Fedora Legacy Test Update Notification: tripwire
Marc Deslauriers
marcdeslauriers at videotron.ca
Sat Oct 9 20:06:16 UTC 2004
This release fixes a duplicate patch entry in the rh9 packages.
---------------------------------------------------------------------
Fedora Test Update Notification
FEDORA-2004-1719
Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=1719
2004-10-09
---------------------------------------------------------------------
Name : tripwire
Version 7.3 : 2.3.1-10.1.legacy.7x
Version 9 : 2.3.1-17.2.legacy.9
Summary : A system integrity assessment tool.
Description :
Tripwire is a very valuable security tool for Linux systems, if it is
installed to a clean system. Tripwire should be installed right after
the OS installation, and before you have connected your system to a
network (i.e., before any possibility exists that someone could alter
files on your system).
---------------------------------------------------------------------
Update Information:
Updated Tripwire packages that fix a format string security
vulnerability are now available.
Tripwire is a system integrity assessment tool.
Paul Herman discovered a format string vulnerability in Tripwire
version 2.3.1 and earlier. If Tripwire is configured to send reports
via email, a local user could gain privileges by creating a carefully
crafted file. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-0536 to this issue.
Users of Tripwire are advised to upgrade to this erratum package which
contains a backported security patch to correct this issue.
---------------------------------------------------------------------
Changelog:
7.3:
* Mon Oct 04 2004 Marc Deslauriers <marcdeslauriers at videotron.ca>
2.3.1-10.1.legacy.7x
- Removed gcc-c++ as a BuildReq
- Downgraded version number so we don't break upgrade cycle to fc1
* Tue Jun 15 2004 Jesse Keating <jkeating at j2solutions.net>
2.3.1-20.legacy.7x
- Added gcc-c++ as a BuildReq
- Changed version number to allow for 7.x to bump w/out touching 9
* Fri Jun 04 2004 Marc Deslauriers <marcdeslauriers at videotron.ca>
2.3.1-18.legacy
- Added patch for format string vulnerability (FL #1719)
9:
* Sat Oct 09 2004 Marc Deslauriers <marcdeslauriers at videotron.ca>
2.3.1-17.2.legacy.9
- Removed duplicate Patch4 entry
* Mon Oct 04 2004 Marc Deslauriers <marcdeslauriers at videotron.ca>
2.3.1-17.1.legacy.9
- Removed gcc-c++ BuildRequires
- Downgraded release number so we don't break the upgrade cycle to fc1
* Tue Jun 15 2004 Jesse Keating <jkeating at j2solutions.net>
2.3.1-20.legacy.9
- Added gcc-c++
- Altered version for 7.x/9 independence.
* Fri Jun 04 2004 Marc Deslauriers <marcdeslauriers at videotron.ca>
2.3.1-19.legacy
- Added patch for format string vulnerability (FL #1719)
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedoralegacy.org/redhat/
1b2a8875e86492065f53db69d04de4a452fb1c5f
7.3/updates-testing/i386/tripwire-2.3.1-10.1.legacy.7x.i386.rpm
3d1d0f2a2b4b27c1e5d3b05dbea78d95c70ddcc2
7.3/updates-testing/SRPMS/tripwire-2.3.1-10.1.legacy.7x.src.rpm
cdc032af7c3fa3cfbe153c85a0044bdbbb6326b5
9/updates-testing/i386/tripwire-2.3.1-17.2.legacy.9.i386.rpm
263704b1799204e8ee98b4329cddf7b492d8fff2
9/updates-testing/SRPMS/tripwire-2.3.1-17.2.legacy.9.src.rpm
Please note that this update is also available via yum and apt through
the updates-testing channel. Many people find this an easier
way to apply updates.
---------------------------------------------------------------------
Please test these new packages and add comments to Bugzilla.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-legacy-list/attachments/20041009/aaab100e/attachment.sig>
More information about the fedora-legacy-list
mailing list