rpm package
opensuse/logrotate&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/logrotate&distro=openSUSE%20Tumbleweed
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-1348 | — | < 3.20.1-1.1 | 3.20.1-1.1 | May 25, 2022 | A vulnerability was found in logrotate in how the state file is created. The state file is used to prevent parallel executions of multiple instances of logrotate by acquiring and releasing a file lock. When the state file does not exist, it is created with world-readable permissi | ||
| CVE-2011-1155 | — | < 3.10.0-4.1 | 3.10.0-4.1 | Mar 30, 2011 | The writeState function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to cause a denial of service (rotation outage) via a (1) \n (newline) or (2) \ (backslash) character in a log filename, as demonstrated by a filename that is automaticall | ||
| CVE-2011-1154 | — | < 3.10.0-4.1 | 3.10.0-4.1 | Mar 30, 2011 | The shred_file function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or vi | ||
| CVE-2011-1098 | — | < 3.10.0-4.1 | 3.10.0-4.1 | Mar 30, 2011 | Race condition in the createOutputFile function in logrotate.c in logrotate 3.7.9 and earlier allows local users to read log data by opening a file before the intended permissions are in place. |
- CVE-2022-1348May 25, 2022affected < 3.20.1-1.1fixed 3.20.1-1.1
A vulnerability was found in logrotate in how the state file is created. The state file is used to prevent parallel executions of multiple instances of logrotate by acquiring and releasing a file lock. When the state file does not exist, it is created with world-readable permissi
- CVE-2011-1155Mar 30, 2011affected < 3.10.0-4.1fixed 3.10.0-4.1
The writeState function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to cause a denial of service (rotation outage) via a (1) \n (newline) or (2) \ (backslash) character in a log filename, as demonstrated by a filename that is automaticall
- CVE-2011-1154Mar 30, 2011affected < 3.10.0-4.1fixed 3.10.0-4.1
The shred_file function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or vi
- CVE-2011-1098Mar 30, 2011affected < 3.10.0-4.1fixed 3.10.0-4.1
Race condition in the createOutputFile function in logrotate.c in logrotate 3.7.9 and earlier allows local users to read log data by opening a file before the intended permissions are in place.