The logrotate utility simplifies the administration of multiple log files,allowing the automatic rotation, compression, removal, and mailing of logfiles.A shell command injection flaw was found in the way logrotate handled theshred directive. A specially-crafted log file could cause logrotate toexecute arbitrary commands with the privileges of the user runninglogrotate (root, by default). Note: The shred directive is not enabled bydefault. (CVE-2011-1154)A race condition flaw was found in the way logrotate applied permissionswhen creating new log files. In some specific configurations, a localattacker could use this flaw to open new log files before logrotate appliesthe final permissions, possibly leading to the disclosure of sensitiveinformation. (CVE-2011-1098)An input sanitization flaw was found in logrotate. A log file with aspecially-crafted file name could cause logrotate to abort when attemptingto process that file a subsequent time. (CVE-2011-1155)All logrotate users should upgrade to this updated package, which containsbackported patches to resolve these issues.