Mandriva Linux Security Advisory 2011-065 - Race condition in the createOutputFile function in logrotate.c in logrotate 3.7.9 and earlier allows local users to read log data by opening a file before the intended permissions are in place. The shred_file function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name. The writeState function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to cause a denial of service character in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name.
ddd7092fc719230ad39aafb4df1ca804827100c4f41a22bd0c33e573caa8e096