3-9.el5_6.noarch.rpm     MD5: 38746ea893f6622926b187fe9e3776b7
SHA-256: 038c51acd4a1653db3a46a5c49acddf963c6c8cf40c59a9fefbaa5d5a43290c2
 
x86_64:
logwatch-7.3-9.el5_6.noarch.rpm     MD5: 38746ea893f6622926b187fe9e3776b7
SHA-256: 038c51acd4a1653db3a46a5c49acddf963c6c8cf40c59a9fefbaa5d5a43290c2
 
Red Hat Enterprise Linux HPC Node (v. 6)

SRPMS:
logwatch-7.3.6-49.el6.src.rpm
File outdated by:  RHBA-2013:1247
    MD5: 626ce1ea732fedcda1406875f02bee97
SHA-256: d2772d6318251812242bf8eec93595ffa47ce1abecf35081e6a2ea822db0d692
 
x86_64:
logwatch-7.3.6-49.el6.noarch.rpm
File outdated by:  RHBA-2013:1247
    MD5: 1bdc02815d5ef9a9c4ad203547d2869c
SHA-256: e6b9d293e0f399f117cc48c7e5e61b683f058810748e16697c587600838dc4d1
 
Red Hat Enterprise Linux Long Life (v. 5.6 server)

SRPMS:
logwatch-7.3-9.el5_6.src.rpm
File outdated by:  RHBA-2012:1217
    MD5: ad618347ee2b79ee055756412e7af7a1
SHA-256: 75aadfcf31110f2b748bcca4e55248b789c4d586315755f81896ab6af71533df
 
IA-32:
logwatch-7.3-9.el5_6.noarch.rpm     MD5: 38746ea893f6622926b187fe9e3776b7
SHA-256: 038c51acd4a1653db3a46a5c49acddf963c6c8cf40c59a9fefbaa5d5a43290c2
 
IA-64:
logwatch-7.3-9.el5_6.noarch.rpm     MD5: 38746ea893f6622926b187fe9e3776b7
SHA-256: 038c51acd4a1653db3a46a5c49acddf963c6c8cf40c59a9fefbaa5d5a43290c2
 
x86_64:
logwatch-7.3-9.el5_6.noarch.rpm     MD5: 38746ea893f6622926b187fe9e3776b7
SHA-256: 038c51acd4a1653db3a46a5c49acddf963c6c8cf40c59a9fefbaa5d5a43290c2
 
Red Hat Enterprise Linux Server (v. 6)

SRPMS:
logwatch-7.3.6-49.el6.src.rpm
File outdated by:  RHBA-2013:1247
    MD5: 626ce1ea732fedcda1406875f02bee97
SHA-256: d2772d6318251812242bf8eec93595ffa47ce1abecf35081e6a2ea822db0d692
 
IA-32:
logwatch-7.3.6-49.el6.noarch.rpm
File outdated by:  RHBA-2013:1247
    MD5: 1bdc02815d5ef9a9c4ad203547d2869c
SHA-256: e6b9d293e0f399f117cc48c7e5e61b683f058810748e16697c587600838dc4d1
 
PPC:
logwatch-7.3.6-49.el6.noarch.rpm
File outdated by:  RHBA-2013:1247
    MD5: 1bdc02815d5ef9a9c4ad203547d2869c
SHA-256: e6b9d293e0f399f117cc48c7e5e61b683f058810748e16697c587600838dc4d1
 
s390x:
logwatch-7.3.6-49.el6.noarch.rpm
File outdated by:  RHBA-2013:1247
    MD5: 1bdc02815d5ef9a9c4ad203547d2869c
SHA-256: e6b9d293e0f399f117cc48c7e5e61b683f058810748e16697c587600838dc4d1
 
x86_64:
logwatch-7.3.6-49.el6.noarch.rpm
File outdated by:  RHBA-2013:1247
    MD5: 1bdc02815d5ef9a9c4ad203547d2869c
SHA-256: e6b9d293e0f399f117cc48c7e5e61b683f058810748e16697c587600838dc4d1
 
Red Hat Enterprise Linux Server EUS (v. 6.0.z)

SRPMS:
logwatch-7.3.6-49.el6.src.rpm
File outdated by:  RHBA-2013:1247
    MD5: 626ce1ea732fedcda1406875f02bee97
SHA-256: d2772d6318251812242bf8eec93595ffa47ce1abecf35081e6a2ea822db0d692
 
IA-32:
logwatch-7.3.6-49.el6.noarch.rpm     MD5: 1bdc02815d5ef9a9c4ad203547d2869c
SHA-256: e6b9d293e0f399f117cc48c7e5e61b683f058810748e16697c587600838dc4d1
 
PPC:
logwatch-7.3.6-49.el6.noarch.rpm     MD5: 1bdc02815d5ef9a9c4ad203547d2869c
SHA-256: e6b9d293e0f399f117cc48c7e5e61b683f058810748e16697c587600838dc4d1
 
s390x:
logwatch-7.3.6-49.el6.noarch.rpm     MD5: 1bdc02815d5ef9a9c4ad203547d2869c
SHA-256: e6b9d293e0f399f117cc48c7e5e61b683f058810748e16697c587600838dc4d1
 
x86_64:
logwatch-7.3.6-49.el6.noarch.rpm     MD5: 1bdc02815d5ef9a9c4ad203547d2869c
SHA-256: e6b9d293e0f399f117cc48c7e5e61b683f058810748e16697c587600838dc4d1
 
Red Hat Enterprise Linux Workstation (v. 6)

SRPMS:
logwatch-7.3.6-49.el6.src.rpm
File outdated by:  RHBA-2013:1247
    MD5: 626ce1ea732fedcda1406875f02bee97
SHA-256: d2772d6318251812242bf8eec93595ffa47ce1abecf35081e6a2ea822db0d692
 
IA-32:
logwatch-7.3.6-49.el6.noarch.rpm
File outdated by:  RHBA-2013:1247
    MD5: 1bdc02815d5ef9a9c4ad203547d2869c
SHA-256: e6b9d293e0f399f117cc48c7e5e61b683f058810748e16697c587600838dc4d1
 
x86_64:
logwatch-7.3.6-49.el6.noarch.rpm
File outdated by:  RHBA-2013:1247
    MD5: 1bdc02815d5ef9a9c4ad203547d2869c
SHA-256: e6b9d293e0f399f117cc48c7e5e61b683f058810748e16697c587600838dc4d1
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

680237 - CVE-2011-1018 logwatch: Privilege escalation due improper sanitization of special characters in log file names


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/