Red Hat Linux 4.1 Errata

  • Can't boot other operating systems with LILO

    Updated: 04-Feb-1997

    Problem:

    • (03-Feb-1997) An error in the Red Hat Linux/Intel 4.1 installation program does not allow you to set up LILO to boot alternate operating systems (such as MS-DOS or Microsoft Windows 95) in addition to Red Hat Linux. However, you can set up LILO to boot alternate operating systems after your Red Hat Linux system is installed.

    Note:

    • (04-Feb-1997) If you are installing Red Hat Linux on a system along with OS/2, see the various OS/2 mini-HOWTOs for information you need to be aware of.

    Solution:

    • You can set up LILO to boot another operating system in one of two ways:

      • An automated script is available which will enable LILO to boot MS-DOS in addition to Red Hat Linux:

        lilo-dos.sh

        To use the script, download it and then execute it as the root user: 

        sh lilo-dos.sh

      • If you would rather configure LILO by hand, or if you wish to boot an additional operating system other than MS-DOS (such as Microsoft Windows 95), use the following steps:

        1. Determine where your first MS-DOS (or other operating system) partition is: 
           Location                               IDE drive    SCSI drive

 first partition on first hard drive    /dev/hda1    /dev/sda1
 second partition on first harddrive    /dev/hda2    /dev/sda2
 first partition on second harddrive    /dev/hdb1    /dev/sdb1
 etc.

        2. Install Red Hat Linux as normal. Configure LILO to boot Linux from your hard drive.

        3. Reboot your machine and boot into Linux.

        4. Add the following to the end of your /etc/lilo.conf file: 
           other=/dev/XXXN
 label=dos
 table=/dev/XXX

          replacing /dev/XXXN with the partition from Step 1, and /dev/XXX with that partition with the number left off (e.g., /dev/hda). If you wish, you may change the label to suit your taste (e.g., label=win95).

        5. Run /sbin/lilo.
  • Package: ld.so-sparc

    Updated: 07-Feb-1997

    Problem:

    • (07-Feb-1997) /usr/include/dlfcn.h is missing---ld.so-sparc-1.8.3-3 fixes this.

    Solution:

  • Package: screen (Alpha)

    Updated: 14-Feb-1997

    Problem:

    • (14-Feb-1997) The screen package incorrectly depends on libcrypt; screen-3.7.1-4 fixes this.

    Solution:

  • Package: samba

    Updated: 14-Feb-1997

    Problem:

    • (14-Feb-1997) The smbtar and addsmbpass programs are missing from the package. samba-1.9.16p9-7 fixes this.
    • (14-Feb-1997) The samba daemons are not started in runlevel 5. This is fixed in samba-1.9.16p9-8.

    Solution:

  • Package: lpr

    Updated: 14-Feb-1997

    Problem:

    • (14-Feb-1997) lpd starts before named. lpr-0.14-2 fixes this.

    Solution:

  • Package: printtool

    Updated: 14-Feb-1997

    Problem:

    • (14-Feb-1997) printtool doesn't configure Epson dot-matrix printers correctly. Also, printing to SMB hosts sometimes causes erroneous output. These are fixed in printtool-3.0-14.

    Solution:

  • Hard disk install fails

    Updated: 17-Feb-1997

    Problem:

    • Installing Red Hat Linux/Intel from hard disk fails with an error message about skeleton.cgz.

    Solution:

    • Intel: Use the following supplemental disk image if you're installing from hard disk: supp.img
  • Package: adduser

    Updated: 24-Feb-1997

    Problem:

    • (18-Feb-1997) adduser-1.2 adds an extra field to /etc/shadow, which may cause problems adding passwords. This is fixed in adduser-1.3.

    Note:

    • (18-Feb-1997) If you are having trouble adding passwords to /etc/shadow due to adduser-1.2, you can run the following script to fix it:

      fix-shadow.sh

    Solution:

  • Package: apache

    Updated: 24-Feb-1997

    Problem:

    • (07-Feb-1997) Security Fix: apache-1.1.3-1 fixes some security holes in apache-1.1.1. Red Hat's default configuration for the apache httpd is not vulnerable to these holes, but systems which customize the configuration may be vulnerable.
    • (18-Feb-1997) Security Fix

    Solution:

  • Package: tetex

    Updated: 24-Feb-1997

    Problem:

    • (19-Feb-1997) tetex-0.4-7 contained errors which occurred when non-root users tried to view dvi files and fonts had to be created on-demand. The user would see an error message saying they had no permission to write the font files. tetex-0.4pl6-1 corrects file permissions to avoid this error.

    Solution:

  • Package: wu-ftpd

    Updated: 24-Feb-1997

    Problem:

    • (17-Feb-1997) Security Fix: Red Hat Linux 4.0 and Red Hat Linux 4.1 both were shipped with wu-ftpd 2.4 beta11, which has a few important security holes, and a few minor ones. These were fixed in wu-ftpd 2.4 beta12.
    • (17-Feb-1997) The ftpcount utility gave unusual output in the wu-ftpd-2.4.2b12-2 package. This has been fixed in wu-ftpd-2.4.2b12-3.
    • (19-Feb-1997) Unspecified fix.

    Solution:

  • Package: glibc (Alpha)

    Updated: 24-Feb-1997

    Problem:

    • (18-Feb-1997) glibc-0.961212-3 did not provide proper support for shadow passwords. glibc-0.961212-4 fixes this.

    Solution:

  • Package: ypbind (Alpha)

    Updated: 24-Feb-1997

    Problem:

    • (19-Feb-1997) ypbind is needed for proper NIS support on Linux/Alpha.

    Note:

    • (19-Feb-1997) Make sure to set up the /etc/nsswitch.conf configuration file appropriately (see the NIS-HOWTO for mor information).

    Solution:

  • Package: amd (Alpha)

    Updated: 26-Feb-1997

    Problem:

    • (26-Feb-1997) amd hangs during startup on some Linux/Alpha systems, causing some systems to be unable to boot.

    Note:

    • (26-Feb-1997) If you cannot get your system to boot because of this problem, add single to the end of the MILO command you are using to boot the system. This will boot your system into single-user mode without networking. From there, remove the amd package using: 
      rpm -e amd
      and reboot normally. When the system boots up in normal mode you can install the new amd package.

    Solution:

  • Install reboots while upgrading MAKEDEV (Alpha)

    Updated: 26-Feb-1997

    Problem:

    • (26-Feb-1997) Many people have seen their systems reboot immediately after installing MAKEDEV when upgrading from Red Hat 4.0/Alpha to Red Hat 4.1/en/os/alpha. The following ramdisk image should fix this problem.

    Note:

    • (26-Feb-1997) You'll need to boot from floppies in order for this to work; otherwise, the old ramdisk image will be read from the CD.

    Solution:

  • Package: jed

    Updated: 26-Feb-1997

    Problem:

    • (26-Feb-1997) jed-0.97.14-3 was missing a small bugfix from the author. Also, xjed didn't recognize the keysyms generated by the numeric keypad without NumLock on under XFree86-3.2. jed-0.97.14-4 fixes both of these problems.

    Note:

    • (26-Feb-1997) If you use jed in an xterm, the numeric keypad still may not behave under XFree86-3.2 as it did under XFree86-3.1.2. You may be able to fix this by adding the following to your ~/.Xdefaults file:

      jed-xterm.Xdefaults

    Solution:

  • Package: imap

    Updated: 03-Mar-1997

    Problem:

    • (03-Mar-1997) Security Fix: The IMAP servers included with all versions of Red Hat Linux have a buffer overrun which allow remote users to gain root access on systems which run them. imap-4.1.BETA-3 closes this security hole.

    Solution:

  • Package: gdb (Alpha)

    Updated: 03-Mar-1997

    Problem:

    • (03-Mar-1997) gdb doesn't debug shared libraries properly. gdb-4.16-6 fixes this problem.

    Solution:

  • Install fails with some SCSI adaptors

    Updated: 07-Mar-1997

    Problem:

    • (06-Mar-1997) Some SCSI adapter drivers do not work as modules. If you are installing Red Hat Linux on a system with one of these SCSI adapters, you will need to take a few extra steps during the installation.

    Solution:

    • Intel: In order to fix the problem, we have created boot disks which include kernels with the problematic SCSI drivers linked directly into the kernel. Here's how to use them:

      1. Choose the appropriate boot image from ftp://archive.download.redhat.com/pub/redhat/linux/updates/4.1/en/os/i386/images/scsi/: 
        bootBusLogic.img         New driver for BusLogic adapter
bootaha1740.img             Adaptec 1740/1742 EISA adapters
bootaha1540.img             Adaptec 1540/1542 adapters that need parameters
bootaic7xxx.img          Adaptec AIC 7xxx adapters that need parameters
booteata_dma.img         DPT EATA (DMA) adaptors
bootultrastor.img        Primarily intended for Ultrastor 24F

        The BusLogic driver is not buggy, but FlashPoint adapters are not supported by the standard kernel, and this image includes the production-quality 2.1.7 release of the BusLogic driver, which also includes improved recognition of MultiMaster adapters.

        The Adaptec 1542 driver cannot take command-line arguments when it is compiled as a module. Normally, it needs no arguments, but if you need to pass it arguments, you will need to use this boot disk and give it arguments at boot time.

        Note: make sure to download the image in binary mode.

      2. Use dd (under Linux) or rawrite (under MS-DOS) to write the image to a floppy, creating your boot diskette (see the Red Hat Linux 4.1 User's Guide, Section 2.3.1, Creating the Boot and Supplemental Floppies).

      3. Reboot your machine using the new boot diskette. When the system prompts you for a ramdisk, insert the standard Red Hat Linux boot diskette and press [Enter].

      4. Continue normally with the installation or upgrade. When you have finished and the computer reboots, put the new boot diskette you created in the floppy drive and boot using the command: 
        linux root=/dev/sd??
        where `/dev/sd??' is the root partition on which you installed Red Hat Linux.

      5. After booting, mount the new boot diskette, probably like this: 
        mount -t ext2 /dev/fd0 /mnt/floppy

      6. Copy the kernel image from the floppy over the default one provided with the system: 
        cp /mnt/floppy/vmlinuz /boot/vmlinuz

      7. Re-run lilo: 
        /sbin/lilo

      8. Shutdown and reboot: 
        /sbin/shutdown -r now

      At this point, you should have a working Red Hat Linux system.

  • Package: tmpwatch (Alpha)

    Updated: 10-Mar-1997

    Problem:

    • (10-Mar-1997) tmpwatch is missing execute permissions; fixed in tmpwatch-1.1-2.

    Solution:

  • Correction: Module Parameters

    Updated: 12-Mar-1997

    Problem:

    • (26-Feb-1997) The Red Hat Linux 4.1 User's Guide, Appendix B: Module Parameters lists some incorrect module parameters, while other module parameters are missing.
    • (12-Mar-1997) The spbcd module parameters need to be numeric; see correction below.

    Correction:

    • For the Sony CDU31a CD-ROM, the I/O address argument is cdu31a_port (not cdu31a), and the IRQ argument is cdu31a_irq;

    • For the Adaptec 154x SCSI adaptor, the I/O address argument is bases.

    • For the spbcd driver, use the following: 
      sbpcd=base_address,sb_pro_setting
      where base_address is the base address of the CD-ROM (e.g., 0x230), and sb_pro_setting is one of the following numeric settings: 
      0   (for LaserMate)
1   (for SoundBlaster)
2   (for SoundScape)
3   (for Teac16bit)

    • For the Seagate module, which drives Seagate ST0x and Future Domain TMC8xx and TMC9xx SCSI adaptors, use these arguments:
      controller_type=type base_address=shmemaddr irq=irq
      where:
      type is 1 for Seagate, or 2 for Future Domain;
      shmemaddr is the address of the shared memory segment (for example, 0xCA000);
      and irq is the number of the IRQ line.
  • Packages: dosemu,xdosemu

    Updated: 12-Mar-1997

    Problem:

    • (07-Mar-1997) dosemu failed to work with an unmodified Linux-2.0.27 kernel. Fixed in dosemu-0.64.1-2 and xdosemu-0.64.1-2.
    • (12-Mar-1997) dosemu did not lock serial ports correctly. Fixed in dosemu-0.64.1-3.

    Solution:

  • Some installs fail with 8MB of RAM

    Updated: 14-Mar-1997

    Problem:

    • (14-Mar-1997) If you have 8MB of RAM on a machine and are attempting an FTP, Hard Drive, or PCMCIA install, the installation system sometimes sets up the supplemental diskette improperly, causing the install to hang.

