LWN.net Logo

Advertisement

TrustCommerce

E-Commerce & credit card processing - the Open Source way!

Advertise here

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for July 2, 2009

RealtimeKit and the audio problem

VFAT patent avoidance and patent workarounds

LWN.net Weekly Edition for June 25, 2009

Apache attacked by a "slow loris"

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

Fedora alert FEDORA-2008-7667 (initscripts)



From:
    	      updates@fedoraproject.org


To:
    	      fedora-package-announce@redhat.com


Subject:
    	      [SECURITY] Fedora 9 Update: initscripts-8.76.3-1


Date:
    	      Thu, 25 Sep 2008 00:15:02 +0000


Message-ID:
    	      <20080925001502.43BE8208DBE@bastion.fedora.phx.redhat.com>


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2008-7667
2008-09-24 12:34:39
--------------------------------------------------------------------------------

Name        : initscripts
Product     : Fedora 9
Version     : 8.76.3
Release     : 1
URL         : []
Summary     : The inittab file and the /etc/init.d scripts
Description :
The initscripts package contains the basic system scripts used to boot
your Red Hat or Fedora system, change runlevels, and shut the system down
cleanly.  Initscripts also contains the scripts that activate and
deactivate most network interfaces.

--------------------------------------------------------------------------------
Update Information:

This update fixes an issue (CVE-2008-3524) where a malicious user could cause
system files to be removed on startup. It also fixes a bug when running on pre-
Fedora-9 kernels, and cleans up some extraneous error messages.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Aug 29 2008 Bill Nottingham <notting@redhat.com> - 8.76.3-1
- rc.sysinit: Don't use -L in find (#458652, #458504, CVE-2008-3524)
- fix clock rules to properly handle old-style RTC devices (#447019)
- rc.sysinit: ix typo, and don't restorecon on swap, etc. partitions (#448886)
* Thu May 15 2008 Bill Nottingham <notting@redhat.com> - 8.76.2-1
- Don't unmount sysfs in halt. (#446292)
* Wed May 14 2008 Peter Jones <pjones@redhat.com>
- init.d/functions: fix resolve_dm_raid() for older dmraid configs
* Wed May  7 2008 Bill Nottingham <notting@redhat.com> - 8.76.1-1
- NMDispatcher/05-netfs: fix check for default route (#445509)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #458652 - CVE-2008-3524 initscripts: possible system files removal via malicious
symlink in /var/{lock,run}
        https://bugzilla.redhat.com/show_bug.cgi?id=458652
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update initscripts' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------

_______________________________________________
Fedora-package-announce mailing list
Fedora-package-announce@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-package-ann...
(Log in to post comments)

Copyright © 2009, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds