Package: release.debian.org User: release.debian.org@packages.debian.org Usertags: pu Tags: bullseye X-Debbugs-Cc: cgzones@googlemail.com Severity: normal [ Reason ] Logrotate does not reject invalid files as configuration files and tries to parse at least parts of them. Those files for example might be crafted coredumps, placed in /etc/logrotate.d/ via an unsafe core dump handler. Be more strict while parsing configuration files. See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1002022 https://github.com/logrotate/logrotate/pull/427 https://www.openwall.com/lists/oss-security/2021/10/20/2 Also include two other fixes, one using the correct stat information when verifying an olddir configuration after creating the olddir, the other advancing pointer in full_write on incomplete write to avoid data corruption. [ Impact ] With an unsafe coredump handler logrotate can be used in an exploit chain to execute arbitrary code. Since logrotate is not the main culprit, there might still be alternatives. [ Tests ] The changes are all part of the recent logrotate release 3.19.0. [ Risks ] Since the configuration parser gets much stricter previously accepted, but unsharp, files may become invalid, leading to logrotate not rotating the files related to that section. A failure of logrotate is handled by systemd by setting the service state to "failed" and the system status to "degraded". Cron might send an email with the command output. [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in (old)stable [x] the issue is verified as fixed in unstable (everything is included in 3.19.0-1)
Attachment:
logrotate-3.18.0-2+deb11u1.debdiff
Description: Binary data