    Solution:

    • You can work around this behavior by telling the system you have only 7MB of RAM during the install, forcing it to be a bit more conservative in the way it allocates memory. Boot using the boot diskette, and enter the following at the LILO prompt: 
      boot: linux mem=7M
  • Package: efax

    Updated: 23-Mar-1997

    Problem:

    • (23-Mar-1997) A missing double quote caused efax to break. Fixed in efax-0.8a-2.

    Solution:

  • Package: cmu-snmp

    Updated: 23-Mar-1997

    Problem:

    • (23-Mar-1997) Security Fix: The SNMP services in cmu-snmp are misconfigured and allow all remote systems read access to networking information machines which are running snmpd. It is also straightforward to gain write access to networking information due to these misconfigurations, which enables simple denial of service attacks. Fixed in cmu-snmp-3.3-1.

    Note:

    • (23-Mar-1997) New versions of cmu-snmp-devel and cmu-snmp-tools are available for completeness. They do not need to be installed to fix this problem; only the main cmu-snmp package is necessary.

    Solution:

  • Package: inn

    Updated: 02-Apr-1997

    Problem:

    • (19-Feb-1997) Security Fix: inn-1.5.1-3 contains an important security fix.
    • (26-Feb-1997) inn-1.5.1-3 continues to have miscellaneous problems which inn-1.5.1-5 fixes.
    • (02-Apr-1997) Security Fix: inn contains a critical security hole; this hole is closed in inn-1.5.1-6.

    Note:

    • (26-Feb-1997) If you're upgrading from inn-1.4 to inn-1.5.1-5, make sure you have the `to' group in /var/lib/news/active or things won't work. Thanks to Elliot Lee and James Youngman for help on this package.

    Solution:

  • Package: Can't find driver for 3c900/3c905

    Updated: 02-Apr-1997

    Problem:

    • (02-Apr-1997) Red Hat Linux/Intel supports the 3com 3c900 and 3c905 ethernet cards; however, a driver for those cards doesn't appear to be available at install time.

    Solution:

    • (02-Apr-1997) Actually, the driver for the 3c900 and 3c905 ethernet cards is the same driver used for the 3c595; simply choose the 3c59x driver.
  • Packages: usercfg, pythonlib, netcfg, initscripts

    Updated: 03-Apr-1997

    Problem:

    • (18-Feb-1997) usercfg, pythonlib: usercfg-3.3 and pythonlib-1.13 together fix several bugs:
      • confusing password dialog made it easy to attempt and fail to set a password;
      • usercfg wasn't adding new users to the users group
      • shadow password file handling was simplistic and easily broken
      • adding a user with a home directory that already existed put a .skel directory in the new user's home directory
      • several small problems caused usercfg to break unecessarily, particularly regarding group specification for a new user
      • handles blank shadow file entries correctly

    • (05-Mar-1997) netcfg, pythonlib, initscripts: A new version of netcfg has been released. It requires a new initscripts package and a new pythonlib package. These fix at least three bugs:
      • Didn't always find the first free interface number when adding an interface;
      • Sometimes tried to `add' an existing interface number;
      • Users could confuse netcfg and mangle the static-routes file.
      In addition, some cosmetic bugs were fixed, the user interface was made clearer in some aspects, and several new features were added.

    • (06-Mar-1997) pythonlib: The PAP-editing routines in pythonlib-1.14-2 put the pap-secrets file in /etc/; it ought to go in /etc/ppp/. Fixed in pythonlib-1.14-3.

    • (12-Mar-1997) pythonlib: netcfg breaks when modem init strings include '=' characters. Fixed with pythonlib-1.15-1.

    • (18-Mar-1997) initscripts: During a system shutdown or reboot, initscripts complains that it can't find xargs; fixed in initscripts-2.89-1.

    • (03-Apr-1997) pythonlib: In netcfg, '&' characters in modem init strings would break the connect script in various ways (the exact errors depend on the contents of the modem init string). Fixed in pythonlib-1.16-1.

      netcfg: netcfg-2.15 fixes a few bugs involved in aliasing devices.

      initscripts: initscripts-2.91 brings up aliased PPP devices when the main PPP device is started.

