Fedora 31: ocsinventory-agent FEDORA-2020-4c8a066b83

    Date 16 Jan 2020
    374
    Posted By LinuxSecurity Advisories
    Per Upstream, a malicious CA could result in unexpected inventory access with the System CA patch. The risk is very low. That patch is now dropped.
    --------------------------------------------------------------------------------
    Fedora Update Notification
    FEDORA-2020-4c8a066b83
    2020-01-16 19:15:48.104563
    --------------------------------------------------------------------------------
    
    Name        : ocsinventory-agent
    Product     : Fedora 31
    Version     : 2.6.0
    Release     : 3.2.fc31
    URL         : https://www.ocsinventory-ng.org/
    Summary     : Open Computer and Software Inventory Next Generation client
    Description :
    Open Computer and Software Inventory Next Generation is an application
    designed to help a network or system administrator keep track of computer
    configuration and software installed on the network.
    
    It also allows deploying software, commands or files on Windows and
    Linux client computers.
    
    ocsinventory-agent provides the client for Linux (Unified Unix Agent).
    
    --------------------------------------------------------------------------------
    Update Information:
    
    Per Upstream, a malicious CA could result in unexpected inventory access with
    the System CA patch.  The risk is very low. That patch is now dropped.
    --------------------------------------------------------------------------------
    ChangeLog:
    
    * Mon Jan  6 2020 Pat Riehecky  - 2.6.0-3.2
    - More cleanup UTF8 parse
    - Smarter use of local CA list
    * Fri Dec 27 2019 Pat Riehecky  - 2.6.0-3.1
    - Cleanup UTF8 parse
    - drop system CA list, keep local CA list
    * Wed Dec 18 2019 Pat Riehecky  - 2.6.0-3
    - Use system CA certs if no custom client CA set
    * Tue Dec  3 2019 Pat Riehecky  - 2.6.0-2.1
    - Backport a few patches from upstream
    * Thu Aug 15 2019 Pat Riehecky  - 2.6.0-2
    - Return to Fedora
    - Use systemd timers rather than cron for regular runs
    - Add a handful of possible timers users might want
    * Mon May 20 2019 Philippe Beaumont  - 2.6.0-1
    - Update to 2.6.0
    * Mon Dec 31 2018 Philippe Beaumont  - 2.4.2-3
    - Remove Module::Install as dependancy
    * Mon Dec 24 2018 Philippe Beaumont  - 2.4.2-2
    - Add core agent
    * Tue Jul 31 2018 Philippe Beaumont  - 2.4.2-1
    - Update to 2.4.2
    * Sun Feb 11 2018 Philippe Beaumont  - 2.4.0-1
    - Update to 2.4.0
    * Mon Jan 15 2018 Philippe Beaumont  - 2.3.0-2
    - Add SSL dependancies
    --------------------------------------------------------------------------------
    References:
    
      [ 1 ] Bug #1786712 - Failed to load Ocsinventory::Agent, Global symbol "$self" requires explicit package name
            https://bugzilla.redhat.com/show_bug.cgi?id=1786712
    --------------------------------------------------------------------------------
    
    This update can be installed with the "dnf" update program. Use
    su -c 'dnf upgrade --advisory FEDORA-2020-4c8a066b83' at the command
    line. For more information, refer to the dnf documentation available at
    https://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
    
    All packages are signed with the Fedora Project GPG key. More details on the
    GPG keys used by the Fedora Project can be found at
    https://fedoraproject.org/keys
    --------------------------------------------------------------------------------
    _______________________________________________
    package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it.
    To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it.
    Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
    List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
    List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it.
    

    LinuxSecurity Poll

    If you are using full-disk encryption: are you concerned about the resulting performance hit?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /main-polls/34-if-you-are-using-full-disk-encryption-are-you-concerned-about-the-resulting-performance-hit?task=poll.vote&format=json
    34
    radio
    [{"id":"120","title":"Yes","votes":"13","type":"x","order":"1","pct":61.9,"resources":[]},{"id":"121","title":"No ","votes":"8","type":"x","order":"2","pct":38.1,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
    bottom 200

    Advisories

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.