Red Hat Linux 4.2 Errata

22-Jul-1999: samba (RHSA-1999:022)
07-Jul-1999: rpm
11-Jun-1999: timetool
10-Jun-1999: wu-ftpd
10-Jun-1999: imap
16-Apr-1999: NFS
16-Apr-1999: procmail
16-Apr-1999: lpr
01-Apr-1999: XFree86
01-Apr-1999: Pine
01-Apr-1999: ZGV
01-Apr-1999: sysklogd
09-Feb-1999: minicom
03-Jan-1999: kernel
03-Jan-1999: pam
22-Dec-1998: ftp-client (NetKit)
14-Nov-1998: libc
06-Nov-1998: svgalib
09-Sep-1998: bash
28-Aug-1998: xscreensaver
11-Aug-1997: logrotate (Sparc)
11-Aug-1998: apache
24-Jul-1997: Memory paging bug on PC164 (Alpha)
24-Jul-1998: ncurses
24-Jul-1998: initscripts
23-Jul-1997: NIS/NYS
11-Jul-1997: Red Hat Linux Library doesn't work
02-Jul-1998: dosemu
08-Jul-1998: libtermcap
30-Jun-1998: tin
30-Jun-1998: slang
30-Jun-1998: bind
30-Jun-1998: metamail
30-Jun-1998: mailx
23-Jun-1998: elm
10-Jun-1997: Can't mount BackPack CD-ROM
10-Jun-1997: X11R6.1 (Sparc)
10-Jun-1998: findutils
01-Jun-1998: bootp
01-Jun-1998: dhcpcd
01-Jun-1998: groff,rhs-printfilters,tetex
17-Apr-1998: procps
01-Apr-1998: lynx
25-Mar-1998: kbd
21-Mar-1998: mh
20-Mar-1998: ncftp
09-Mar-1998: textutils
09-Mar-1998: perl
28-Jan-1998: gzip
08-Jan-1998: setserial
31-Oct-1997: netcfg
23-Sep-1997: traceroute,man
11-Aug-1997: kernelcfg, pythonlib
08-Aug-1997: inn,inews
18-Jul-1997: ld.so
09-Jul-1997: db
20-Jun-1997: pwdb
05-Jun-1997: kaffe
05-Jun-1997: mkinitrd

Package: rpm Red Hat, Inc. Errata Advisory

Synopsis:	Rpm 3.0.2 release for all Red Hat platforms
Advisory ID:	RHEA-1999:018-01
Issue date:	1999-07-07
Keywords:	rpm

1. Topic:

This release of rpm is intended to permit all Red Hat platforms to use the same version of rpm.

2. Bug IDs fixed:

The most significant user-visible bugs fixed in rpm-3.0.2 are
#2727 tetex after upgrade is missing files
#2916 Cannot verify installed package against package.rpm
#3449 Build of a noarch source package dumps core

3. Relevant releases/architectures:

Red Hat Linux 4.x, all architectures

4. Obsoleted by:

None

5. Conflicts with:

Packages that are linked with rpm-2.5.x libraries. This includes rpmfind, rpm2html, gnorpm, and kpackage. You will need to upgrade to a version of these packages that have been linked with rpm-3.0.x libraries.

6. RPMs required:

Intel:

ftp://archive.download.redhat.com/pub/redhat/linux/updates/4.2/en/os/i386/

rpm-3.0.2-4.x.i386.rpm
rpm-devel-3.0.2-4.x.i386.rpm

Alpha:

ftp://archive.download.redhat.com/pub/redhat/linux/updates/4.2/en/os/alpha/

rpm-3.0.2-4.x.alpha.rpm
rpm-devel-3.0.2-4.x.alpha.rpm

SPARC:

ftp://archive.download.redhat.com/pub/redhat/linux/updates/4.2/en/os/sparc/

rpm-3.0.2-4.x.sparc.rpm
rpm-devel-3.0.2-4.x.sparc.rpm

Source:

ftp://archive.download.redhat.com/pub/redhat/linux/updates/4.2/en/os/SRPMS/
rpm-3.0.2-4.x.src.rpm
7. Problem description:

This release of rpm is intended to permit all Red Hat platforms to use the same version of rpm.

8. Solution:

Upgrade to the latest errata release of rpm by downloading the correct rpm and rpm-devel packages for your architecture and version of Red Hat Linux.

You should install the packages by typing (assuming Red Hat 6.0/en/os/i386)
rpm -U rpm-3.0.2-6.0.i386.rpm rpm-devel-3.0.2-6.0.i386.rpm

If you are upgrading from rpm-2.5.x, you should then type
rpm --rebuilddb
because the database format has changed in rpm-3.0. (Note: if you decide to reinstall rpm-2.5.x, you should also type "rpm --rebuilddb" after reinstalling rpm-2.5.x in order to convert the database format back to the form used by rpm-2.5.x).

If you use rpm to build packages, please note that the method of configuring rpm has changed. The commonest configuration problem encountered by packagers who upgrade is how to set topdir to something other than /usr/src/redhat:

In rpm-2.5.x, you would put the following in ~/.rpmrc topdir: /path/to/your/directory/here

In rpm-3.0.x, you should put the following in ~/.rpmmacros %_topdir /path/to/your/directory/here

9. Verification:

MD5 sum                           Package Name
--------------------------------------------------------------------------
ac9fefe3016b7e5e6f3c98d514b66191  4.2/i386/rpm-3.0.2-4.x.i386.rpm
27cee0b5bb1f2792b4c0881e33f2384f  4.2/i386/rpm-devel-3.0.2-4.x.i386.rpm
5f391cb539caab922b12ff6aa1ef4b41  4.2/alpha/rpm-3.0.2-4.x.alpha.rpm
418416eaf031b5aaeeed062bc4f6ef40  4.2/alpha/rpm-devel-3.0.2-4.x.alpha.rpm
449c5368d3622a1038e0a081f3078aab  4.2/sparc/rpm-3.0.2-4.x.sparc.rpm
3b3761a5e5f75b7cf1dae17c7859a350  4.2/sparc/rpm-devel-3.0.2-4.x.sparc.rpm
f34c98878a18e230150666f2dacdbbeb  4.2/SRPMS/rpm-3.0.2-4.x.src.rpm

These packages are also PGP signed by Red Hat Inc. for security. Our key is available at: http://www.redhat.com/about/contact/pgpkey.html

