Bug#615995: CVE-2011-1018

2011-03-03 Thread Julien Cristau 
On Thu, Mar  3, 2011 at 01:58:54 +0200, he...@nerv.fi wrote:

 I am reopening this issue, because there is releases, which hasn't been 
 patched yet.
 
That's not an appropriate reason for reopen.  The bts has version
tracking for a reason.  If the bug is fixed in unstable, then this bug
should stay closed.

Cheers,
Julien



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#615995: CVE-2011-1018

2011-03-02 Thread Willi Mann 

 Please see https://bugzilla.redhat.com/show_bug.cgi?id=680237
 for references.
 
 This is http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1018

Thanks for the report. I'll ask my sponsor to upload

http://pkg-logwatch.alioth.debian.org/apt/pool/main/l/logwatch/logwatch_7.3.6.cvs20090906-2.dsc

to unstable.

I know that a new upstream version is available, but this takes more
time for preparation.

Moritz, will you prepare the uploads for stable and oldstable? This is
the first time one of my packages is involved in a security issue.

Willi





-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#615995: CVE-2011-1018

2011-03-02 Thread henri 
I am reopening this issue, because there is releases, which hasn't been patched 
yet.

http://security-tracker.debian.org/tracker/CVE-2011-1018

Best regards,
Henri Salo



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#615995: CVE-2011-1018

2011-03-01 Thread Moritz Muehlenhoff 
Package: logwatch
Severity: grave
Tags: security

Please see https://bugzilla.redhat.com/show_bug.cgi?id=680237
for references.

This is http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1018

Cheers,
Moritz

-- System Information:
Debian Release: 5.0.1
Architecture: amd64 (x86_64)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.32-ucs35-amd64
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#615995: CVE-2011-1018

2011-03-01 Thread Steve Beattie 
Package: logwatch
Version: 7.3.6.cvs20090906-1
Severity: normal
Tags: patch
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu natty ubuntu-patch



*** /home/steve/tmp/tmpOr5E13
In Ubuntu, we've applied the attached patch to achieve the following:

  * SECURITY UPDATE: privileged code execution via badly named logfiles
- scripts/logwatch.pl: encapsulate logfiles in 's and ensure logfile
  names don't contain '.
- 
http://logwatch.svn.sourceforge.net/viewvc/logwatch?view=revisionrevision=26
- CVE-2011-1018

We thought you might be interested in doing the same.


-- System Information:
Debian Release: squeeze/sid
  APT prefers maverick-updates
  APT policy: (500, 'maverick-updates'), (500, 'maverick-security'), (500, 
'maverick-proposed'), (500, 'maverick')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.35-27-server (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
diff -u logwatch-7.3.6.cvs20090906/scripts/logwatch.pl logwatch-7.3.6.cvs20090906/scripts/logwatch.pl
--- logwatch-7.3.6.cvs20090906/scripts/logwatch.pl
+++ logwatch-7.3.6.cvs20090906/scripts/logwatch.pl
@@ -738,6 +738,10 @@
my $DestFile =  $TempDir . $LogFile . -archive;
my $Archive;
foreach $Archive (@{$LogFileData{$LogFile}{'archives'}}) {
+  if ($Archive =~ /'/) {
+ print File $Archive has invalid embedded quotes.  File ignored.\n;
+	 next;
+  }
   my $CheckTime;
   # We need to find out what's the earliest log we need
   my @time_t = TimeBuild();
@@ -765,15 +769,15 @@
   my @FileStat = stat($Archive);
   if ($CheckTime = ($FileStat[9])) {
  if (($Archive =~ m/gz$/)  (-f $Archive)  (-s $Archive)) {
-my $arguments = $Archive  $DestFile;
+my $arguments = '${Archive}'  $DestFile;
 system($Config{'pathtozcat'} $arguments) == 0
or die system '$Config{'pathtozcat'} $arguments' failed: $? 
  } elsif (($Archive =~ m/bz2$/)  (-f $Archive)  (-s $Archive)) {
-my $arguments = $Archive 2/dev/null  $DestFile;
+my $arguments = '${Archive}' 2/dev/null  $DestFile;
 system($Config{'pathtobzcat'} $arguments) == 0
or die system '$Config{'pathtobzcat'} $arguments' failed: $? 
  } elsif ((-f $Archive)  (-s $Archive)) {
-my $arguments = $Archive   $DestFile;
+my $arguments = '${Archive}'   $DestFile;
 system($Config{'pathtocat'} $arguments) == 0
or die system '$Config{'pathtocat'} $arguments' failed: $? 
  } #End if/elsif existence
@@ -785,6 +789,10 @@
foreach my $ThisFile (@FileList) {
   #Existence check for files -mgt
   next unless (-f $ThisFile);
+  if ($ThisFile =~ /'/) {
+ print File $ThisFile has invalid embedded quotes.  File ignored.\n;
+	 next;
+  }
   if (! -r $ThisFile) {
  print File $ThisFile is not readable.  Check permissions.;
  if ($ != 0) {
@@ -794,7 +802,7 @@
  next;
   }
   #FIXME - We have a bug report for filenames with spaces, can be caught here needs test -mgt
-  $FileText .= ($ThisFile .  );
+  $FileText .= (' . $ThisFile . ' );
} #End foreach ThisFile
 
# remove the ENV entries set by previous service