Logcheck devel - Jun 2004 - Bug#174173: marked as done (logcheck: Will fail badly if /var/tmp is full)

Your message dated Thu, 03 Jun 2004 06:02:03 -0400
with message-id <E1BVp2x-00023o-00 at newraff.debian.org>
and subject line Bug#174173: fixed in logcheck 1.2.21
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 24 Dec 2002 06:38:56
+0000
>From ehem at m5p.com Tue Dec 24 00:38:55 2002
Return-path: <ehem at m5p.com>
Received: from dsl-209-162-215-52.dsl.easystreet.com (southstation.m5p.com)
[209.162.215.52]
	by master.debian.org with esmtp (Exim 3.12 1 (Debian))
	id 18QiiN-0005IG-00; Tue, 24 Dec 2002 00:38:55 -0600
Received: from m5p.com (parkstreet.m5p.com [10.100.0.1])
	by southstation.m5p.com (8.12.5/8.12.5) with ESMTP id gBO6cILw000435
	(version=TLSv1/SSLv3 cipher=EDH-DSS-DES-CBC3-SHA bits=168 verify=OK)
	for <submit at bugs.debian.org>; Mon, 23 Dec 2002 22:38:23 -0800 (PST)
Received: (from ehem at localhost)
	by m5p.com (8.12.5/8.12.1/Submit) id gBO6cIgC057041
	for submit at bugs.debian.org; Mon, 23 Dec 2002 22:38:18 -0800 (PST)
From: Elliott Mitchell <ehem at m5p.com>
Message-Id: <200212240638.gBO6cIgC057041 at m5p.com>
Subject: logcheck: Will fail badly if /var/tmp is full
To: submit at bugs.debian.org
Date: Mon, 23 Dec 2002 22:38:18 -0800 (PST)
X-Mailer: ELM [version 2.4ME+ PL99b (25)]
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=US-ASCII
X-Scanned-By: MIMEDefang 2.16 (www . roaringpenguin . com / mimedefang)
Delivered-To: submit at bugs.debian.org
X-Spam-Status: No, hits=0.6 required=5.0
	tests=SPAM_PHRASE_00_01
	version=2.41
X-Spam-Level: 

Package: logcheck
Version: 1.1.1-13.1
Severity: important
Tags: security

If /var/tmp is full logcheck will be unable to produce the cleaned files,
resulting in incorrect output. Quite possibly resulting in null output
despite numerous serious syslog messages. By interfering with an
appropriate daemon an attacker might be able to have /var/tmp filled at
selective times, and thereby corrupt logcheck's output in a controlled
way.

The solution would be to check the return code of *all* commands that are
run.

-- System Information
Debian Release: 3.0
Architecture: i386
Kernel: Linux gremlin 2.4.19-gremlin-4 #1 Tue Aug 27 23:18:32 PDT 2002 i586
Locale: LANG=C, LC_CTYPE=C

Versions of packages logcheck depends on:
ii  cron             3.0pl1-72               management of regular background p
ii  debconf          1.0.32                  Debian configuration management sy
ii  exim-tls [exim]  3.35-3                  Exim Mailer - with TLS (SSL) suppo
ii  exim-tls [mail-t 3.35-3                  Exim Mailer - with TLS (SSL) suppo
ii  logcheck-databas 1.1.1-13.1              A database of system log rules for
ii  logtail          1.1.1-13.1              Returns parts of logfiles that hav
ii  mailx            1:8.1.2-0.20020411cvs-1 A simple mail user agent.
ii  sysklogd         1.4.1-10                System Logging Daemon
ii  sysklogd [system 1.4.1-10                System Logging Daemon


--
(\___(\___(\______          --=> 8-) EHM <=--          ______/)___/)___/)
 \   (    |         EHeM at gremlin.m5p.com PGP 8881EF59         |    )   /
  \_  \   |  _____  -O #include <stddisclaimer.h> O-   _____  |   /  _/
    \___\_|_/82 04 A1 3C C7 B1 37 2A*E3 6E 84 DA 97 4C 40 E6\_|_/___/



---------------------------------------
Received: (at 174173-close) by bugs.debian.org; 3 Jun 2004 10:08:50
+0000
>From katie at ftp-master.debian.org Thu Jun 03 03:08:50 2004
Return-path: <katie at ftp-master.debian.org>
Received: from newraff.debian.org [208.185.25.31] (mail)
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1BVp9W-0005QF-00; Thu, 03 Jun 2004 03:08:50 -0700
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
	id 1BVp2x-00023o-00; Thu, 03 Jun 2004 06:02:03 -0400
From: Todd Troxell <ttroxell at debian.org>
To: 174173-close at bugs.debian.org
X-Katie: $Revision: 1.49 $
Subject: Bug#174173: fixed in logcheck 1.2.21
Message-Id: <E1BVp2x-00023o-00 at newraff.debian.org>
Sender: Archive Administrator <katie at ftp-master.debian.org>
Date: Thu, 03 Jun 2004 06:02:03 -0400
Delivered-To: 174173-close at bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER 
	autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level: 

