This release fixes a duplicate patch entry in the rh9 packages. --------------------------------------------------------------------- Fedora Test Update Notification FEDORA-2004-1719 Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=1719 2004-10-09 --------------------------------------------------------------------- Name : tripwire Version 7.3 : 2.3.1-10.1.legacy.7x Version 9 : 2.3.1-17.2.legacy.9 Summary : A system integrity assessment tool. Description : Tripwire is a very valuable security tool for Linux systems, if it is installed to a clean system. Tripwire should be installed right after the OS installation, and before you have connected your system to a network (i.e., before any possibility exists that someone could alter files on your system). --------------------------------------------------------------------- Update Information: Updated Tripwire packages that fix a format string security vulnerability are now available. Tripwire is a system integrity assessment tool. Paul Herman discovered a format string vulnerability in Tripwire version 2.3.1 and earlier. If Tripwire is configured to send reports via email, a local user could gain privileges by creating a carefully crafted file. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0536 to this issue. Users of Tripwire are advised to upgrade to this erratum package which contains a backported security patch to correct this issue. --------------------------------------------------------------------- Changelog: 7.3: * Mon Oct 04 2004 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 2.3.1-10.1.legacy.7x - Removed gcc-c++ as a BuildReq - Downgraded version number so we don't break upgrade cycle to fc1 * Tue Jun 15 2004 Jesse Keating <jkeating@xxxxxxxxxxxxxxx> 2.3.1-20.legacy.7x - Added gcc-c++ as a BuildReq - Changed version number to allow for 7.x to bump w/out touching 9 * Fri Jun 04 2004 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 2.3.1-18.legacy - Added patch for format string vulnerability (FL #1719) 9: * Sat Oct 09 2004 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 2.3.1-17.2.legacy.9 - Removed duplicate Patch4 entry * Mon Oct 04 2004 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 2.3.1-17.1.legacy.9 - Removed gcc-c++ BuildRequires - Downgraded release number so we don't break the upgrade cycle to fc1 * Tue Jun 15 2004 Jesse Keating <jkeating@xxxxxxxxxxxxxxx> 2.3.1-20.legacy.9 - Added gcc-c++ - Altered version for 7.x/9 independence. * Fri Jun 04 2004 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 2.3.1-19.legacy - Added patch for format string vulnerability (FL #1719) --------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/redhat/ 1b2a8875e86492065f53db69d04de4a452fb1c5f 7.3/updates-testing/i386/tripwire-2.3.1-10.1.legacy.7x.i386.rpm 3d1d0f2a2b4b27c1e5d3b05dbea78d95c70ddcc2 7.3/updates-testing/SRPMS/tripwire-2.3.1-10.1.legacy.7x.src.rpm cdc032af7c3fa3cfbe153c85a0044bdbbb6326b5 9/updates-testing/i386/tripwire-2.3.1-17.2.legacy.9.i386.rpm 263704b1799204e8ee98b4329cddf7b492d8fff2 9/updates-testing/SRPMS/tripwire-2.3.1-17.2.legacy.9.src.rpm Please note that this update is also available via yum and apt through the updates-testing channel. Many people find this an easier way to apply updates. --------------------------------------------------------------------- Please test these new packages and add comments to Bugzilla.
Attachment:
signature.asc
Description: This is a digitally signed message part
-- fedora-legacy-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-legacy-list
