...
 
Commits (2)
rkhunter (1.4.2-0.4+deb8u1) jessie; urgency=high
* Disable remote updates to fix CVE-2017-7480 and prevent bugs like
it in the future (closes: #765895, #866677)
-- Francois Marier <francois@debian.org> Tue, 11 Jul 2017 20:17:08 -0700
rkhunter (1.4.2-0.4) unstable; urgency=medium
* Non-maintainer upload.
......
Description: Disable all remote updates
Author: Christoph Anton Mitterer <calestyo@scientia.net>
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765895
Forwarded: not-needed
Last-Update: 2017-07-05
--- a/files/rkhunter.conf
+++ b/files/rkhunter.conf
@@ -104,7 +104,7 @@
#
# The default value is '1'.
#
-#UPDATE_MIRRORS=1
+UPDATE_MIRRORS=0
#
# The MIRRORS_MODE option tells rkhunter which mirrors are to be used when
@@ -119,7 +119,7 @@
#
# The default value is '0'.
#
-#MIRRORS_MODE=0
+MIRRORS_MODE=1
#
# Email a message to this address if a warning is found when the system is
@@ -221,7 +221,7 @@ SCRIPTDIR=/usr/share/rkhunter/scripts
# The default value is the null string, indicating that all the language files
# will be updated.
#
-#UPDATE_LANG=""
+UPDATE_LANG="en"
#
# This option specifies the log file pathname. The file will be created if it
@@ -1131,7 +1131,7 @@ SCRIPTWHITELIST=/usr/sbin/adduser
#
# This option has no default value.
#
-#WEB_CMD=""
+WEB_CMD="/bin/false"
#
# Set the following option to '1' if locking is to be used when rkhunter runs.
05_custom_conffile.diff
06_disable-updates.diff
10_fix-man.diff
15_remove-empty-dir.diff
20_fix-ipcs-language.diff