    Note:

    • (05-Mar-1997) netcfg, pythonlib, initscripts: IMPORTANT: If you are currently using PAP or CHAP to authenticate connections made by an interface managed by netcfg (that is, which uses the /etc/sysconfig/network-scripts/ifup-ppp script), you will need to modify your /etc/ppp/pap-secrets or /etc/ppp/chap-secrets file to take into account that the remotename on a connection will always be the logical interface name: for example, for the interface described by the /etc/sysconfig/network-scripts/ifcfg-ppp0 file, the remotename will always be `ppp0', and not the name provided by the remote end of the connection. This change was necessary to support PAP authentication through netcfg (CHAP may be added to netcfg later).

    Solution:

  • Package: amd

    Updated: 09-Apr-1997

    Problem:

    • (09-Apr-1997) Security Fix: amd doesn't handle the nodev option properly, creating potential security problems. amd-920824upl102-8 fixes this problem.

    Solution:

  • Package: perl

    Updated: 24-Apr-1997

    Problem:

    • (24-Apr-1997) Security Fix: There is a critical security hole in perl (specifically /usr/bin/sperl); a new version, perl-5.003-8, is now available which closes this security hole.

    Solution:

  • Packages: NetKit-B, util-linux, passwd

    Updated: 25-Apr-1997

    Problem:

    • (03-Feb-1997) NetKit-B: Security Fix: NetKit-B-0.08-13 allowed external users to tell whether or not a username existed on a system by using the rlogin protocol. This is fixed in NetKit-B-0.08-14.
    • (07-Mar-1997) util-linux: login (and telnet, since it uses login) allowed remote users to determine whether a user existed on a system. This has been fixed in util-linux-2.5-34
    • (24-Mar-1997) NetKit-B: Security Fix: There is a small security hole in the in.tftpd daemon which allows remote users to read all files on systems which run tftp from inetd, even if the server is supposed to be run with a restricted directory path (note that all versions of Red Hat have tftp support off by default). NetKit-B-0.09-1 includes a patch to fix this problem.
    • (25-Apr-1997) NetKit-B, util-linux, passwd: There have been various utmp problems on all platforms with Red Hat Linux 4.1 (most notably the Alpha). NetKit-B-0.09-1.1, util-linux-2.5-34.1, and passwd-0.50-2.1 should fix this problem.

    Solution:

  • Package: rpm

    Updated: 28-Apr-1997

    Problem:

    • (03-Feb-1997) rpm-2.3-1 does not run ``verify scripts'' correctly. rpm-2.3.2-1 fixes this problem.

    • (28-Apr-1997) Versions of rpm prior to 2.3.10 use md5 signatures which don't work exactly as they ought to; rpm-2.3.10-1 fixes this.

      As a consequence of this, rpm-2.3.9 or earlier will complain about an improper signature on packages built with rpm-2.3.10 or later. However, for PGP-signed packages, as long as the ``pgp'' report from --checksig (-K) is in lower case, the PGP signature has verified properly.

    Solution:

  • Package: metamail

    Updated: 28-Apr-1997

    Problem:

    • (28-Apr-1997) Security Fix: There is a security hole in metamail which affects all versions of Red Hat Linux. metamail-2.7-7 closes this security hole.

    Note:

    • (28-Apr-1997) Versions of rpm prior to 2.3.10 will complain about an improper signature on this packages. As long as the ``pgp'' report from --checksig (-K) is in lower case, the PGP signature has verified properly. We suggest upgrading to rpm-2.3.10 to avoid this problem in the future.

    Solution:

  • Package: elm

    Updated: 15-May-1997

    Problem:

    • (15-May-1997) Security Fix: The version of elm shipped with all releases of Red Hat Linux has a security vulnerability which allows users on systems to read, delete, and forge other users' mail by gaining access to the mail group. elm-2.4.25-8 fixes this vulnerability.

    Solution:

  • Can't mount BackPack CD-ROM

    Updated: 10-Jun-1997

    Problem:

    • (10-Jun-1997) Users who install Red Hat Linux/Intel 4.1 from a BackPack CD-ROM may find they can't mount the CD-ROM. This is because no /dev/bpcd device exists.