You can verify each package with the following command: rpm --checksig

If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nopgp

10. References:

Package: wu-ftpd
Updated: 10-Jun-1999
Problem
- (10-Jun-1999):Notice
  This is a maintenance release of the wu-ftpd package that corrects problems with file name globbing that were broken in a previous errata. In addition, the packages upgrade to the latest version of wu-ftpd with all known exploits fixed on all current Red Hat releases. A problem with ftpwho not displaying complete information has also been fixed.
  A more complete description of current problems with wu-ftpd may be found at http://bugzilla.redhat.com/bugzilla by querying the wu-ftpd component. Bugs #2798 and #2944 describe the file globbing failure symptoms, #2455 describes the ftpwho symptoms.
  Users of Red Hat Linux should upgrade to a new version of wu-ftpd in order to fix these problems.
Solution:
- Intel: Upgrade to:
  rpm -Uvh wu-ftpd-2.5.0-0.4.2.i386.rpm
- SPARC: Upgrade to:
  rpm -Uvh wu-ftpd-2.5.0-0.4.2.sparc.rpm
- Alpha: Upgrade to:
  rpm -Uvh wu-ftpd-2.5.0-0.4.2.alpha.rpm
- Source:
  rpm -Uvh wu-ftpd-2.5.0-0.4.2.src.rpm
Package: imap
Updated: 10-Jun-1999
Problem:
- (10-Jun-1999) Security Fix:
  This is a security errata for the imap package that corrects a known ipop2d exploit in Red Hat 4.x and Red Hat 5.x.
  A more complete description of current problems with imap may be found at http://bugzilla.redhat.com/bugzilla by querying the imap component. Bug #3161 is the report of ipop2d exploit.
  Users of Red Hat Linux 4.x and 5.x should upgrade to the new version of imap in order to correct this security problem.
Solution:
- Intel: Upgrade to
  rpm -Uvh imap-4.5-0.4.2.i386.rpm
- Alpha: Upgrade to
  rpm -Uvh imap-4.5-0.4.2.alpha.rpm
- SPARC: Upgrade to
  rpm -Uvh imap-4.5-0.4.2.sparc.rpm
- Source: Upgrade to
  rpm -Uvh imap-4.5-0.4.2.src.rpm
Package: timetool
Updated: 11-Jun-1999
Problem:
- (11-Jun-1999):Notice
  The "timetool" time and date configuration utility shipped with Red Hat Linux 4.2 and 5.2 has been found to represent the year 2000 as a non-leapyear, when in fact February 29, 2000 is a valid date. The timetool shipped with Red Hat Linux 6.0 does not have this issue. Users of Red Hat Linux 4.x and 5.x should upgrade to a fixed version of the timetool, which is available at the following locations:
Solution:
- All architectures Upgrade to:
  rpm -Uvh timetool-2.6-1.4.noarch.rpm
  Please note that Red Hat Linux 4.x users should have the latest errata rpm packages installed to be able to install this architecture independent package.
Package: NFS
Updated: 16-Apr-1999
Problem:
- (02-Jan-1999)Security Fix -- Risk High
  Due to many reports of continued security breaches from NFS, we are moving the NFS update to the top of the list to make sure people update to it if they have not already.
  As faq-maintainer, I would like to apologize in the delay for doing this.
Solution:
- Intel: Upgrade to:
  ftp://archive.download.redhat.com/pub/redhat/linux/updates/4.2/en/os/i386/nfs-server-2.2beta40-0.i386.rpm
  nfs-server-clients-2.2beta40-0.i386.rpm
- Alpha: Upgrade to:
  nfs-server-2.2beta40-0.alpha.rpm
  nfs-server-clients-2.2beta40-0.alpha.rpm
- SPARC: Upgrade to:
  nfs-server-2.2beta40-0.sparc.rpm
  nfs-server-clients-2.2beta40-0.sparc.rpm
Package: procmail
Updated: 16-Apr-1999
Problem:
- (16-Apr-1999):Security Fix
  
  Potential security problems have been identified in all the procmail packages shipped with Red Hat Linux. Currently Red Hat is not aware of any exploits built on these vulnerabilities.
  Red Hat would like to thank the members of the Bugtraq list for reporting these problems and the authors of procmail for quickly providing an update.
  Users of Red Hat Linux are recommended to upgrade to the new packages available under updates directory on our ftp site:
Solution:
- Intel: Upgrade to:
  ftp://archive.download.redhat.com/pub/redhat/linux/updates/4.2/en/os/i386/procmail-3.13.1-0.i386.rpm
- Alpha: Upgrade to:
  ftp://archive.download.redhat.com/pub/redhat/linux/updates/4.2/en/os/alpha/procmail-3.13.1-0.alpha.rpm
- SPARC: Upgrade to:
  ftp://archive.download.redhat.com/pub/redhat/linux/updates/4.2/en/os/sparc/procmail-3.13.1-0.sparc.rpm
Package: lpr
Updated: 16-Apr-1999
Problem:
- (16-Apr-1999) Security Fix:
  
  Security vulnerabilities have been found in the versions of lpr that ship with Red Hat Linux. Thanks go to the Linux Security Audit team for discovering the vulnerability. It is recommended that all users of Red Hat Linux upgrade to the new packages.
- (23-Apr-1998) Security Fix:
  More buffer overflows have been found in lpr 0.30 as released on Saturday. As these flaws may allow users to gain root access to the local system, Red Hat, Inc. recommends that all users upgrade to lpr 0.31 immediately.
  Thanks to Niall Smart for finding this problem.
- (18-Apr-1998) Security Fix:
  A major security problem has been found in all versions of lpr shipped with Red Hat Linux. Version 0.30 of lpr fixes this and is now available. Red Hat, Inc. encourages all users of Red Hat to upgrade to this new version immediately.
- (21-May-1997) The lpr binary which shipped with Red Hat Linux/Alpha and Red Hat Linux/SPARC is an Intel binary.
Solution:
- Intel: Upgrade to ftp://archive.download.redhat.com/pub/redhat/linux/updates/4.2/en/os/i386/lpr-0.35-0.4.2.i386.rpm
- Alpha: Upgrade to ftp://archive.download.redhat.com/pub/redhat/linux/updates/4.2/en/os/alpha/lpr-0.35-0.4.2.alpha.rpm
- SPARC: Upgrade to ftp://archive.download.redhat.com/pub/redhat/linux/updates/4.2/en/os/sparc/lpr-0.35-0.4.2.sparc.rpm
Package: XFree86
Updated: 01-Apr-1999
Problem:
- (01-Apr-1999) Security Fix:
  Security vulnerabilities have been identified in the XFree86 packages that ship with Red Hat Linux. This security problem can allow local users to get write access to directories that they are otherwise not able to write to.
  Red Hat would like to thank the members of the BUGTRAQ mailing list, the members of the Linux Security Audit team, and others. All users of Red Hat Linux are encouraged to upgrade to the new packages immediately. As always, these packages have been signed with the Red Hat PGP key.
  We are not releasing an updated Xconfigurator at this time; if you have a graphics card which is not supported by the latest available version of Xconfigurator for your platform and release, we suggest you use the xf86config program which comes with XFree86. You may also want to use the XF86Setup program.
Solution:
In some circumstances, you may be required to add --force and/or --nodeps to the rpm command line options to insure a proper upgrade. Add these options if the command line given gives an error. Also as with all newer RPM packages you will need to upgrade to the latest RPM before installing these packages.
- Intel:
  All updates can be found at ftp updates
  Required RPMS
  You will want one of the following RPMS for your video card.
  Server RPMS
  You might want one or more of these RPMS if you do development.
  Optional RPMS
  Further Instructions For instructions on upgrading users should read the Red Hat XFree86 upgrade howto. This document is in its initial drafts, but should be useful.
- Alpha: Upgrade to:
  All updates can be found at ftp updates
  1. Make sure that you are running RPM 2.5.3 or later before proceeding. Upgrade as follows:
    rpm -Uvh ftp://archive.download.redhat.com/pub/redhat/linux/updates/4.2/en/os/alpha/rpm-2.5.3-4.2.alpha.rpm
  2. Make sure you have the latest Xconfigurator installed:
    rpm -Uvh ftp://archive.download.redhat.com/pub/redhat/linux/updates/4.2/en/os/alpha/Xconfigurator-2.6.1-1.alpha.rpm
  3. Upgrade your X server. The package you need is dependent on which video card you have. Get the server which matches your card.
  4. Upgrade your X libraries and base install
    rpm -Uvh ftp://archive.download.redhat.com/pub/redhat/linux/updates/4.2/en/os/alpha/XFree86-libs-3.3.3.1-0.1.alpha.rpm rpm -Uvh ftp://archive.download.redhat.com/pub/redhat/linux/updates/4.2/en/os/alpha/XFree86-3.3.3.1-0.1.alpha.rpm
  5. Optionally, upgrade the additional X packages, such as fonts, devel, etc.
- SPARC: Upgrade to:
  All updates can be found at ftp updates
  The X environment which shipped with Red Hat 4.2 SPARC was different than that for other architectures. X was placed in the directory /usr/X11R6.1, whereas every other architecture expected it to reside under /usr/X11R6. This errata release corrects the situation. As you upgrade the packages, YOU WILL SEE ERRORS FROM RPM about missing files, but they can safely be ignored.
  The following instructions will work for an unmodified Red Hat 4.2 SPARC environment.
  1. Make sure that you are running RPM 2.5.3 or later before proceeding. Upgrade as follows:
    rpm -Uvh ftp://archive.download.redhat.com/pub/redhat/linux/updates/4.2/en/os/sparc/rpm-2.5.3-4.2.sparc.rpm
  2. Remove the symbolic link /usr/X11R6:
    rm /usr/X11R6
  3. Move the directory /usr/X11R6.1 to /usr/X11R6:
    mv /usr/X11R6.1 /usr/X11R6
  4. Upgrade the server package for the type of SPARC framebuffer you have. This is system dependent.
  5. Upgrade your X libraries and base install:
    rpm -Uvh ftp://archive.download.redhat.com/pub/redhat/linux/updates/4.2/en/os/sparc/XFree86-libs-3.3.3.1-0.1.sparc.rpm rpm -Uvh ftp://archive.download.redhat.com/pub/redhat/linux/updates/4.2/en/os/sparc/XFree86-3.3.3.1-0.1.sparc.rpm
  6. Optionally, upgrade the additional X packages, such as fonts, devel, etc.
  7. Make a symbolic link from /usr/X11R6 to /usr/X11R6.1 for backwards compatibility:
    cd /usr; ln -s X11R6 X11R6.1
  8. If a link named /etc/X11/X does not exist, pointing at the proper X server that you use (for instance, /usr/X11R6/bin/Xsun), create it now.
Package: pine
Updated: 01-Apr-1999
Problem:
- (01-Apr-1999):Security Fix
  
