- Package name
- Advisory ID
- Affected versions
- 7.1 i586
The GNU cfengine is an abstract programming language for system administrators of large heterogeneous networks, used for maintenance and administration. There are a number of string format vulnerabilities in syslog() calls that can be abused to either make the cfengine program segfault and die or to execute arbitrary commands as the user the cfengine program runs as (usually root). The problems are fixed in this update and all Linux-Mandrake users are encouraged to upgrade.
17bec62b5b573d91e2558fe06dae91f2 7.1/RPMS/cfengine-1.5.4-5mdk.i586.rpm 4e5df3e37101bf17440e74ff1b1f6914 7.1/SRPMS/cfengine-1.5.4-5mdk.src.rpm