[UCI-Linux] [SECURITY] Fedora Core 3 Update: sysreport-1.3.13-2

Mike Iglesias iglesias at draco.acs.uci.edu
Thu Nov 10 10:35:33 PST 2005

From: "Than Ngo" <than at redhat.com>
To: fedora-announce-list at redhat.com
Date: Thu, 10 Nov 2005 12:21:32 -0500
Subject: [SECURITY] Fedora Core 3 Update: sysreport-1.3.13-2

Fedora Update Notification

Product     : Fedora Core 3
Name        : sysreport
Version     : 1.3.13                      
Release     : 2                  
Summary     : Gathers system hardware and configuration information.
Description :
Sysreport is a utility that gathers information about a system's
hardware and configuration. The information can then be used for
diagnostic purposes and debugging. Sysreport is commonly used to help
support technicians and developers by providing a "snapshot" of a
system's current layout.

Update Information:

It is possible for a local attacker to cause a race
condition and trick sysreport into writing its output to a
directory the attacker can read.

The new sysreport fixes this security issue
* Tue Jul 12 2005 Than Ngo <than at redhat.com> 1.3.13-2
- security fix #162978, CAN-2005-2104
- don't include sensitive data #159502

This update can be downloaded from:

8dabc05d02dd5de023b4ddc2a2a14efd  SRPMS/sysreport-1.3.13-2.src.rpm
bd236adf3d6272adbc4167e29ce713f5  x86_64/sysreport-1.3.13-2.noarch.rpm
bd236adf3d6272adbc4167e29ce713f5  i386/sysreport-1.3.13-2.noarch.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.  

fedora-announce-list mailing list
fedora-announce-list at redhat.com

More information about the UCI-Linux mailing list