CVE-2022-1348 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	No
Type	Denial of service
Description	The state file is used to prevent parallel executions of multiple instances of logrotate by acquiring and releasing a file lock. When the state file does not exist, it is created with a default permission mode of 0644, and with an umask of 0022 results in a world-readable file allowing an unprivileged user to lock the state file, stopping any rotation.

References
https://github.com/logrotate/logrotate/blame/master/logrotate.c#L3015-L3017 https://github.com/logrotate/logrotate/commit/f46d0bdfc9c53515c13880c501f4d2e1e7dd8b25 https://github.com/logrotate/logrotate/releases/tag/3.20.1 https://github.com/logrotate/logrotate/commit/1f76a381e2caa0603ae3dbc51ed0f1aa0d6658b9 https://github.com/logrotate/logrotate/commit/addbd293242b0b78aa54f054e6c1d249451f137d https://github.com/logrotate/logrotate/pull/446

References

https://github.com/logrotate/logrotate/blame/master/logrotate.c#L3015-L3017
https://github.com/logrotate/logrotate/commit/f46d0bdfc9c53515c13880c501f4d2e1e7dd8b25
https://github.com/logrotate/logrotate/releases/tag/3.20.1
https://github.com/logrotate/logrotate/commit/1f76a381e2caa0603ae3dbc51ed0f1aa0d6658b9
https://github.com/logrotate/logrotate/commit/addbd293242b0b78aa54f054e6c1d249451f137d
https://github.com/logrotate/logrotate/pull/446