- --------------------------------------------------------------------------
Debian-Edu/Skolelinux Security Advisory DESA 2006-002
http://www.skolelinux.org/security/                       Finn-Arne Johansen 
January 28th, 2005              debian-edu-security@lists.alioth.debian.org
- --------------------------------------------------------------------------

Package             : rdiff-backup
Vulnerability       : normal users may break backup
Need reboot         : no
Debian-Edu-specific : yes

We've found that normal users may break slbackup by creating a directory with some files in it, wait for the backup to run, and then removing the file/directory again. This might be done on purpose, or as we have experienced by bad luck. unfortunatly, This is only noticed if the backup logs of slbackup is carefully examined, since it's possible to have more than one host backed up with slbackup, and you have to examin every host backed up. 

We recommend that you use version 1.0.3-0.skolelinux.2


Upgrade Instructions
- --------------------

Make sure the line

  deb http://ftp.skolelinux.no/skolelinux woody local

is present in your /etc/apt/sources.list and run 'apt-get update' to
update your package lists. Then run

  'apt-get install rdiff-backup'

- --------------------------------------------------------------------------
Mailing lists: bruker@skolelinux.no, debian-edu@lists.debian.org,
               linuxiskolen@skolelinux.no, user@skolelinux.de,
               admin-discuss@skolelinux.org
Package info: `apt-cache show <pkg>'