LinuxSecurity.com: Dominik George discovered that logwatch did not properly sanitizelog file names that were passed to the shell as part of a command.If a remote attacker were able to generate specially crafted filenames(for example, via Samba logging), they could execute arbitrary codewith root privileges. [More...]