Source: logcheck
Source-Version: 1.2.21

We believe that the bug you reported is fixed in the latest version of
logcheck, which is due to be installed in the Debian FTP archive:

logcheck-database_1.2.21_all.deb
  to pool/main/l/logcheck/logcheck-database_1.2.21_all.deb
logcheck_1.2.21.dsc
  to pool/main/l/logcheck/logcheck_1.2.21.dsc
logcheck_1.2.21.tar.gz
  to pool/main/l/logcheck/logcheck_1.2.21.tar.gz
logcheck_1.2.21_all.deb
  to pool/main/l/logcheck/logcheck_1.2.21_all.deb
logtail_1.2.21_all.deb
  to pool/main/l/logcheck/logtail_1.2.21_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 174173 at bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Todd Troxell <ttroxell at debian.org> (supplier of updated logcheck
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster at debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Thursday, 03 Jun 2004 05:49:47 -0500
Source: logcheck
Binary: logcheck logtail logcheck-database
Architecture: source all
Version: 1.2.21
Distribution: unstable
Urgency: low
Maintainer: Debian logcheck Team <logcheck-devel at
lists.alioth.debian.org>
Changed-By: Todd Troxell <ttroxell at debian.org>
Description: 
 logcheck   - Mails anomalies in the system logfiles to the administrator
 logcheck-database - A database of system log rules for the use of log checkers
 logtail    - Print log file lines that have not been read
Closes: 174173 182992 186849 192192 198767 213709 222240 226937 248409 248816
249074 249181 249324 250373 250374 251364 251463 252173
Changes: 
 logcheck (1.2.21) unstable; urgency=low
 .
   maks:
   * Better description of logtail package.
   * Recommend use of an offsite email address in main conf.
   * Added and updated bind, cracklib, innd, kernel, logcheck, nntpcache,
     Login.app, proftp, postfix, pump, sendmail rulefiles.
     (Closes: #248816, #213709, #198767, #248409, #249074, #250374, #250373,
      #249181)
   * Added -v switch (outputs logcheck version).
   * Harden permissions regarding world.
   * Added and updated arpwatch, bind, gconf, gdm, kernel, openvpn, postfix,
     rpc.statd and spamd rules.  thanks to Peter Palfrader <weasel at
debian.org>.
   * New Config option for subject tags [logcheck].
   * Lower all debconf messages priority.
   * Added and updated oidentd rules. (Closes: #186849)
     thanks to Tobias Wolter <towo+bugs at ydal.de>
   * Ignore normal use of su and sudo. (Closes: #182992, #192192)
   * Remove empty file innd.
   * Add switches to logtails default arguments.
   * Added cvs-build, cvs-clean debian/rules - stolen from apt.
   * Denote /etc/logcheck/logcheck.logfile as CFG in manpage and logcheck.
   * Move logtail.8 from debian to doc dir.
   * Added Japanese translation. thanks to Hideki Yamane (Closes: #251463)
   * Added French translation. thanks to R?mi Pannequin (Closes: #252173)
   * Fix bashishm in preinst and postinst. (Closes: #251364)
   todd:
   * Add debconf to logcheck Depends:
   * Check the return values of all commands that write to disk.
     (Closes: #174173)
   * Add NEWS.Debian to logcheck.docs (Followup to #247360)
   eevans:
   * Made addition of logcheck user and permissions/ownership changes a
     conditional of an upgrade from a version less than 1.2.19.
     (Closes: #249324)
   * Added a note to README.Debian on how to manually change the cronjob
     interval. (Closes: #222240, #226937)
   alfie:
   * src/logcheck: test also for readability for the header.txt and footer.txt.
   * debian/changelog: stripped all trailing whitespace from the file.
   * debian/*templates: Some small consistency and formating updates. Updated
     the debian/po/*.po files too.
Files: 
 ca12c9c51dc70453a7fcb1859f17ccc3 670 admin optional logcheck_1.2.21.dsc
 2def0e9e4ccc428e49126c5e391e4597 72037 admin optional logcheck_1.2.21.tar.gz
 c87bba838b413e6f939edd7336e07579 36388 admin optional logcheck_1.2.21_all.deb
 806b69d2d16042c4f2060df79d73a1bd 39956 admin optional
logcheck-database_1.2.21_all.deb
 2554603f91374e07d19293a5277ab153 21170 admin optional logtail_1.2.21_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD4DBQFAvvYw4u3oQ3FHP2YRAkukAKCztbEVc4ziE6zmo4VijzQHma/yKwCYvKTP
1FzcH4V8Ag3K8hSwSnDbvw==s9Dc
-----END PGP SIGNATURE-----