1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 2182-1] logwatch security update

    From Florian Weimer@1:229/2 to All on Fri Mar 4 22:10:01 2011
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-2182-1 [email protected] http://www.debian.org/security/
    March 04, 2011 http://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : logwatch
    Vulnerability : shell command injection
    Problem type : remote
    Debian-specific: no
    CVE ID : CVE-2011-0715
    Debian Bug : 615995

    Dominik George discovered that logwatch does not guard against shell meta-characters in crafted log file names (such as those produced by
    Samba). As a result, an attacker might be able to execute shell
    commands on the system running logwatch.

    For the oldstable distribution (lenny), this problem has been fixed in
    version 7.3.6.cvs20080702-2lenny1.

    For the stable distribution (squeeze), this problem has been fixed in
    version 7.3.6.cvs20090906-1squeeze1.

    For the testing distribution (wheezy) and the unstable distribution
    (sid), this problem has been fixed in version 7.3.6.cvs20090906-2.

    We recommend that you upgrade your logwatch packages.

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: http://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.9 (GNU/Linux)

    iQEcBAEBAgAGBQJNcVVWAAoJEL97/wQC1SS+sNgIAJEL9txGRe8FhhoqWxkoZ/fQ IIONEna4og0MblIxw5ntoRM1BzJ6SBexZnVVQvGenamnwUmaVFvwSOxree4jEtNi P3ya/WZLF+IqLaLTRXOET7Vm5+GXfyRUteYJDkUc0Fo1pTOhKLl7xNXHtRkGmFEF 8pNlVlwGkUQ8VVN4zliv3cHhl0Xn+voJJbXsq3S025ggn3az7l9snekHm6M8XafS tv7XpkdlAFN9sjJpGqSVCOuRmhuRSEouTrgkAc3SSGz1fzKcZ3Akc2W/yWtNO6Aw S8X4PreXNCmPPAWYv9dHxr1LLnXm6vzt5MIk8wJ/oKsyjDhOFBKKJuSfJ5axtnY=
    =CJb0
    -----END PGP SIGNATURE-----


    --
    To UNSUBSCRIBE, email to [email protected]
    with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)