Package: logwatch Version: 7.3.6.cvs20090906-1 Severity: normal Tags: patch User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu natty ubuntu-patch
*** /home/steve/tmp/tmpOr5E13 In Ubuntu, we've applied the attached patch to achieve the following: * SECURITY UPDATE: privileged code execution via badly named logfiles - scripts/logwatch.pl: encapsulate logfiles in 's and ensure logfile names don't contain '. - http://logwatch.svn.sourceforge.net/viewvc/logwatch?view=revision&revision=26 - CVE-2011-1018 We thought you might be interested in doing the same. -- System Information: Debian Release: squeeze/sid APT prefers maverick-updates APT policy: (500, 'maverick-updates'), (500, 'maverick-security'), (500, 'maverick-proposed'), (500, 'maverick') Architecture: amd64 (x86_64) Kernel: Linux 2.6.35-27-server (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash
diff -u logwatch-7.3.6.cvs20090906/scripts/logwatch.pl logwatch-7.3.6.cvs20090906/scripts/logwatch.pl --- logwatch-7.3.6.cvs20090906/scripts/logwatch.pl +++ logwatch-7.3.6.cvs20090906/scripts/logwatch.pl @@ -738,6 +738,10 @@ my $DestFile = $TempDir . $LogFile . "-archive"; my $Archive; foreach $Archive (@{$LogFileData{$LogFile}{'archives'}}) { + if ($Archive =~ /'/) { + print "File $Archive has invalid embedded quotes. File ignored.\n"; + next; + } my $CheckTime; # We need to find out what's the earliest log we need my @time_t = TimeBuild(); @@ -765,15 +769,15 @@ my @FileStat = stat($Archive); if ($CheckTime <= ($FileStat[9])) { if (($Archive =~ m/gz$/) && (-f "$Archive") && (-s "$Archive")) { - my $arguments = "$Archive >> $DestFile"; + my $arguments = "'${Archive}' >> $DestFile"; system("$Config{'pathtozcat'} $arguments") == 0 or die "system '$Config{'pathtozcat'} $arguments' failed: $?" } elsif (($Archive =~ m/bz2$/) && (-f "$Archive") && (-s "$Archive")) { - my $arguments = "$Archive 2>/dev/null >> $DestFile"; + my $arguments = "'${Archive}' 2>/dev/null >> $DestFile"; system("$Config{'pathtobzcat'} $arguments") == 0 or die "system '$Config{'pathtobzcat'} $arguments' failed: $?" } elsif ((-f "$Archive") && (-s "$Archive")) { - my $arguments = "$Archive >> $DestFile"; + my $arguments = "'${Archive}' >> $DestFile"; system("$Config{'pathtocat'} $arguments") == 0 or die "system '$Config{'pathtocat'} $arguments' failed: $?" } #End if/elsif existence @@ -785,6 +789,10 @@ foreach my $ThisFile (@FileList) { #Existence check for files -mgt next unless (-f $ThisFile); + if ($ThisFile =~ /'/) { + print "File $ThisFile has invalid embedded quotes. File ignored.\n"; + next; + } if (! -r $ThisFile) { print "File $ThisFile is not readable. Check permissions."; if ($> != 0) { @@ -794,7 +802,7 @@ next; } #FIXME - We have a bug report for filenames with spaces, can be caught here needs test -mgt - $FileText .= ($ThisFile . " "); + $FileText .= ("'" . $ThisFile . "' "); } #End foreach ThisFile # remove the ENV entries set by previous service