ALAS2022-2022-095


Amazon Linux 2022 Security Advisory: ALAS-2022-095
Advisory Release Date: 2022-06-28 23:52 Pacific
Advisory Updated Date: 2022-07-19 19:44 Pacific
Severity: Medium

Issue Overview:

A vulnerability was found in logrotate in how the state file is created. The state file is used to prevent parallel executions of multiple instances of logrotate by acquiring and releasing a file lock. When the state file does not exist, it is created with world-readable permission, allowing an unprivileged user to lock the state file, stopping any rotation. This flaw affects logrotate versions before 3.20.0. (CVE-2022-1348)


Affected Packages:

logrotate


Issue Correction:
Run dnf update --releasever=2022.0.20220628 logrotate to update your system.

New Packages:
aarch64:
    logrotate-debugsource-3.20.1-2.amzn2022.aarch64
    logrotate-debuginfo-3.20.1-2.amzn2022.aarch64
    logrotate-3.20.1-2.amzn2022.aarch64

src:
    logrotate-3.20.1-2.amzn2022.src

x86_64:
    logrotate-debuginfo-3.20.1-2.amzn2022.x86_64
    logrotate-debugsource-3.20.1-2.amzn2022.x86_64
    logrotate-3.20.1-2.amzn2022.x86_64