Selon Alexander Dalloz <alexander.dalloz@xxxxxxxxxxxxxxxx>: > Am Fr, den 15.10.2004 schrieb François Patte um 13:43: > > > * Application version scan > > - GnuPG 1.2.3 [ Vulnerable > ] > > - Apache 2.0.47 [ Vulnerable > ] > > - OpenSSL 0.9.7a [ Vulnerable > ] > > - PHP 4.3.3 [ Vulnerable > ] > > - OpenSSH 3.6.1p2 [ Vulnerable > ] > > > > I'm running fc1 and tried to update these soft but yum answer is that > everything > > in installed in the latest version... > > > > Are fedoralegacy mirrors not up to date or rkhunter is wrong? > > The mirrors are up to date. Besides the nonsense which rkhunter reports > - a tool which only checks version numbers is crap - there are updates: > > http://mirrors.ircam.fr/pub/fedoralegacy/legacy/fedora/1/updates/i386/gnupg-1.2.3-2.i386.rpm > http://mirrors.ircam.fr/pub/fedoralegacy/legacy/fedora/1/updates/i386/httpd-2.0.51-1.4.legacy.i386.rpm > http://mirrors.ircam.fr/pub/fedoralegacy/legacy/fedora/1/updates/i386/openssl-0.9.7a-33.10.i386.rpm > http://mirrors.ircam.fr/pub/fedoralegacy/legacy/fedora/1/updates/i386/php-4.3.8-1.1.i386.rpm > > You didn't even made it in the time when Redhat provided security > updates to keep your FC1 up2date. Think about it. Something is wrong in rkhunter: rpm -q gnupg gnupg-1.2.3-2 rpm -q httpd le paquetage httpd n'est pas installé rpm -q openssl openssl-0.9.7a-33.10 rpm -q php le paquetage php n'est pas installé rpm -q openssh openssh-3.6.1p2-19 who knows! -- François Patte Ecole française d'Extrême-Orient - Pune - Inde Université René Descartes - Paris 5 UFR de mathématiques et informatique http://www.math-info.univ-paris5.fr/~patte
