Fedora Test Update Notification: tripwire

Thu Jun 17 03:55:50 UTC 2004

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
Fedora Test Update Notification
FEDORA-2004-1719
Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=1719
2004-06-16
- ---------------------------------------------------------------------

Name        : tripwire
Version 7.3 : 2.3.1-20.legacy.7x
Version 9   : 2.3.1-20.legacy.9
Summary     : A system integrity assessment tool.
Description :
Tripwire is a very valuable security tool for Linux systems, if it is
installed to a clean system. Tripwire should be installed right after
the OS installation, and before you have connected your system to a
network (i.e., before any possibility exists that someone could alter
files on your system).

When Tripwire is initially set up, it creates a database that records
certain file information. Then when it is run, it compares a
designated set of files and directories to the information stored in
the database. Added or deleted files are flagged and reported, as are
any files that have changed from their previously recorded state in
the database. When Tripwire is run against system files on a regular
basis, any file changes will be spotted when Tripwire is run.
Tripwire will report the changes, which will give system
administrators a clue that they need to enact damage control measures
immediately if certain files have been altered.

After installing this package, run /etc/tripwire/twinstall.sh to
generate cryptographic keys and run tripwire --init to initialize the
database.

- ---------------------------------------------------------------------
Update Information:

http://www.securityfocus.com/archive/1/365036/2004-06-01/2004-06-07/2 :
Tripwire(tm) is a Security, Intrusion Detection, Damage Assessment
and Recovery, Forensics software.

A vulnerability in the product allows a user on the local machine
under certain circumstances to execute arbitrary code with the
rights of the user running the program (typically root).
- ---------------------------------------------------------------------
Changelog:

7.3:

* Tue Jun 15 2004 Jesse Keating <jkeating at j2solutions.net> 
2.3.1-20.legacy.7x

- - Added gcc-c++ as a BuildReq
- - Changed version number to allow for 7.x to bump w/out touching 9

* Fri Jun 04 2004 Marc Deslauriers <marcdeslauriers at videotron.ca> 
2.3.1-18.legacy

- - Added patch for format string vulnerability (FL #1719)

9:

 * Tue Jun 15 2004 Jesse Keating <jkeating at j2solutions.net> 
2.3.1-20.legacy.9

- - Added gcc-c++
- - Altered version for 7.x/9 independence.

* Fri Jun 04 2004 Marc Deslauriers <marcdeslauriers at videotron.ca> 
2.3.1-19.legacy

- - Added patch for format string vulnerability (FL #1719)

- ---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedoralegacy.org/redhat/

b266219a8b7d05e35e2dba5c7a33bb15d518f7ad  
7.3/updates-testing/SRPMS/tripwire-2.3.1-20.legacy.7x.src.rpm
e7649912f208a73276c16cffcb4dfb19e23bad9c  
7.3/updates-testing/i386/tripwire-2.3.1-20.legacy.7x.i386.rpm

c65f628b723c3280d2cce0484ba5e8163081e1e8  
9/updates-testing/SRPMS/tripwire-2.3.1-20.legacy.9.src.rpm
321d6537458ef99779be8f5377ea94695c6e1b5f  
9/updates-testing/i386/tripwire-2.3.1-20.legacy.9.i386.rpm

Please note that this update is also available via yum and apt through
the updates-testing channel.  Many people find this an easier
way to apply updates.
- ---------------------------------------------------------------------

- -- 
Jesse Keating RHCE	(http://geek.j2solutions.net)
Fedora Legacy Team	(http://www.fedoralegacy.org)
GPG Public Key		(http://geek.j2solutions.net/jkeating.j2solutions.pub)

Was I helpful?  Let others know:
 http://svcs.affero.net/rm.php?r=jkeating
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFA0RZG4v2HLvE71NURAqS1AKCnnxwgsO+BQCt5tQXo6amvs+ItSgCgjsNO
nGSlPD0Oca2/FTu6H51Bl3I=
=abiM
-----END PGP SIGNATURE-----