  An problem in the mime handling code could allow a remote user to execute certain commands on a local system.
  Red Hat would like to thank the members of the BUGTRAQ mailing list, the members of the Linux Security Audit team, and others. All users of Red Hat Linux are encouraged to upgrade to the new packages immediately. As always, these packages have been signed with the Red Hat PGP key.
Solution:
- Intel: Upgrade to:
  rpm -Uvh ftp://archive.download.redhat.com/pub/redhat/linux/updates/4.2/en/os/i386/pine-3.96-7.0.i386.rpm
- Alpha: Upgrade to:
  rpm -Uvh ftp://archive.download.redhat.com/pub/redhat/linux/updates/4.2/en/os/alpha/pine-3.96-7.0.alpha.rpm
- SPARC: Upgrade to:
  rpm -Uvh ftp://archive.download.redhat.com/pub/redhat/linux/updates/4.2/en/os/sparc/pine-3.96-7.0.sparc.rpm
Further Instructions Once updated, no further instructions are needed.
Package: zgv
Updated: 01-Apr-1999
Problem:
- (01-Apr-1999):Security Fix
  Local users could gain root access.
  Red Hat would like to thank the members of the BUGTRAQ mailing list, the members of the Linux Security Audit team, and others. All users of Red Hat Linux are encouraged to upgrade to the new packages immediately. As always, these packages have been signed with the Red Hat PGP key.
Solution:
- Intel: Upgrade to:
  rpm -Uvh ftp://archive.download.redhat.com/pub/redhat/linux/updates/4.2/en/os/i386/zgv-3.0-1.4.2.i386.rpm
Package: Sysklogd
Updated: 01-Apr-1999
Problem:
- (01-Apr-1999):Security Fix
  An overflow in the parsing code could lead to crashes of the system logger.
  Red Hat would like to thank the members of the BUGTRAQ mailing list, the members of the Linux Security Audit team, and others. All users of Red Hat Linux are encouraged to upgrade to the new packages immediately. As always, these packages have been signed with the Red Hat PGP key.
- (17-Nov-1998):Security Fix
  A buffer overflow has been identified in all versions of the sysklogd packages shipped with Red Hat Linux. As the time of this post there are no known exploits for this security vulnerability.
  Red Hat would like to thank Michal Zalewski (lcamtuf@IDS.PL) and the members of the Bugtraq mailing list for discovering this problem and providing a fix.
  Users of Red Hat Linux are recommended to upgrade to the new packages available under updates directory on our ftp site:
Solution:
- Intel: Upgrade to:
  rpm -Uvh ftp://archive.download.redhat.com/pub/redhat/linux/updates/4.2/en/os/i386/sysklogd-1.3.31-0.0.i386.rpm
- Alpha: Upgrade to:
  rpm -Uvh ftp://archive.download.redhat.com/pub/redhat/linux/updates/4.2/en/os/alpha/sysklogd-1.3.31-0.0.alpha.rpm
- SPARC: Upgrade to:
  rpm -Uvh ftp://archive.download.redhat.com/pub/redhat/linux/updates/4.2/en/os/sparc/sysklogd-1.3.31-0.0.sparc.rpm
Further Instructions
Once you have downloaded the sysklogd package for your architecture, you will need to do the following as root:
rpm -Uvh sysklogd*rpm /etc/rc.d/init.d/syslog stop /etc/rc.d/init.d/syslog start
Package: minicom
Updated: 09-Feb-1999
Problem:
- (09-Feb-1999) Security Fix:
  
  Current minicom packages have permissions set to allow all users to access a modem on a system. This update fixes this problem limiting users to those listed in the minicom configuration file.
  New packages are available for the supported versions of Red Hat Linux. All users of Red Hat Linux are encouraged to upgrade to the new minicom releases immediately. As always, these packages have been signed with the Red Hat PGP key.
- (02-Jun-1998) Security Fix:
  Buffer overflows have been found in the minicom package. Red Hat suggests all users upgrade to a new minicom version immediately.
Solution:
- Intel: Upgrade to minicom-1.81-2.i386.rpm
- Alpha: Upgrade to minicom-1.81-2.alpha.rpm
- SPARC: Upgrade to minicom-1.81-2.sparc.rpm
Package: kernel
Updated: 03-Jan-1999
Problem:
- (08-Dec-1998):Security Fix
  
