A file access race condition (time-of-check, time-of-use, TOCTOU race condition) was found in the way logrotate determines the permissions to newly created files when compression or copying of a log file has been requested. If the logrotate utility was run on a log file contained within an attacker controllable directory, a local attacker could use this flaw to trick the logrotate utility into creating the compressed or copied file with user selected permissions, potentially leading to disclosure of sensitive information.
Further clarified flaw information from Stefan Fritsch of Debian Security Team: =============================================================================== Both compressLogFile() and copyTruncate() are vulnerable to this issue. Instead of using the permissions passed in sb, both functions should call fstat() on the opened file.