Bug#740169: Long outdated and unsupported version of rkhunter included in squeeze

Daniel Minder daniel.minder at uni-due.de
Wed Feb 26 14:23:50 UTC 2014

Package: rkhunter
Version: 1.3.6-4
Severity: normal

Since Feb 25th rkhunter displays warnings that http://rkhunter.sourceforge.net/1.3/i18n/1.3.6/i18n.ver could not be found. I filed a bug report on http://sourceforge.net/p/rkhunter/bugs/106/ and the developer replied that rkhunter 1.3.6 is from 2009 and obsolete since long time and last patches are from 2010.

In fact, when squeeze was released in Feb 2011, rkhunter 1.3.8 was out which obsoletes all previous versions. Although Debian might have patched rkhunter 1.3.6 afterwards to include fixes from later versions rkhunter updates some files online. For this reason, sticking to old versions of rkhunter in oldstable works only for a limited time.

Thus, as long as squeeze is still maintained rkhunter should be upgraded in order to avoid problems for users.

-- System Information:
Debian Release: 6.0.9
  APT prefers oldstable-updates
  APT policy: (500, 'oldstable-updates'), (500, 'oldstable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/16 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages rkhunter depends on:
ii  binutils               2.20.1-16         The GNU assembler, linker and bina
ii  debconf [debconf-2.0]          Debian configuration management sy
ii  file                   5.04-5+squeeze3   Determines file type using "magic"
ii  net-tools              1.60-23           The NET-3 networking toolkit
ii  perl                   5.10.1-17squeeze6 Larry Wall's Practical Extraction 
ii  postfix [mail-transpor 2.7.1-1+squeeze1  High-performance mail transport ag

Versions of packages rkhunter recommends:
ii  curl                 7.21.0-2.1+squeeze7 Get a file from an HTTP, HTTPS or 
ii  iproute              20100519-3          networking and traffic control too
ii  lsof                 4.81.dfsg.1-1       List open files
ii  perl [libdigest-sha- 5.10.1-17squeeze6   Larry Wall's Practical Extraction 
ii  unhide               20100201-1          Forensic tool to find hidden proce
ii  wget                 1.12-2.1            retrieves files from the web

Versions of packages rkhunter suggests:
ii  bsd-mailx          8.1.2-0.20100314cvs-1 simple mail user agent
pn  tripwire           <none>                (no description available)

-- Configuration Files:
/etc/rkhunter.conf changed [not included]

-- debconf information excluded

More information about the forensics-devel mailing list