  Several security holes were found in the Linux kernel and patched in the 2.0.36 kernel. Users should upgrade to patch these problems. The announcement can be found here.
  Important: You need to make sure you have the latest initscripts
Solution:
- Intel: Upgrade to:
  2.0.36 kernel
  2.0.36 kernel modules
  2.0.36 IBCS modules
  2.0.36 PCMCIA modules
  
  Optional Packages
  2.0.36 kernel headers (needed for some development)
  2.0.36 source RPM (needed to recompile kernel)
- Alpha: Upgrade to:
  2.0.36 Kernel Headers
  2.0.36 Kernel Source Code
  
  You will need to recompile the source code for your platform.
- SPARC: Upgrade to:
  
  Due to differences between versioning, Red Hat has patched the 2.0.35 kernel with the security fixes that are in the 2.0.36 kernel.
  2.0.35 Kernel Headers
  2.0.35 Kernel Source
  2.0.35 Kernel (4c) 2.0.35 Kernel modules 2.0.35 Kernel (SMP)
Further Instructions For instructions on upgrading users should read the Red Hat kernel upgrade howto. While the howto focuses on intel, there are sub chapters for upgrading alpha and sparc machines.
Package: pam
Updated: 02-Jan-1998
Problem:
- (02-Jan-1998)Security Fix:
  1. Risk level: SMALL
    
    The default configuration as shipped with the supported releases of Red Hat Linux is not vulnerable to this problem.
  2. Description
    
    A race condition that can be exploited under some particular scenarios has been identified in all versions of the Linux-PAM library shipped with all versions of Red Hat Linux. The vulnerability is exhibited in the pam_unix_passwd.so module included in Red Hat Linux, but *not* used by either of the 4.2 or 5.x releases. Red Hat Linux uses the pam_pwdb.so module for performing PAM authentication.
    You are at risk if you enabled pam_unix_passwd.so and are using it instead of the pam_pwdb.so module. An exploit occurs when an user with a umask setting of 0 is trying to change the login password.
    As of this release there are no known exploits of this security problem.
Solution:
- Intel: Upgrade to pam-0.57-5.i386.rpm
- Alpha: Upgrade to pam-0.57-5.alpha.rpm
- SPARC: Upgrade to pam-0.57-5.sparc.rpm
Package: FTP client (NetKit)
Updated: 22-Dec-1998
Problem:
- (22-Dec-1998):Security Fix
  
