New packages were released with a downgraded release number in order to preserve the upgrade cycle to Fedora Core 1. --------------------------------------------------------------------- Fedora Test Update Notification FEDORA-2004-1719 Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=1719 2004-10-04 --------------------------------------------------------------------- Name : tripwire Version 7.3 : 2.3.1-10.1.legacy.7x Version 9 : 2.3.1-17.1.legacy.9 Summary : A system integrity assessment tool. Description : Tripwire is a very valuable security tool for Linux systems, if it is installed to a clean system. Tripwire should be installed right after the OS installation, and before you have connected your system to a network (i.e., before any possibility exists that someone could alter files on your system). --------------------------------------------------------------------- Update Information: Updated Tripwire packages that fix a format string security vulnerability are now available. Tripwire is a system integrity assessment tool. Paul Herman discovered a format string vulnerability in Tripwire version 2.3.1 and earlier. If Tripwire is configured to send reports via email, a local user could gain privileges by creating a carefully crafted file. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0536 to this issue. Users of Tripwire are advised to upgrade to this erratum package which contains a backported security patch to correct this issue. --------------------------------------------------------------------- Changelog: 7.3: * Mon Oct 04 2004 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 2.3.1-10.1.legacy.7x - Removed gcc-c++ as a BuildReq - Downgraded version number so we don't break upgrade cycle to fc1 * Tue Jun 15 2004 Jesse Keating <jkeating@xxxxxxxxxxxxxxx> 2.3.1-20.legacy.7x - Added gcc-c++ as a BuildReq - Changed version number to allow for 7.x to bump w/out touching 9 * Fri Jun 04 2004 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 2.3.1-18.legacy - Added patch for format string vulnerability (FL #1719) 9: * Mon Oct 04 2004 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 2.3.1-17.1.legacy.9 - Removed gcc-c++ BuildRequires - Downgraded release number so we don't break the upgrade cycle to fc1 * Tue Jun 15 2004 Jesse Keating <jkeating@xxxxxxxxxxxxxxx> 2.3.1-20.legacy.9 - Added gcc-c++ - Altered version for 7.x/9 independence. * Fri Jun 04 2004 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 2.3.1-19.legacy - Added patch for format string vulnerability (FL #1719) --------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/redhat/ 1b2a8875e86492065f53db69d04de4a452fb1c5f 7.3/updates-testing/i386/tripwire-2.3.1-10.1.legacy.7x.i386.rpm 3d1d0f2a2b4b27c1e5d3b05dbea78d95c70ddcc2 7.3/updates-testing/SRPMS/tripwire-2.3.1-10.1.legacy.7x.src.rpm 0ef679e248881f02452b5ab4c7f58cd6e603a30e 9/updates-testing/i386/tripwire-2.3.1-17.1.legacy.9.i386.rpm 6e62d981a2ffe149196af4b35b8d1962f76dc367 9/updates-testing/SRPMS/tripwire-2.3.1-17.1.legacy.9.src.rpm Please note that this update is also available via yum and apt through the updates-testing channel. Many people find this an easier way to apply updates. --------------------------------------------------------------------- Please test these new packages and add comments to Bugzilla. -- fedora-legacy-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-legacy-list
