Fedora Legacy Test Update Notification: tripwire

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This release fixes a duplicate patch entry in the rh9 packages.

---------------------------------------------------------------------
Fedora Test Update Notification
FEDORA-2004-1719
Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=1719
2004-10-09
---------------------------------------------------------------------
 
Name        : tripwire
Version 7.3 : 2.3.1-10.1.legacy.7x
Version 9   : 2.3.1-17.2.legacy.9
Summary     : A system integrity assessment tool.
Description :
Tripwire is a very valuable security tool for Linux systems, if it is
installed to a clean system. Tripwire should be installed right after
the OS installation, and before you have connected your system to a
network (i.e., before any possibility exists that someone could alter
files on your system).
 
---------------------------------------------------------------------
Update Information:
 
Updated Tripwire packages that fix a format string security
vulnerability are now available.

Tripwire is a system integrity assessment tool.

Paul Herman discovered a format string vulnerability in Tripwire
version 2.3.1 and earlier. If Tripwire is configured to send reports
via email, a local user could gain privileges by creating a carefully
crafted file. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-0536 to this issue.

Users of Tripwire are advised to upgrade to this erratum package which
contains a backported security patch to correct this issue. 

---------------------------------------------------------------------
Changelog:
 
7.3:
 
* Mon Oct 04 2004 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx>
2.3.1-10.1.legacy.7x
 
- Removed gcc-c++ as a BuildReq
- Downgraded version number so we don't break upgrade cycle to fc1
 
* Tue Jun 15 2004 Jesse Keating <jkeating@xxxxxxxxxxxxxxx>
2.3.1-20.legacy.7x
 
- Added gcc-c++ as a BuildReq
- Changed version number to allow for 7.x to bump w/out touching 9
 
* Fri Jun 04 2004 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx>
2.3.1-18.legacy
 
- Added patch for format string vulnerability (FL #1719)
 
9:
 
* Sat Oct 09 2004 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx>
2.3.1-17.2.legacy.9
 
- Removed duplicate Patch4 entry
 
* Mon Oct 04 2004 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx>
2.3.1-17.1.legacy.9
 
- Removed gcc-c++ BuildRequires
- Downgraded release number so we don't break the upgrade cycle to fc1
 
* Tue Jun 15 2004 Jesse Keating <jkeating@xxxxxxxxxxxxxxx>
2.3.1-20.legacy.9
 
- Added gcc-c++
- Altered version for 7.x/9 independence.
 
* Fri Jun 04 2004 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx>
2.3.1-19.legacy
 
- Added patch for format string vulnerability (FL #1719)

---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedoralegacy.org/redhat/
 
1b2a8875e86492065f53db69d04de4a452fb1c5f 
7.3/updates-testing/i386/tripwire-2.3.1-10.1.legacy.7x.i386.rpm
3d1d0f2a2b4b27c1e5d3b05dbea78d95c70ddcc2 
7.3/updates-testing/SRPMS/tripwire-2.3.1-10.1.legacy.7x.src.rpm
cdc032af7c3fa3cfbe153c85a0044bdbbb6326b5 
9/updates-testing/i386/tripwire-2.3.1-17.2.legacy.9.i386.rpm
263704b1799204e8ee98b4329cddf7b492d8fff2 
9/updates-testing/SRPMS/tripwire-2.3.1-17.2.legacy.9.src.rpm

Please note that this update is also available via yum and apt through
the updates-testing channel.  Many people find this an easier
way to apply updates.
---------------------------------------------------------------------

Please test these new packages and add comments to Bugzilla.

Attachment: signature.asc
Description: This is a digitally signed message part

--

fedora-legacy-list@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-legacy-list

[Index of Archives]     [Fedora Development]     [Fedora Announce]     [Fedora Legacy Announce]     [Fedora Config]     [PAM]     [Fedora General Discussion]     [Big List of Linux Books]     [Gimp]     [Yosemite Questions]

  Powered by Linux