Ubuntu Security Notice 1078-1 - Dominik George discovered that logwatch did not properly sanitize log file names that were passed to the shell as part of a command. If a remote attacker were able to generate specially crafted filenames (for example, via Samba logging), they could execute arbitrary code with root privileges.
0f547aa43b22177b3cdef403c9b0e44b89e5196125c31c09f67ed05eff3feaf3