    Solution:

    • (10-Jun-1997) Until a fix is available, users can manually create a /dev/bpcd device using the following commands: 
      su
mknod /dev/bpcd b 41 0
chown root:disk /dev/bpcd
chmod 660 /dev/bpcd
      Users can then mount the BackPack CD-ROM using: 
      mount -t iso9660 /dev/bpcd /cdrom
      or by adding an entry to /etc/fstab using the Filesystem Configuration tool from the Control Panel.
  • Packages: XFree86, X11R6.1

    Updated: 20-Jun-1997

    Problem:

    • (18-Feb-1997) xdm was having trouble setting proper paths and reading shell initalization files properly. Also, shadow passwords didn't work with xdm on Linux/Alpha.

    • (29-May-1997) Security Fix: A buffer overflow has been found in one of the X11 libraries, allowing local users to gain unathorized root access to a system through any setuid root application linked against libX11. This problem affects all Red Hat Linux machines with X Windows installed.

      Applications which are dynamically linked may be fixed by upgrading to the X...-libs package appropriate for your architecture.

      If you have any statically linked setuid X programs you must recompile them against the new libX11.a contained in the X...-devel package for your architecture. Red Hat Linux does not include any statically linked X applications, so this only a problem if you've hand installed statically linked setuid applications (we don't know of any applications likely to be installed in this configuration).

    • (05-Jun-1997) Security Fix: More buffer overflows have been found in one of the X11 libraries, allowing local users to gain unathorized root access to a system through any setuid root application linked against libX11. This problem affects all Red Hat Linux machine with X Windows installed.

      Applications which are dynamically linked may be fixed by upgrading to the X...-libs X package appropriate for your architecture.

      If you have any statically linked setuid X programs you must recompile them against the new libX11.a contained in the X...-devel package for your architecture. Red Hat Linux does not include any statically linked X applications so this only a problem if you've hand installed statically linked setuid applications (we don't know of any applications likely to be installed in this configuration).

    • (05-Jun-1997) Coinciding with today's announcement of XFree86-3.3 (see http://www.xfree86.org for details), Red Hat, Inc. is making available XFree86-3.3 RPMs for Intel and Alpha platforms.

      The packaging is identical to that used for XFree86-3.2 on Red Hat Linux 4.2 and similiar to the packaging used for Red Hat Linux 4.1; users of either release should have little trouble upgrading to XFree86-3.3.

    Note:

    • (29-May-1997) The upcoming release of XFree86-3.3 is not vulnerable to this problem; users may safely install release 3.3 once it is available. The XFree86-3.2A beta release, however, is vulnerable.

    • (11-Jun-1997) Metro-X Users: XFree86-3.3 uses fonts which are compressed with gzip by default. Red Hat Linux/Intel users who use MetroLink's Metro-X server will have difficulty using Metro-X with XFree86-3.3, since Metro-X cannot read gzipped fonts. Until an update of Metro-X is available that can read gzipped fonts, you can use the following commands to allow Metro-X to read the fonts in the XFree86-3.3 package: 
      su
cd /usr/X11R6/lib/X11/fonts
gunzip */*.gz
compress */*.pcf
mkfontdir *
      You may need to make sure the ncompress package is installed in order to use the compress command.

    Solution:

  • Package: svgalib

    Updated: 27-Jun-1997

    Problem:

    • (27-Jun-1997) Security Fix: A major security problem has been found in the svgalib library. This problem affects all releases of Red Hat Linux on Intel platforms. svgalib-1.2.10-3 fixes this security hole.

    Solution:

  • Package: ld.so

    Updated: 18-Jul-1997

    Problem:

    • (18-Jul-1997) Security Fix: There is a buffer overflow in Linux's ELF program loader on Intel and SPARC platforms. New versions of the ld.so and ld.so-sparc packages are available which fix the problem.

    Solution:

  • Package: bind

    Updated: 21-Jul-1997

    Problem:

    • (10-Mar-1997) Security Fix: There is a possibility for a denial of service attack in bind-4.9.5 which allows users to render nameservers inoperative. bind-4.9.5p1-1 includes a patch to fix this behaviour.
    • (21-Jul-1997) Security Fix: Version 4.9.6 of the bind DNS name server is now available. It fixes security vulnerabilities which allowed third parties to alter DNS queries from previous versions of the name server. All Red Hat Linux systems running bind are vulnerable to this problem.

    Solution: