VDB

MAGEIA-2022-217

MAGEIA-2022-217 PUBLISHED

A vulnerability was found in logrotate in how the state file is created. The state file is used to prevent parallel executions of multiple instances of logrotate by acquiring and releasing a file lock. When the state file does not exist, it is created with world-readable permission, allowing an unprivileged user to lock the state file, stopping any rotation. This flaw affects logrotate versions before 3.20.0. (CVE-2022-1348) Note the change in permission does not apply until the first time logrotate runs after installing the update.

Affected Products

VendorProductVersions
Mageialogrotate0, 3.17.0-3.1.mga8

Timeline

  • Jun 3, 2022 CVE Updated
  • Jun 3, 2022 CVE Published
  • Mar 17, 2026 Distribution Patch
  • Mar 17, 2026 Security Advisory
Open in Interactive Console →
$ Console Community · 100/wk Open console ›