Package name
Advisory ID
Affected versions
7.1 i586

Problem description

The GNU cfengine is an abstract programming language for system administrators of large heterogeneous networks, used for maintenance and administration. There are a number of string format vulnerabilities in syslog() calls that can be abused to either make the cfengine program segfault and die or to execute arbitrary commands as the user the cfengine program runs as (usually root). The problems are fixed in this update and all Linux-Mandrake users are encouraged to upgrade.

Updated packages

7.1 i586

 17bec62b5b573d91e2558fe06dae91f2  7.1/RPMS/cfengine-1.5.4-5mdk.i586.rpm
4e5df3e37101bf17440e74ff1b1f6914  7.1/SRPMS/cfengine-1.5.4-5mdk.src.rpm