[cbi-announce] SECURITY: cbi-package-config updates
| From: | Ben Liblit <liblit@xxxxxxxxxxx> |
|---|---|
| Date: | Sun, 22 Oct 2006 23:46:39 -0500 |
I have just posted cbi-package-config-*-4 for use with Fedora Core 4 and
5. Releases prior to this one contained a security bug that lets
unprivileged local users alter the RPM repository configuration. Please
upgrade immediately:
<http://www.cs.wisc.edu/cbi/downloads/rpm/fedora-4-i386/RPMS.tools/cbi-package-config-4-4.i386.rpm> <http://www.cs.wisc.edu/cbi/downloads/rpm/fedora-5-i386/RPMS.tools/cbi-package-config-5-4.i386.rpm>For additional reassurance, you may want to verify that the upgraded package's files are correct *after* upgrading:
% su # rpm --verify cbi-package-configI apologize for this inconvenience, and sheepishly point out that this is the first security error to arise in CBI's history.
-- Ben