...
 
Commits (1)
rkhunter (1.4.0-1+deb7u1) wheezy-security; urgency=high
* Disable remote updates to fix CVE-2017-7480 and prevent bugs like
it in the future (closes: #765895, #866677)
-- Francois Marier <francois@debian.org> Tue, 11 Jul 2017 20:17:08 -0700
rkhunter (1.4.0-1) unstable; urgency=low
* New upstream release
......
Description: Disable all remote updates
Author: Christoph Anton Mitterer <calestyo@scientia.net>
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765895
Forwarded: not-needed
Last-Update: 2017-07-05
--- a/files/rkhunter.conf
+++ b/files/rkhunter.conf
@@ -58,7 +58,7 @@ ROTATE_MIRRORS=1
# If this option is set to 0, the mirrors file can only be updated
# manually. This may be useful if only using local mirrors.
#
-UPDATE_MIRRORS=1
+UPDATE_MIRRORS=0
#
# The MIRRORS_MODE option tells rkhunter which mirrors are to be
@@ -71,7 +71,7 @@ UPDATE_MIRRORS=1
# Local and remote mirrors can be defined in the mirrors file
# by using the 'local=' and 'remote=' keywords respectively.
#
-MIRRORS_MODE=0
+MIRRORS_MODE=1
#
# Email a message to this address if a warning is found when the
@@ -149,7 +149,7 @@ MAIL_CMD=mail -s "[rkhunter] Warnings found for ${HOST_NAME}"
# language, specified above, and the English (en) language file will
# always be updated regardless of this option.
#
-UPDATE_LANG=""
+UPDATE_LANG="en"
#
# Specify the log file pathname.
@@ -891,7 +891,7 @@ SUSPSCAN_THRESH=200
#
# WEB_CMD="ftp -o -"
#
-#WEB_CMD=""
+WEB_CMD="/bin/false"
#
# Set the following option to 0 if you do not want to receive a warning if
05_custom_conffile.diff
06_disable-updates.diff
10_fix-man.diff
15_remove-empty-dir.diff