[UCI-Linux] [SECURITY] Fedora Core 4 Update: sysreport-1.4.1-5

Mike Iglesias iglesias at draco.acs.uci.edu
Thu Nov 10 10:35:32 PST 2005

From: "Than Ngo" <than at redhat.com>
To: fedora-announce-list at redhat.com
Date: Thu, 10 Nov 2005 12:21:23 -0500
Subject: [SECURITY] Fedora Core 4 Update: sysreport-1.4.1-5

Fedora Update Notification

Product     : Fedora Core 4
Name        : sysreport
Version     : 1.4.1                      
Release     : 5                  
Summary     : Gathers system hardware and configuration information.
Description :
Sysreport is a utility that gathers information about a system's
hardware and configuration. The information can then be used for
diagnostic purposes and debugging. Sysreport is commonly used to help
support technicians and developers by providing a "snapshot" of a
system's current layout.

Update Information:

It is possible for a local attacker to cause a race
condition and trick sysreport into writing its output to a
directory the attacker can read.

The new sysreport fixes this security issue
* Tue Jul 12 2005 Than Ngo <than at redhat.com> 1.4.1-5
- security fix #162978, CAN-2005-2104

* Fri Jun 17 2005 Than Ngo <than at redhat.com> 1.4.1-4
- fix datestamp

* Tue Jun 14 2005 Than Ngo <than at redhat.com> 1.4.1-3
- don't include sensitive data #159502
- exim/nis/cluster/inittab/maillog/shell/ipcs/nscd/udev

This update can be downloaded from:

12a5bea3478280e753817be123909ef1  SRPMS/sysreport-1.4.1-5.src.rpm
817347be8397066f39154f558348c626  x86_64/sysreport-1.4.1-5.noarch.rpm
817347be8397066f39154f558348c626  i386/sysreport-1.4.1-5.noarch.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.  

fedora-announce-list mailing list
fedora-announce-list at redhat.com

More information about the UCI-Linux mailing list