A denial of service flaw was found in the way the logrotate utility
performed arguments sanitization, when performing the 'write state'
action. A local attacker could use this flaw to cause abort in
subsequent logrotate runs via a specially-crafted log file name.
Created attachment 481603 [details]
This patch fixes the bug by escaping line-feed and backslash and by using 2 * PATH_MAX + 16 for buffer size if PATH_MAX is defined.
Created logrotate tracking bugs for this issue
Affects: fedora-all [bug 688520]
This issue has been addressed in following products:
Red Hat Enterprise Linux 6
Via RHSA-2011:0407 https://rhn.redhat.com/errata/RHSA-2011-0407.html
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.