  A security vulnerability has been identified in all versions of the ftp client binary shipped with Red Hat Linux. An exploit for this vulnerability would have to rely on getting the user to connect using passive mode to a server running a ftp daemon under the attacker's control. As of this release time there are no known exploits of this security problem.
  All users of Red Hat Linux are encouraged to upgrade to the new package releases immediately. As always, these packages have been signed with the Red Hat PGP key. The FTP client is part of the NetKit package in the 4.2 boxed set.
Solution:
- Intel: Upgrade to:
  NetKit-B-0.09 (i386)
- Alpha: Upgrade to:
  NetKit-B-0.09 (alpha)
- SPARC: Upgrade to:
  KetKit-B-0.09 (sparc)
Further Instructions
Once you have downloaded the NetKit package for your architecture, you will need to do the following as root:
rpm -Uvh NetKit-B-0.09-9*rpm
Package: libc
Updated: 14-Nov-1998
Problem:
- (14-Nov-1998) Security Update:
  A buffer overflow has been identified in all versions of the libc 5 packages shipped with Red Hat Linux. The most affected systems are those that are libc 5 based (Red Hat Linux 4.2 and older). Only Intel and Sparc architectures are affected.
  The Red Hat Linux 5.x releases are glibc (libc 6) based, and Red Hat does not ship any binaries linked against libc 5 that might be used for compromising the system's security. However, Red Hat Linux 5.x releases do include for backwards compatibility a package containg a vulnerable library.
  Users of Red Hat Linux are recommended to upgrade to the new packages available under updates directory on our ftp site:
- (31-Dec-1997) Updates fixing many problems have been added.
Solution:
- Intel: Upgrade to
  libc-5.3.12-18.4.i386.rpm
  libc-debug-5.3.12-18.4.i386.rpm
  libc-devel-5.3.12-18.4.i386.rpm
  libc-profile-5.3.12-18.4.i386.rpm
  libc-static-5.3.12-18.4.i386.rpm
- SPARC: Upgrade to
  libc-5.3.12-18.4.sparc.rpm
  libc-debug-5.3.12-18.4.sparc.rpm
  libc-devel-5.3.12-18.4.sparc.rpm
  libc-profile-5.3.12-18.4.sparc.rpm
  libc-static-5.3.12-18.4.sparc.rpm
Package: svgalib
Updated: 06-Nov-1998
Problem:
- (06-Nov-1998) Security Fix:
  svgalib has been found to leak file descriptors to /dev/mem. Red Hat would like to thank the users of the BUGTRAQ security list for identifying the problem and Kevin Vajk for providing a fix. Users of Red Hat Linux are recommended to upgrade to the new packages available under the updates directory on our ftp site: ftp://archive.download.redhat.com/pub/redhat/linux/updates/4.2/en/os/i386/svgalib-1.2.13-0.1.i386.rpm To upgrade this package use the rpm command:
```
        rpm -Uvh svgalib-1.2.13-0.1.i386.rpm

            
```
- (27-Jun-1997) Security Fix:
  Minor security problems have been found by the Linux Security Auditing group in svgalib which allow users to make the console unuseable.
- (27-Jun-1997) Security Fix:
  A major security problem has been found in the svgalib library. This problem affects all releases of Red Hat Linux on Intel platforms. svgalib-1.2.10-3 fixes this security hole.
- (25-Mar-1998)Security Fix:
  /tmp exploits have been discovered in this package. As usual, the package has been PGP signed with the Red Hat PGP key.
Solution:
- Intel: Upgrade to
  svgalib-1.2.13-0.1.i386.rpm
  svgalib-devel-1.2.13-0.1.i386.rpm
Package: bash
Updated: 09-Sep-1998
Problem:
- (09-Sep-1998) Security Fix:
  A security vulnerability has been identified in all versions of bash shipped with Red Hat Linux. Details on the nature of the bug have been posted recently to the BUGTRAQ security list.
  The bug is not immediately exploitable - it will require that a user with shell account on one machine create a carefully constructed directory structure and then wait for somebody else with a root account to cd into that directory.
  Red Hat would like to thank Joao Manuel Carolino , Fiji , and Razvan Dragomirescu for identifying this bug and Wichert Akkerman for providing an idea of a fix.
Solution:
- Intel: Upgrade to bash-1.14.7-1.1.i386.rpm
- Alpha: Upgrade to bash-1.14.7-1.1.alpha.rpm
- SPARC: Upgrade to bash-1.14.7-1.1.sparc.rpm
Package: xscreensaver
Updated: 29-Aug-1998
Problem:
- (29-Aug-1998) This update fixes problems with core dumps in the xlyap function of xscreensaver. Thanks to the many people reporting this on the redhat list.
- (10-Jun-1998) Security Fix:
  Various, minor security problems were found in this package. Thanks to Jamie Zawinski for fixing this.
Solution:
- Intel: Upgrade to xscreensaver-2.27-0.i386.rpm
- Alpha: Upgrade to xscreensaver-2.27-0.alpha.rpm
- SPARC: Upgrade to xscreensaver-2.27-0.sparc.rpm
Package: logrotate (Sparc)
Updated: 11-Aug-1997
Problem:
- (11-Aug-1997) logrotate 2.4 is now available as an update for Red Hat Linux/SPARC 4.2. This fixes a bus error which could occur on the SPARC, and also allows log names in config files to use globbing characters.
Solution:
- SPARC: Upgrade to logrotate-2.4-1.sparc.rpm
Package: apache
Updated: 11-Aug-1998
Problem:
- (11-Aug-1998)Security Fix:
  A denial-of-service attack against the Apache web server has been found which lets remote sites disable your web server. This attack does not let remote users gain any sort of access to your computer, nor does it let local users gain any special access.
  Red Hat recommends upgrading apache on systems which are functioning as Internet servers.
  rpm -Uvh apache-1.2.6-5*rpm /etc/rc.d/init.d/httpd stop /etc/rc.d/init.d/httpd start
- (17-Feb-1998) Corrected version of package on ftp machine.
- (07-Jan-1998)Security Fix:Some potentially serious security flaws have been found in apache. While there problems do not allow any compromises by remote users, they do allow local users to gain access to the UID which apache is running as. Under all versions of Red Hat Linux, this is the user 'nobody', which greatly minimizes the impact of these problems.
- (31-Dec-1997)Security Fix:A denial-of-service attack against apache http servers was recentely discovered. This fixes the problem for 5.0.
Solution:
- Intel: Upgrade to apache-1.2.5-0.1.i386.rpm
- Alpha: Upgrade to apache-1.2.5-0.1.alpha.rpm
Package: Memory paging bug on PC164 (Alpha)
Updated: 24-Jul-1997
Problem:
- (24-Jul-1997) PC164 machines with 128 or 256 MB of RAM cannot load the Linux kernel from MILO.
Solution:
- Set the MILO MEMORY_SIZEboot parameter as follows:
  MILO> set MEMORY_SIZE=120
  (for 128 MB; use 252 for 256 MB)
- Use the following MILO image in place of your current MILO image: milo/milo-2029-pc164
Package: ncurses
Updated: 24-Jul-1998
Problem:
- (24-Jul-1998) Security Fix:
  Potential security problems have been identified in all versions of ncurses packages shipped with Red Hat Linux. Users of Red Hat Linux are recommended to upgrade to the new packages available under updates directory on our ftp site:
Solution:
- Intel: Upgrade to ncurses-1.9.9e-4.1.i386.rpm
- Intel: Upgrade to ncurses-devel-1.9.9e-4.1.i386.rpm
- Alpha: Upgrade to ncurses-1.9.9e-4.1.alpha.rpm
- Alpha: Upgrade to ncurses-devel-1.9.9e-4.1.alpha.rpm
- SPARC: Upgrade to ncurses-1.9.9e-4.1.sparc.rpm
- SPARC: Upgrade to ncurses-devel-1.9.9e-4.1.sparc.rpm
Package: initscripts
Updated: 24-Jul-1998
Problem:
