RHBA-2013:1247 - Bug Fix Advisory

Topic

An updated logwatch package that fixes several bugs is now available for Red Hat
Enterprise Linux 6.

Description

Logwatch is a customizable, pluggable log-monitoring system. It will go through
the user's logs for a given period of time and make a report in the areas that
the user needs.

This update fixes the following bugs:

• Previously, logwatch did not correctly parse the up2date service's

"updateLoginInfo() login info" messages and displayed them as unmatched entries.
With this update, parsing of such log messages has been fixed and works as
expected. (BZ#737247)

• Prior to this update, logwatch did not correctly parse many Openswan log

messages and displayed them as unmatched entries. With this update, parsing of
such log messages has been fixed and works as expected. (BZ#799690)

• Logwatch did not parse Dovecot 2.x log messages properly. That resulted in a

lot of unmatched entries in its reports. This patch adds additional logic to
correctly parse Dovecot 2.x logs, thus unmatched entries related to Dovecot 2.x
messages no longer appear. (BZ#799987)

• The .hdr files are headers for RPM packages; they are essentially metadata.

Logwatch's HTTP service parser emitted warnings for the .hdr files, even when
the "Detail" parameter was set to "Low". With this update, the .hdr files are
now parsed as archives, which removes spurious warnings about the .hdr files.
(BZ#800843)

• Previously, logwatch did not correctly handle the "MailTo" option in its

configuration. That resulted in no output, even though a report should have been
displayed. This patch adds additional logic to correctly handle an empty
"MailTo" option. As a result, output is correctly produced even when this option
is empty. (BZ#837034)

• Prior to this update, logwatch did not correctly parse many smartd log

messages and displayed them as unmatched entries. With this update, parsing of
such log messages has been fixed and works as expected. (BZ#888007)

• Prior to this update, logwatch did not correctly parse DNS log messages with

DNSSEC validation enabled and displayed them as unmatched entries. With this
update, parsing of such log messages has been fixed and works as expected.
(BZ#894134)

• Previously, logwatch did not correctly parse the postfix service's "improper

command pipelining" messages and displayed them as unmatched entries. With this
update, parsing of such log messages has been fixed and works as expected.
(BZ#894185)

• Previously, logwatch did not correctly parse user names in the secure log. It

improperly assumed that such names are composed of letters only and displayed
messages containing names with other symbols, such as digits, as unmatched
entries. With this update, parsing of user names has been enhanced to include
underscores and digits, thus log messages containing such user names no longer
display as unmatched entries. (BZ#894191)

• Logins initiated with the "su -" or "su -l" command were not correctly parsed

by logwatch and were displayed as unmatched entries. This update fixes this bug.
(BZ#974042)

• Prior to this update, logwatch did not correctly parse the RSYSLOG_FileFormat

time stamps and displayed them as unmatched entries. With this update, parsing
of the rsyslog time stamps has been fixed and works as expected. (BZ#974044)

• SSH Kerberos (GSS) logins were not correctly parsed by logwatch and were

displayed as unmatched entries. This update fixes this bug. (BZ#974046)

• Xen virtual console logins were not correctly parsed by logwatch and were

displayed as unmatched entries. This update fixes this bug. (BZ#974047)

Users of logwatch are advised to upgrade to this updated package, which fixes
these bugs.

Solution

Before applying this update, make sure all previously-released errata relevant
to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red
Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258

Affected Products

• Red Hat Enterprise Linux Server 6 x86_64
• Red Hat Enterprise Linux Server 6 i386
• Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 x86_64
• Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 i386
• Red Hat Enterprise Linux Workstation 6 x86_64
• Red Hat Enterprise Linux Workstation 6 i386
• Red Hat Enterprise Linux Desktop 6 x86_64
• Red Hat Enterprise Linux Desktop 6 i386
• Red Hat Enterprise Linux for IBM z Systems 6 s390x
• Red Hat Enterprise Linux for Power, big endian 6 ppc64
• Red Hat Enterprise Linux for Scientific Computing 6 x86_64
• Red Hat Enterprise Linux Server from RHUI 6 x86_64
• Red Hat Enterprise Linux Server from RHUI 6 i386
• Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 6 s390x

Fixes

• BZ - 737247 - logwatch/up2date fix and extension
• BZ - 799690 - Ignore the ignorable openswan messages
• BZ - 800843 - logwatch "http" script should treat APT .hdr files as "archives" (and not as "other")
• BZ - 888007 - logwatch a bit chatty with smartd
• BZ - 894185 - Logwatch does not handle "improper command pipelining after (NOOP|RSET)"
• BZ - 894191 - Logwatch doesn't proper ignore "password check failed for user"

CVEs

(none)

References

(none)