[SECURITY] Fedora 20 Update: lynis-1.5.6-1.fc20

updates at fedoraproject.org updates at fedoraproject.org
Tue Jun 17 23:32:18 UTC 2014 

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2014-7400
2014-06-16 22:26:24
--------------------------------------------------------------------------------

Name        : lynis
Product     : Fedora 20
Version     : 1.5.6
Release     : 1.fc20
URL         : http://cisofy.com/lynis/
Summary     : Security and system auditing tool
Description :
Lynis is an auditing and hardening tool for Unix/Linux and you might even call
it a compliance tool. It scans the system and installed software. Then it
performs many individual security control checks. It determines the hardening
state of the machine, detects security issues and provides suggestions to
improve the security defense of the system.

--------------------------------------------------------------------------------
Update Information:

== 1.5.6 (2014-06-12) ==

New:
- Test for PHP binary and PHP version
- Don't perform register_global test for systems running PHP 5.4.0 and later [PHP-2368]
- Debug function (can be activated via --debug or profile)

Changes:
- Extended IsRunning function
- Removed suggestion from secure shell test [SHLL-6202]
- Check for idle session handlers [SHLL-6220]
- Also check for apache2 binary (file instead of directory)
- New report values: session_timeout_enabled and session_timeout_method
- New report value for plugins: plugins_enabled
- Fixed test to determine active TCP sessions on Linux [NETW-3012]

== 1.5.5 (2014-06-08) ==

New:
- Check for nginx access logging [HTTP-6712]
- Check for missing error logs in nginx [HTTP-6714]
- Check for debug mode in nginx [HTTP-6716]

Changes:
- Extended SSL test for nginx when using listen statements
- Allow debugging via profile (config:debug:yes)
- Check if discovered httpd file is actually a file
- Improved temporary file creation related to security notice
- Adjustments to screen output

Security Note:
This releases solves two issues regarding the usage of temporary
files (predictability of the file names). You are advised to upgrade to this version as soon as possible. For more information see the our blog post: http://linux-audit.com/lynis-security-notice-154-and-older/

== 1.5.4 (2014-06-04) ==

New:
- Check additional configuration files for nginx [HTTP-6706]
- Analysis of nginx settings [HTTP-6708]
- New test for SSL configuration of nginx [HTTP-6710]

Changes:
- Altered SMBD version check for Mac OS
- Small adjustments to report for readability
--------------------------------------------------------------------------------
ChangeLog:

* Mon Jun 16 2014 Christopher Meng <rpm at cicku.me> - 1.5.6-1
- Update to 1.5.6
* Sat Jun  7 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.5.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Wed May 21 2014 Christopher Meng <rpm at cicku.me> - 1.5.3-1
- Update to 1.5.3
* Fri Apr 11 2014 Christopher Meng <rpm at cicku.me> - 1.5.0-1
- Update to 1.5.0
* Sat Mar  8 2014 Christopher Meng <rpm at cicku.me> - 1.4.4-1
- Update to 1.4.4
* Thu Feb 27 2014 Christopher Meng <rpm at cicku.me> - 1.4.3-1
- Update to 1.4.3
* Fri Feb 21 2014 Christopher Meng <rpm at cicku.me> - 1.4.2-1
- Update to 1.4.2
* Wed Feb 19 2014 Christopher Meng <rpm at cicku.me> - 1.4.1-1
- Update to 1.4.1
* Fri Feb  7 2014 Christopher Meng <rpm at cicku.me> - 1.4.0-1
- Update to 1.4.0
* Fri Jan 10 2014 Christopher Meng <rpm at cicku.me> - 1.3.9-1
- Update to 1.3.9
* Sat Dec 28 2013 Christopher Meng <rpm at cicku.me> - 1.3.8-1
- Update to 1.3.8
* Thu Dec 12 2013 Christopher Meng <rpm at cicku.me> - 1.3.7-1
- Update to 1.3.7
* Wed Dec  4 2013 Christopher Meng <rpm at cicku.me> - 1.3.6-1
- Update to 1.3.6
* Tue Nov 26 2013 Christopher Meng <rpm at cicku.me> - 1.3.5-1
- Update to 1.3.5
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1104999 - CVE-2014-3982 CVE-2014-3986 lynis: insecure temporary file issues leading to privilege escalation
        https://bugzilla.redhat.com/show_bug.cgi?id=1104999
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use
su -c 'yum update lynis' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

More information about the package-announce mailing list