Fedora Linux 8524 Published by

A new update is available for Fedora Core - [SECURITY] Fedora Core 4 Update: sysreport-1.4.1-5. Here the announcement:



Fedora Update Notification
FEDORA-2005-1071
2005-11-10
---------------------------------------------------------------------

Product : Fedora Core 4
Name : sysreport
Version : 1.4.1
Release : 5
Summary : Gathers system hardware and configuration information.
Description :
Sysreport is a utility that gathers information about a system's
hardware and configuration. The information can then be used for
diagnostic purposes and debugging. Sysreport is commonly used to help
support technicians and developers by providing a "snapshot" of a
system's current layout.

---------------------------------------------------------------------
Update Information:

It is possible for a local attacker to cause a race
condition and trick sysreport into writing its output to a
directory the attacker can read.

The new sysreport fixes this security issue
---------------------------------------------------------------------
* Tue Jul 12 2005 Than Ngo <than@redhat.com> 1.4.1-5
- security fix #162978, CAN-2005-2104

* Fri Jun 17 2005 Than Ngo <than@redhat.com> 1.4.1-4
- fix datestamp

* Tue Jun 14 2005 Than Ngo <than@redhat.com> 1.4.1-3
- don't include sensitive data #159502
- exim/nis/cluster/inittab/maillog/shell/ipcs/nscd/udev


---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/

12a5bea3478280e753817be123909ef1 SRPMS/sysreport-1.4.1-5.src.rpm
817347be8397066f39154f558348c626 x86_64/sysreport-1.4.1-5.noarch.rpm
817347be8397066f39154f558348c626 i386/sysreport-1.4.1-5.noarch.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.