On Thu, 19 Aug 2004 07:01:54 +1000 (EST), Michael Mansour wrote: > Hi, > > I've recently installed RootkitHunter on my FC1/2 > machines and am concerned how it finds some vulnerable > packages. > > A standard run on FC1 produces: > > * Application version scan > - GnuPG 1.2.3 > [ Vulnerable ] > - OpenSSH 3.6.1p2 > [ Vulnerable ] -snip- Most likely it just compares the software version numbers and doesn't take into account any backported security fixes. Check the FC1/2 security advisories or read the package changelogs (rpm -q --changelog ...).