- (24-Jul-1998) These initscripts are needed for people upgrading to the 2.0.35 or later kernels.
- (10-Mar-1998) Security Fix: The initscripts package has various temporary file creation race conditions. These bugs allow local users to create at least denial of service conditions and may allow local users to gain root access to affected systems. All systems with local users that do not have the root password should have these fixes applied. The fixes are available for Red Hat Linux 4.2. As always, these packages have been signed with the Red Hat PGP key.
- (05-Jun-1997) The initscripts shipped with Red Hat Linux 4.2 didn't properly check for the existence of /etc/ksyms, causing problems booting kernels built without support for loadable modules. Fixed in initscripts-2.93-1.
Solution:
- Intel: Upgrade to initscripts-2.96-1.i386.rpm
- Alpha: Upgrade to initscripts-2.96-1.alpha.rpm
- SPARC: Upgrade to initscripts-2.96-1.sparc.rpm
Package: NIS/NYS
Updated: 23-Jul-1997
Problem:
- (23-Jul-1997) There is an error in the Red Hat Linux User's Guide in Section 5.12, ``NIS/NYS Setup'': The sample yp.conf file for yp clients is incorrect.
- (23-Jul-1997) The Red Hat Linux User's Guide omitted proper information on setting up a yp client.
- (23-Jul-1997) The ypbind manual page was inadvertently included in the yp-clients package; it should have been excluded.
Solution:
- To properly set up a yp client under Red Hat Linux, perform the following steps:
  1. Add the following line to /etc/sysconfig/network:
    YP_DOMAIN=your-yp-domain-name
  2. Put the following shell script in /etc/rc.d/init.d/ypclient.init:
    #!/bin/sh # ypclient: Sets up the yp.client # Source function library. . /etc/rc.d/init.d/functions # Get the yp domain name . /etc/sysconfig/network /bin/domainname "$YP_DOMAIN"
  3. Make the ypclient.init script executable:
    chmod 0755 /etc/rc.d/init.d/ypclient.init
  4. Add the ypclient.init script to runlevel 3:
    ln -s ../init.d/ypclient.init /etc/rc.d/rc3.d/S63ypclient
  5. Put the following in /etc/yp.conf:
    domainname your-yp-domain-name ypserver your-yp-server-name
Package: Red Hat Linux Library doesn't work
Updated: 11-Jul-1997
Problem:
- (11-Jul-1997) The Red Hat Linux Library doesn't work on Red Hat Linux 4.2; running the rhlibrary command produces the following error message:
```
tixwish-tk4.1: command not found
          
```
Solution:
- Until a better solution is available, you can work around this problem by issuing the following commands:
```
su
ln -s tixwish4.1.7.6 /usr/bin/tixwish-tk4.1
          
```
Package: dosemu
Updated: 02-Jul-1998
Problem:
- (02-Jul-1998) Security Fix:
  Various security holes have been found that allow root access. All Red Hat users that use Dosemu, should upgrade.
Solution:
- Intel: Upgrade to dosemu-0.66.7-0.i386.rpm
Package: libtermcap
Updated: 08-Jul-1998
Problem:
- (02-Jul-1998) Security Fix:
  Security problems have been found that allow local users to gain root access. All Red Hat users should upgrade.
Solution:
- Intel: Upgrade to libtermcap-2.0.8-4.2.i386.rpm
- Alpha: Upgrade to libtermcap-2.0.8-4.2.alpha.rpm
- SPARC: Upgrade to libtermcap-2.0.8-4.2.sparc.rpm
Package: tin
Updated: 30-Jun-1998
Problem:
- (30-Jun-1998) Security Fix:
  Various problems have been found by the Linux Security Auditing Team. All Red Hat users should upgrade.
Solution:
- Intel: Upgrade to tin-1.22-6.1.i386.rpm
- Alpha: Upgrade to tin-1.22-6.1.alpha.rpm
- SPARC: Upgrade to tin-1.22-6.1.sparc.rpm
Package: slang
Updated: 30-Jun-1998
Problem:
- (30-Jun-1998) Security Fix:
  Various problems have been found by the Linux Security Auditing Team. All Red Hat users should upgrade.
Solution:
- Intel: Upgrade to slang-0.99.38-0.i386.rpm
- Alpha: Upgrade to slang-0.99.38-0.alpha.rpm
- SPARC: Upgrade to slang-0.99.38-0.sparc.rpm
Package: bind
Updated: 30-Jun-1998
Problem:
- (30-Jun-1998) Security Fix:
  More problems have been found by the Linux Security Auditing Team. All Red Hat users should upgrade.
- (09-Apr-1998) Security Fix:
  Major security problems have been found in all versions of bind which affect Red Hat Linux on all platforms. All users running bind hould upgrade as soon as possible.
  Thanks to CERT and the ISC for their handling of this problem (CA-98.05).
- (21-Jul-1997) Security Fix: Version 4.9.6 of the bind DNS name server is now available. It fixes security vulnerabilities which allowed third parties to alter DNS queries from previous versions of the name server. All Red Hat Linux systems running bind are vulnerable to this problem.
Solution:
- Intel: Upgrade to
  bind-4.9.7-0.i386.rpm
  bind-utils-4.9.7-0.i386.rpm
- Alpha: Upgrade to
  bind-4.9.7-0.alpha.rpm
  bind-utils-4.9.7-0.alpha.rpm
- SPARC: Upgrade to
  bind-4.9.7-0.sparc.rpm
  bind-utils-4.9.7-0.sparc.rpm
Package: metamail
Updated: 30-Jun-1998
Problem:
- (30-Jun-1998) Security Fix:
  More problems have been found by the Linux Security Auditing Team. All Red Hat users should upgrade.
- (12-Jun-1998) Security Fix:
  Various problems have been found by the Linux Security Auditing Team. All Red Hat users should upgrade.
- (01-Jun-1998)Security Fix: The metamail package has security problems. Thanks to Chris Evans for finding this problem.
Solution:
- Intel: Upgrade to metamail-2.7-7.5.i386.rpm
- Alpha: Upgrade to metamail-2.7-7.5.alpha.rpm
- SPARC: Upgrade to metamail-2.7-7.5.sparc.rpm
Package: mailx
Updated: 23-Jun-1998
Problem:
- (30-Jun-1998) Security Fix:
  More problems have been found by the Linux Security Auditing Team. All Red Hat users should upgrade.
- (23-Jun-1998) Security Fix:
  Various problems have been found by the Linux Security Auditing Team. All Red Hat users should upgrade.
- (12-Jun-1998) Security Fix:
  /tmp races have been found in the mailx package. All users of Red Hat Linux should upgrade this package.
Solution:
- Intel: Upgrade to mailx-8.1.1-0.2.i386.rpm
- Alpha: Upgrade to mailx-8.1.1-0.2.alpha.rpm
- SPARC: Upgrade to mailx-8.1.1-0.2.sparc.rpm
Package: elm
Updated: 23-Jun-1998
Problem:
- (23-Jun-1998) Security Fix:
  Various problems have been found by the Linux Security Auditing Team. All Red Hat users should upgrade.
- (15-May-1997) Security Fix: The version of elm shipped with all releases of Red Hat Linux has a security vulnerability which allows users on systems to read, delete, and forge other users' mail by gaining access to the mail group. elm-2.4.25-8 fixes this vulnerability.
Solution:
- Intel: Upgrade to elm-2.4.25-8.1.i386.rpm
- Alpha: Upgrade to elm-2.4.25-8.1.alpha.rpm
- SPARC: Upgrade to elm-2.4.25-8.1.sparc.rpm
Can't mount BackPack CD-ROM
Updated: 10-Jun-1997
Problem:
- (10-Jun-1997) Users who install Red Hat Linux/Intel 4.2 from a BackPack CD-ROM may find they can't mount the CD-ROM. This is because no /dev/bpcd device exists.
Solution:
- (10-Jun-1997) Until a fix is available, users can manually create a /dev/bpcd device using the following commands:
```
su
mknod /dev/bpcd b 41 0
chown root:disk /dev/bpcd
chmod 660 /dev/bpcd
          
```
  Users can then mount the BackPack CD-ROM using:
```
mount -t iso9660 /dev/bpcd /cdrom
          
```
  or by adding an entry to /etc/fstab using the Filesystem Configuration tool from the Control Panel.
