RHSA-2011:0324-01: Important: logwatch security update
Posted on: 03/08/2011 11:05 AM
A logwatch security update is available for RHEL 5 and 6
===================================================================== Red Hat Security Advisory
Synopsis: Important: logwatch security update Advisory ID: RHSA-2011:0324-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0324.html Issue date: 2011-03-07 CVE Names: CVE-2011-1018 =====================================================================
An updated logwatch package that fixes one security issue is now available for Red Hat Enterprise Linux 5 and 6.
The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux (v. 5 server) - noarch Red Hat Enterprise Linux Desktop (v. 5 client) - noarch Red Hat Enterprise Linux Desktop (v. 6) - noarch Red Hat Enterprise Linux HPC Node (v. 6) - noarch Red Hat Enterprise Linux Server (v. 6) - noarch Red Hat Enterprise Linux Workstation (v. 6) - noarch
Logwatch is a customizable log analysis system. Logwatch parses through your system's logs for a given period of time and creates a report analyzing areas that you specify, in as much detail as you require.
A flaw was found in the way Logwatch processed log files. If an attacker were able to create a log file with a malicious file name, it could result in arbitrary code execution with the privileges of the root user when that log file is analyzed by Logwatch. (CVE-2011-1018)
Users of logwatch should upgrade to this updated package, which contains a backported patch to resolve this issue.
Before applying this update, make sure all previously-released errata relevant to your system have been applied.