Fedora Legacy Test Update Notification: tripwire
Marc Deslauriers
marcdeslauriers at videotron.ca
Mon Oct 4 03:43:38 UTC 2004
New packages were released with a downgraded release number in order
to preserve the upgrade cycle to Fedora Core 1.
---------------------------------------------------------------------
Fedora Test Update Notification
FEDORA-2004-1719
Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=1719
2004-10-04
---------------------------------------------------------------------
Name : tripwire
Version 7.3 : 2.3.1-10.1.legacy.7x
Version 9 : 2.3.1-17.1.legacy.9
Summary : A system integrity assessment tool.
Description :
Tripwire is a very valuable security tool for Linux systems, if it is
installed to a clean system. Tripwire should be installed right after
the OS installation, and before you have connected your system to a
network (i.e., before any possibility exists that someone could alter
files on your system).
---------------------------------------------------------------------
Update Information:
Updated Tripwire packages that fix a format string security
vulnerability are now available.
Tripwire is a system integrity assessment tool.
Paul Herman discovered a format string vulnerability in Tripwire
version 2.3.1 and earlier. If Tripwire is configured to send reports
via email, a local user could gain privileges by creating a carefully
crafted file. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-0536 to this issue.
Users of Tripwire are advised to upgrade to this erratum package which
contains a backported security patch to correct this issue.
---------------------------------------------------------------------
Changelog:
7.3:
* Mon Oct 04 2004 Marc Deslauriers <marcdeslauriers at videotron.ca>
2.3.1-10.1.legacy.7x
- Removed gcc-c++ as a BuildReq
- Downgraded version number so we don't break upgrade cycle to fc1
* Tue Jun 15 2004 Jesse Keating <jkeating at j2solutions.net>
2.3.1-20.legacy.7x
- Added gcc-c++ as a BuildReq
- Changed version number to allow for 7.x to bump w/out touching 9
* Fri Jun 04 2004 Marc Deslauriers <marcdeslauriers at videotron.ca>
2.3.1-18.legacy
- Added patch for format string vulnerability (FL #1719)
9:
* Mon Oct 04 2004 Marc Deslauriers <marcdeslauriers at videotron.ca>
2.3.1-17.1.legacy.9
- Removed gcc-c++ BuildRequires
- Downgraded release number so we don't break the upgrade cycle to fc1
* Tue Jun 15 2004 Jesse Keating <jkeating at j2solutions.net>
2.3.1-20.legacy.9
- Added gcc-c++
- Altered version for 7.x/9 independence.
* Fri Jun 04 2004 Marc Deslauriers <marcdeslauriers at videotron.ca>
2.3.1-19.legacy
- Added patch for format string vulnerability (FL #1719)
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedoralegacy.org/redhat/
1b2a8875e86492065f53db69d04de4a452fb1c5f
7.3/updates-testing/i386/tripwire-2.3.1-10.1.legacy.7x.i386.rpm
3d1d0f2a2b4b27c1e5d3b05dbea78d95c70ddcc2
7.3/updates-testing/SRPMS/tripwire-2.3.1-10.1.legacy.7x.src.rpm
0ef679e248881f02452b5ab4c7f58cd6e603a30e
9/updates-testing/i386/tripwire-2.3.1-17.1.legacy.9.i386.rpm
6e62d981a2ffe149196af4b35b8d1962f76dc367
9/updates-testing/SRPMS/tripwire-2.3.1-17.1.legacy.9.src.rpm
Please note that this update is also available via yum and apt through
the updates-testing channel. Many people find this an easier
way to apply updates.
---------------------------------------------------------------------
Please test these new packages and add comments to Bugzilla.
More information about the fedora-legacy-list
mailing list