2009/11/30 Kevin Fenzi <kevin@xxxxxxxxx>: > On Mon, 30 Nov 2009 10:09:26 +0100 > François Patte <francois.patte@xxxxxxxxxxxxxxxxxxxx> wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Bonjour, >> >> I updated my f10 this week-end (last update before f10 >> desappearing...) and today rkhunter sends these warnings: >> >> Warning: Application 'exim', version '4.69', is out of date, and >> possibly a security risk. >> Warning: Application 'gpg', version '1.4.9', is out of date, and >> possibly a security risk. >> Warning: Application 'httpd', version '2.2.11', is out of date, and >> possibly a security risk. >> Warning: Application 'named', version '9.5.2', is out of date, and >> possibly a security risk. >> Warning: Application 'openssl', version '0.9.8g', is out of date, and >> possibly a security risk. >> Warning: Application 'php', version '5.2.9', is out of date, and >> possibly a security risk. >> Warning: Application 'sshd', version '5.1p1', is out of date, and >> possibly a security risk. >> >> >> ??? What can I do else? Upgrade to f12? I don't want to do this now. >> Are f10 packages so obsolete? > > Disable the application checks. I am going to likely push out a new > rkhunter package that does this soon. > > The problem is that upstream pushes out a dat file with the versions of > those packages that are up to date and proof against known security > issues. Fedora often backports fixes for stable releases, so the > version isn't very good as an indicator when you are safe or not. That's good info. I had a customer today who suddenly got these warnings from his rkhunter install (on RHEL) - so I'm guessing this is a recent dat file upgrade. I might tell him to disable the application checks too ;o) -- Sam -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