Package: X11R6.1
Updated: 10-Jun-1997
Problem:
- (10-Jun-1997) Red Hat Linux/SPARC 4.2 as shipped has a broken PAM configuration for xdm that won't allow users to log in.
Solution:
- SPARC: Upgrade to X11R6.1-pl1-24.sparc.rpm
  xserver-wrapper-1.1-0.sparc.rpm
Package: findutils
Updated: 10-Jun-1998
Problem:
- (10-Jun-1998) Security Fix:
  Various, minor security problems were found in this package. Thanks to Kevin Vajk and Emmanuel Galanos for helping out with these.
- (09-Mar-1998) Security Fix: The findutils package has various temporary file creation race conditions. These bugs allow local users to create at least denial of service conditions and may allow local users to gain root access to affected systems. All systems with local users that do not have the root password should have these fixes applied. The fixes are available for Red Hat Linux 4.2. As always, these packages have been signed with the Red Hat PGP key.
Solution:
- Intel: Upgrade to findutils-4.1-11.3.i386.rpm
- Alpha: Upgrade to findutils-4.1-11.3.alpha.rpm
- SPARC: Upgrade to findutils-4.1-11.3.sparc.rpm
Package: bootp
Updated: 01-Jun-1998
Problem:
- (01-Jun-1998) Security Fix:
  The bootp package has security problems. Thanks to Chris Evans for finding this problem.
Solution:
- Intel: Upgrade to bootp-2.4.3-2.1.i386.rpm
- Alpha: Upgrade to bootp-2.4.3-2.1.alpha.rpm
- SPARC: Upgrade to bootp-2.4.3-2.1.sparc.rpm
Package: dhcpcd
Updated: 01-Jun-1998
Problem:
- (01-Jun-1998) Security Fix:
  The dhcpcd package has security problems. Thanks to Chris Evans for finding this problem. After upgrading, you must either reboot your machine or restart the daemon:
```
        /etc/rc.d/init.d/network stop; /etc/rc.d/init.d/network start
        
```
Solution:
- Intel: Upgrade to dhcpcd-0.65-0.i386.rpm
- Alpha: Upgrade to dhcpcd-0.65-0.alpha.rpm
- SPARC: Upgrade to dhcpcd-0.65-0.sparc.rpm
Packages: groff,rhs-printfilters,tetex
Updated: 24-Oct-1997
Problem:
- (24-Oct-1997)Security Fix: Numerous security holes have recentely been fixed in these packages. Most are minor problems with possible /tmp exploits. These fixes apply to all users of Red Hat 4.x releases. The mktemp package is now required to be installed for these fixes. It is available as an update for Red Hat 4.2.
Solution:
- Intel: Upgrade to:
  groff-1.10-8.1.i386.rpm
  mktemp-0.9-1.i386.rpm
  rhs-printfilters-1.41.1-1.i386.rpm
  tetex-dvips-0.4pl8-5.1.i386.rpm
- Alpha: Upgrade to:
  groff-1.10-8.1.alpha.rpm
  mktemp-0.9-1.alpha.rpm
  rhs-printfilters-1.41.1-1.alpha.rpm
  tetex-dvips-0.4pl8-5.1.alpha.rpm
- SPARC: Upgrade to:
  groff-1.10-8.1.sparc.rpm
  mktemp-0.9-1.sparc.rpm
  rhs-printfilters-1.41.1-1.sparc.rpm
  tetex-dvips-0.4pl8-5.1.sparc.rpm
Package: procps
Updated: 17-Apr-1998
Problem:
- (17-Apr-1998) Security Fix:
  A file creation and corruption bug in XConsole included in procps-X11 versions 1.2.6 and earlier has been found. An exploit which causes a Denial of Service condition preventing anyone other than root from logging into the computer has been found, and others may well be found.
  Red Hat, Inc. strongly recommends that you upgrade. Thanks to Alan Iwi for finding the bug.
Solution:
- Intel: Upgrade to:
  procps-1.2.7-0.i386.rpm
  procps-X11-1.2.7-0.i386.rpm
- Alpha: Upgrade to:
  procps-1.2.7-0.alpha.rpm
  procps-X11-1.2.7-0.alpha.rpm
- SPARC: Upgrade to:
  procps-1.2.7-0.sparc.rpm
  procps-X11-1.2.7-0.sparc.rpm
Package: lynx
Updated: 01-Apr-1998
Problem:
- (01-Apr-1998) Security Fix:
  Security problems have been found in lynx which allows remote web sites to cause lynx to do unwise things. Red Hat suggests all users of Red Hat Linux upgrade to the new release of lynx.
Solution:
- Intel: Upgrade to lynx-2.8-0.i386.rpm
- Alpha: Upgrade to lynx-2.8-0.alpha.rpm
- SPARC: Upgrade to lynx-2.8-0.sparc.rpm
Package: kbd
Updated: 25-Mar-1998
Problem:
- (25-Mar-1998) Security Fix:
  /tmp exploits have been found in this package. The new packages have been signed with Red Hat's PGP key.
  NOTE: there is no kbd package on the SPARC.
Solution:
- Intel: Upgrade to kbd-0.91-10.i386.rpm
- Alpha: Upgrade to kbd-0.91-10.alpha.rpm
Package: mh
Updated: 21-Mar-1998
Problem:
- (21-Mar-1998) Security Fix: Buffer overflows have been found in msgchk as included with the mh package in all versions of Red Hat. These overflows allow all users to gain root access to systems with them installed, and are distinct from the problems found in earlier versions of mh.
  If you do not need the mh package, the easiest fix for this problem is to:
  rpm -e mh
  If you do need it, fixes are available for users of Red Hat 4.2. As always, these packages have been signed with the Red Hat PGP key.
- (20-Jan-1998) Buffer overflows that allow users to gain root access.
- (17-Feb-1998) Corrected version of update.
Solution:
- Intel: Upgrade to mh-6.8.3-15.i386.rpm
- Alpha: Upgrade to mh-6.8.3-15.alpha.rpm
- SPARC: Upgrade to mh-6.8.3-15.sparc.rpm
Package: ncftp
Updated: 20-Mar-1998
Problem:
- (20-Mar-1998) Security Fix: All versions of ncftp packages for Red Hat Linux have /tmp symlink attacks. New packages are available for Red Hat 4.2 which fix these problems. All users of Red Hat Linux are encouraged to upgrade to the new ncftp releases immediately. As always, these packages have been signed with the Red Hat PGP key.
  Thanks to the contributors of BUGTRAQ for finding and fixing this bug.
Solution:
- Intel: Upgrade to ncftp-2.4.3-0.i386.rpm
- Alpha: Upgrade to ncftp-2.4.3-0.alpha.rpm
- SPARC: Upgrade to ncftp-2.4.3-0.sparc.rpm
Package: textutils
Updated: 09-Mar-1998
Problem:
- (09-Mar-1998) Security Fix: The textutils package has various temporary file creation race conditions. These bugs allow local users to create at least denial of service conditions and may allow local users to gain root access to affected systems. All systems with local users that do not have the root password should have these fixes applied. The fixes are available for Red Hat Linux 4.2. As always, these packages have been signed with the Red Hat PGP key.
Solution:
- Intel: Upgrade to textutils-1.22-1.1.i386.rpm
- Alpha: Upgrade to textutils-1.22-1.1.alpha.rpm
- SPARC: Upgrade to textutils-1.22-1.1.sparc.rpm
Package: perl
Updated: 09-Mar-1998
Problem:
- (09-Mar-1998) Security Fix: All versions of perl for Red Hat Linux have /tmp symlink attacks. New packages are available for Red Hat 4.2 which fix these problems. The updates have been PGP signed with the Red Hat public key to ensure their authenticity.
- (15-Nov-1997) Security Fix: A(nother) buffer overrun has been found in perl 5.003, allowing users to gain root access through sperDthrough sperl. Upgrading to perl 5.004 fixes this problem. The updates have been PGP signed with the Red Hat public key to ensure their authenticity.
Solution:
- Intel: Upgrade to perl-5.004-0.1.i386.rpm
- Alpha: Upgrade to perl-5.004-0.1.alpha.rpm
- SPARC: Upgrade to perl-5.004-0.1.sparc.rpm
Package: gzip
Updated: 28-Jan-1998
Problem:
- (28-Jan-1998)The executable gzexe , part of the gzip package, uses files in /tmp withh very predictable names. This can allow users to destroy contents of files on your system. As most systems do not use gzexe, this is potentially not a problem. However, Red Hat reccomends upgrading to the new versions to avoid future problems.
