{"schema_version":"1.7.2","id":"OESA-2022-1724","modified":"2022-06-24T11:03:55Z","published":"2022-06-24T11:03:55Z","upstream":["CVE-2022-1348"],"summary":"logrotate security update","details":"The logrotate utility is designed to simplify the administration of log files on a system which generates a lot of log files.  Logrotate allows for the automatic rotation compression, removal and mailing of log files.logrotate  Logrotate can be set to handle a log file daily, weekly, monthly or when the log file gets to a certain size.\r\n\r\nSecurity Fix(es):\r\n\r\nA vulnerability was found in logrotate in how the state file is created. The state file is used to prevent parallel executions of multiple instances of logrotate by acquiring and releasing a file lock. When the state file does not exist, it is created with world-readable permission, allowing an unprivileged user to lock the state file, stopping any rotation. This flaw affects logrotate versions before 3.20.0.(CVE-2022-1348)","affected":[{"package":{"ecosystem":"openEuler:22.03-LTS","name":"logrotate","purl":"pkg:rpm/openEuler/logrotate\u0026distro=openEuler-22.03-LTS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.20.1-1.oe2203"}]}],"ecosystem_specific":{"aarch64":["logrotate-debuginfo-3.20.1-1.oe2203.aarch64.rpm","logrotate-3.20.1-1.oe2203.aarch64.rpm","logrotate-debugsource-3.20.1-1.oe2203.aarch64.rpm"],"noarch":["logrotate-help-3.20.1-1.oe2203.noarch.rpm"],"src":["logrotate-3.20.1-1.oe2203.src.rpm"],"x86_64":["logrotate-debugsource-3.20.1-1.oe2203.x86_64.rpm","logrotate-debuginfo-3.20.1-1.oe2203.x86_64.rpm","logrotate-3.20.1-1.oe2203.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1724"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-1348"}],"database_specific":{"severity":"Medium"}}