Bugzilla – Bug 1192449
VUL-0: logrotate: Core-dump handing with SUID binaries
Last modified: 2022-11-23 08:35:36 UTC
related to https://bugzilla.suse.com/show_bug.cgi?id=1191281 / CVE-2021-3864 background is that logrotate processes logrotate snippets even if there is binary junk. a common exploit vector is to have logrotate snippets in "core" files, which logrotate then picks and executes as root. The logrotate folks have received this pull request (but not yet accepted it) https://github.com/logrotate/logrotate/pull/427
I can reproduce it. Hopefully, the pull request can finally be accepted and tested. I'll keep an eye upstream.
The mentioned pull request has been merged. I'll take a look and see if I can backport the changes.
Upstream got a follow up pull request with more test files: https://github.com/logrotate/logrotate/pull/431
SUSE-SU-2022:2396-1: An update that solves one vulnerability and has three fixes is now available. Category: security (important) Bug References: 1192449,1199652,1200278,1200802 CVE References: CVE-2022-1348 JIRA References: Sources used: openSUSE Leap 15.4 (src): logrotate-3.18.1-150400.3.7.1 SUSE Linux Enterprise Module for Basesystem 15-SP4 (src): logrotate-3.18.1-150400.3.7.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:2398-1: An update that contains security fixes can now be installed. Category: security (important) Bug References: 1192449,1200278,1200802 CVE References: JIRA References: Sources used: SUSE Linux Enterprise Server 12-SP5 (src): logrotate-3.11.0-2.20.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
test:531: if [ $SELINUX_TESTS = 1 ]; then This needs quotes.
SUSE-SU-2022:2547-1: An update that contains security fixes can now be installed. Category: security (important) Bug References: 1192449,1200278,1200802 CVE References: JIRA References: Sources used: openSUSE Leap 15.3 (src): logrotate-3.13.0-150000.4.7.1 SUSE Manager Server 4.1 (src): logrotate-3.13.0-150000.4.7.1 SUSE Manager Retail Branch Server 4.1 (src): logrotate-3.13.0-150000.4.7.1 SUSE Manager Proxy 4.1 (src): logrotate-3.13.0-150000.4.7.1 SUSE Linux Enterprise Server for SAP 15-SP2 (src): logrotate-3.13.0-150000.4.7.1 SUSE Linux Enterprise Server for SAP 15-SP1 (src): logrotate-3.13.0-150000.4.7.1 SUSE Linux Enterprise Server for SAP 15 (src): logrotate-3.13.0-150000.4.7.1 SUSE Linux Enterprise Server 15-SP2-LTSS (src): logrotate-3.13.0-150000.4.7.1 SUSE Linux Enterprise Server 15-SP2-BCL (src): logrotate-3.13.0-150000.4.7.1 SUSE Linux Enterprise Server 15-SP1-LTSS (src): logrotate-3.13.0-150000.4.7.1 SUSE Linux Enterprise Server 15-SP1-BCL (src): logrotate-3.13.0-150000.4.7.1 SUSE Linux Enterprise Server 15-LTSS (src): logrotate-3.13.0-150000.4.7.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 (src): logrotate-3.13.0-150000.4.7.1 SUSE Linux Enterprise Micro 5.2 (src): logrotate-3.13.0-150000.4.7.1 SUSE Linux Enterprise Micro 5.1 (src): logrotate-3.13.0-150000.4.7.1 SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src): logrotate-3.13.0-150000.4.7.1 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src): logrotate-3.13.0-150000.4.7.1 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src): logrotate-3.13.0-150000.4.7.1 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src): logrotate-3.13.0-150000.4.7.1 SUSE Linux Enterprise High Performance Computing 15-LTSS (src): logrotate-3.13.0-150000.4.7.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS (src): logrotate-3.13.0-150000.4.7.1 SUSE Enterprise Storage 7 (src): logrotate-3.13.0-150000.4.7.1 SUSE Enterprise Storage 6 (src): logrotate-3.13.0-150000.4.7.1 SUSE CaaS Platform 4.0 (src): logrotate-3.13.0-150000.4.7.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:2547-2: An update that contains security fixes can now be installed. Category: security (important) Bug References: 1192449,1200278,1200802 CVE References: JIRA References: Sources used: openSUSE Leap Micro 5.2 (src): logrotate-3.13.0-150000.4.7.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.