Solution:
- Intel: Upgrade to:
  gzip-1.2.4-7.1.i386.rpm
  mktemp-0.9-1.i386.rpm
- Alpha: Upgrade to:
  gzip-1.2.4-7.1.alpha.rpm
  mktemp-0.9-1.alpha.rpm
- Alpha: Upgrade to:
  gzip-1.2.4-7.1.sparc.rpm
  mktemp-0.9-1.sparc.rpm
Package: setserial
Updated: 13-Jan-1998
Problem:
- (13-Jan-1998): util-linux update for 4.2 doesn't include setserial. This package is needed to finish the update.
Solution:
- Intel: Upgrade to setserial-2.12-1.i386.rpm
- Alpha: Upgrade to setserial-2.12-1.alpha.rpm
- SPARC: Upgrade to setserial-2.12-1.sparc.rpm
Package: netcfg
Updated: 31-Oct-1997
Problem:
- (31-Oct-1997)Security Fix: netcfg-2.16-1 contained a security hole in that if you edit an ethernet interface and enabled the option to bring up the interface at boot time the interface was also set to be controllable by users. This is a denial of service attack because any user on your system has the ability to bring down the ethernet device at will. netcfg-2.16-1.1fixes this bug. However, fixing this potential denial-of-service attack may require one extra action on your part. If you edited any ethernet interfaces with netcfg, install netcfg-2.16-1.1, edit the ethernet interfaces, turn off the "Any user can (de)activate interface" option, and save the change.
Solution:
- Intel: Upgrade to:
  netcfg-2.16-1.1.i386.rpm
- Alpha: Upgrade to:
  netcfg-2.16-1.1.alpha.rpm
- SPARC: Upgrade to:
  netcfg-2.16-1.1.sparc.rpm
Packages: traceroute, man
Updated: 23-Sep-1997
Problem:
- (23-Sep-1997)Security Fix:There are now fixes for a number of security problems available. These fixes fix problems in the man and traceroute commands and in the finger, ftp, and tftp daemons. Red Hat strongly encourages all users of Red Hat 4.2 to upgrade to these packages. The man and traceroute fixes will work on any Red Hat 4.x release. Users of Red Hat 4.0 and 4.1 should disable the finger, ftp, and tftp services (note that tftp is turned off by default on Red Hat systems) until they can upgrade to Red Hat 4.2 with these fixes. Thanks to all of the folks who helped find these problems, including (but not limited to) David Holland, Olaf Kirch, and Alan Cox. All of these packages have been PGP-signed with the Red Hat PGP key.
Solution:
- Intel: Upgrade to:
  traceroute-1.4a5-1.i386.rpm
  man-1.4j-1.i386.rpm
- Alpha: Upgrade to:
  traceroute-1.4a5-1.alpha.rpm
  man-1.4j-1.alpha.rpm
- SPARC: Upgrade to:
  traceroute-1.4a5-1.sparc.rpm
  man-1.4j-1.sparc.rpm
Packages: kernelcfg, pythonlib
Updated: 11-Aug-1997
Problem:
- (05-Jun-1997) kernelcfg (the Kernel Configurator control-panel tool) stops working in some circumstances, including after upgrading from Red Hat Linux 4.0 or Red Hat Linux 4.1 or after building a custom kernel.
Note:
- (05-Jun-1997) As an alternative to installing the update below, you may manually fix the problem using the following command as the root user:
```
rpm -q kernel --qf '%{postin}' | sh -x
```
- (11-Aug-1997)pythonlib-1.18 caused problems when the User Group tool was used with shadow passwords; pythonlib-1.19 fixes these problems. If you used the User Group tool to create users on a system that uses shadow passwords, check to see whether passwords have migrated into the password file for users created with the User Group tool with shadow passwords in effect.
Solution:
- Intel: Upgrade to
  kernelcfg-0.4-1.i386.rpm
  pythonlib-1.19-1.i386.rpm
- Alpha: Red Hat Linux/Alpha doesn't use kernelcfg.
- SPARC: This update is not available for Red Hat Linux/SPARC.
Packages: inn,inews
Updated: 08-Aug-1997
Problem:
- (08-Aug-1997) Security Fix: Security holes in INN are fixed by the following packages.
Solution:
- Intel: Upgrade to
  inn-1.5.1sec2-2.i386.rpm
  inn-devel-1.5.1sec2-2.i386.rpm
  inews-1.5.1sec2-2.i386.rpm
- Alpha: Upgrade to
  inn-1.5.1sec2-2.alpha.rpm
  inn-devel-1.5.1sec2-2.alpha.rpm
  inews-1.5.1sec2-2.alpha.rpm
- SPARC: Upgrade to
  inn-1.5.1sec2-2.sparc.rpm
  inn-devel-1.5.1sec2-2.sparc.rpm
  inews-1.5.1sec2-2.sparc.rpm
Package: ld.so
Updated: 18-Jul-1997
Problem:
- (18-Jul-1997) Security Fix: There is a buffer overflow in Linux's ELF program loader on Intel and SPARC platforms. New versions of the ld.so and ld.so-sparc packages are available which fix the problem.
Solution:
- Intel: Upgrade to ld.so-1.7.14-5.i386.rpm
- Alpha: Red Hat Linux/Alpha doesn't use ld.so
- SPARC: Upgrade to ld.so-sparc-1.8.3-3.sparc.rpm
Package: db
Updated: 09-Jul-1997
Problem:
- (09-Jul-1997) Security Fix: db-1.85 contains a possible security problem involving snprintf(); no attacks exploiting this minor problem are currently known. The problem is fixed in db-1.85-11.
Note:
- (09-Jul-1997) When you install this update, rpm may complain about failed dependencies; if so, you may install this update without problems using one of the following commands:
```
rpm -Uvh --nodeps db-1.85-11.i386.rpm db-devel-1.85-11.i386.rpm
```
  or:
```
rpm -Uvh --nodeps db-1.85-11.sparc.rpm db-devel-1.85-11.sparc.rpm
```
Solution:
- Intel: Upgrade to
  db-1.85-11.i386.rpm
  db-devel-1.85-11.i386.rpm
- Alpha: The db package is not available for Red Hat Linux/Alpha
- SPARC: Upgrade to
  db-1.85-11.sparc.rpm
  db-devel-1.85-11.sparc.rpm
Package: pwdb
Updated: 05-Jun-1997
Problem:
- (05-Jun-1997) The pwdb package as shipped with Red Hat Linux 4.2 had some problems with the shadow password implementation. Also, on Red Hat Linux/SPARC only, new passwords could not be set with the passwd program. pwdb-0.54-4 fixes these problems.
Note:
- (20-Jun-1997) A few people have reported that they had problems with NIS when using pwdb-0.54-3, and that those problems were resolved by using pwdb-0.54-4. Please note, however, that pwdb does not currently include support for changing passwords. The yppasswd program is still required for changing passwords when using NIS.
Solution:
- Intel: Upgrade to pwdb-0.54-4.i386.rpm
- Alpha: Upgrade to pwdb-0.54-4.alpha.rpm
- SPARC: Upgrade to pwdb-0.54-4.sparc.rpm
Package: kaffe
Updated: 05-Jun-1997
Problem:
- (05-Jun-1997) The kaffe package is missing symbolic links, which makes it difficult to run properly. Fixed in kaffe-0.8.3-6.
Solution:
- Intel: Upgrade to
  kaffe-0.8.3-6.i386.rpm
  kaffe-bissawt-0.8.3-6.i386.rpm
- Alpha: Upgrade to
  kaffe-0.8.3-6.alpha.rpm
  kaffe-bissawt-0.8.3-6.alpha.rpm
- SPARC: Upgrade to
  kaffe-0.8.3-6.sparc.rpm
  kaffe-bissawt-0.8.3-6.sparc.rpm
Package: mkinitrd
Updated: 05-Jun-1997
Problem:
- (05-Jun-1997) A small bug in mkinitrd makes it impossible to create a working boot image on a very few SCSI platforms with unusual configurations. mkinitrd-1.7-1 fixes this problem.
Solution:
- Intel: Upgrade to mkinitrd-1.7-1.i386.rpm
- Alpha: Red Hat Linux/Alpha doesn't use mkinitrd
- SPARC: Upgrade to mkinitrd-1.7-1.sparc.rpm

Select Your Language

Red Hat Linux 4.2 Errata

Risk level: SMALL

Description

Quick Links

Help

Site Info

Related Sites

About

Red Hat legal and privacy links

Red Hat legal and privacy links

Red Hat Linux 4.2 Errata

Risk level: SMALL

Description

Quick Links

Help

Site Info

Related Sites

Systems Status

About

Red Hat legal and privacy links

Red Hat legal and privacy links