| Summary: | rkhunter new security issue CVE-2017-7480 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | davidwhodgins, dvgevers, herman.viaene, lewyssmith, marja11, sysadmin-bugs |
| Version: | 5 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA5-32-OK | ||
| Source RPM: | rkhunter-1.4.0-9.mga6.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2017-07-01 20:03:05 CEST
David Walser
2017-07-01 20:03:18 CEST
Whiteboard:
(none) =>
MGA5TOO Assigning to the registered maintainer. CC:
(none) =>
marja11 If this is a security risk, why not with automatic downloading by microcode_ctl via cron every month ??? CC:
(none) =>
dvgevers (In reply to Dick Gevers from comment #2) > If this is a security risk, why not with automatic downloading by > microcode_ctl via cron every month ??? That very well may be too. Cron disabled in the Mageia 6 package, but included as documentation. Version:
Cauldron =>
5 Upstream has released version 1.4.4 on June 29: http://rkhunter.cvs.sourceforge.net/viewvc/rkhunter/rkhunter/files/CHANGELOG It lists a change related to this: - Tighten up the input verification check on the mirror file to ensure that only URL's are used as a mirror. (CVE-2017-7480) We could consider shipping an update to this version. This package no longer has a maintainer. Assignee:
remco =>
pkg-bugs This package could still use an update, but just disabling the cron job for now. Advisory: ======================== Updated rkhunter package fixes security vulnerability: The rkhunter package has been updated to disable by default an insecure cron job. The script is now included with the package as documentation. See the README.urpmi file for more information. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7480 http://openwall.com/lists/oss-security/2017/06/29/2 ======================== Updated packages in core/updates_testing: ======================== rkhunter-1.4.0-7.1.mga5 from rkhunter-1.4.0-7.1.mga5.src.rpm Assignee:
pkg-bugs =>
qa-bugs
Dave Hodgins
2017-12-31 13:00:52 CET
CC:
(none) =>
davidwhodgins MGA5-32 on Dell Latitude D600 Xfce
No installation issues
at CLI
# rkhunter -h
Usage: rkhunter {--check | --unlock | --update | --versioncheck |
--propupd [{filename | directory | package name},...] |
--list [{tests | {lang | languages} | rootkits | perl | propfiles}] |
--config-check | --version | --help} [options]
Current options are:
--append-log Append to the logfile, do not overwrite
etc ...
# rkhunter -C
no feedback supposes config is allright.
# rkhunter -c
[ Rootkit Hunter version 1.4.0 ]
Checking system commands...
Performing 'strings' command checks
Checking 'strings' command [ OK ]
Performing 'shared libraries' checks
Checking for preloading variables [ None found ]
and loads of None found and OK, except for
/usr/sbin/unhide [ Warning ]
/usr/sbin/unhide-tcp [ Warning ]
/usr/sbin/unhide-linux [ Warning ]
that is a dependency package for rkhunter, freshly installed (not in its .dat file)
and
Checking for hidden files and directories [ Warning ]
but that is about /etc/.update which seems OK
Good to go.Whiteboard:
(none) =>
MGA5-32-OK
Lewis Smith
2018-01-03 10:46:12 CET
Keywords:
(none) =>
validated_update An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0029.html Resolution:
(none) =>
FIXED |