Red Hat Linux 5.2 Errata
- 29-Jul-1999: squid (RHSA-1999:025)
- 29-Jul-1999: samba (RHSA-1999:022)
- 07-Jul-1999: rpm (RHSA-1999:018)
- 24-Jun-1999: nfs (RHSA-1999:016)
- 11-Jun-1999: timetool
- 10-Jun-1999: wu-ftpd
- 10-Jun-1999: imap
- 27-May-1999: mod_perl
- 25-May-1999: Security: Netscape
- 16-Apr-1999: NFS
- 16-Apr-1999: rsync
- 16-Apr-1999: procmail
- 16-Apr-1999: lpr
- 01-Apr-1999: XFree86
- 01-Apr-1999: pine
- 01-Apr-1999: mutt
- 06-Nov-1998: zgv
- 01-Apr-1998: sysklogd
- 19-Feb-1999: lsof
- 09-Feb-1999: minicom
- 02-Feb-1999: dump
- 02-Feb-1999: perl
- 02-Feb-1999: Xconfigurator
- 19-Jan-1999: fvwm2
- 03-Jan-1999: kernel
- 03-Jan-1999: pam
- 03-Jan-1999: New Boot Images
- 22-Dec-1998: ftp client
- 13-Nov-1998: Security: libc5
- 13-Nov-1998: Unable to Select PackagesDuring Install (Alpha)
- 06-Nov-1998: Security: svgalib
-
Package: rpm
| Synopsis: | Rpm 3.0.2 release for all Red Hat platforms |
| Advisory ID: | RHEA-1999:018-01 |
| Issue date: | 1999-07-07 |
| Keywords: | rpm |
1. Topic:
This release of rpm is intended to permit all Red Hat platforms to use the same version of rpm.
2. Bug IDs fixed:
The most significant user-visible bugs fixed in rpm-3.0.2 are
#2727 tetex after upgrade is missing files
#2916 Cannot verify installed package against package.rpm
#3449 Build of a noarch source package dumps core
3. Relevant releases/architectures:
Red Hat Linux 5.x, all architectures
4. Obsoleted by:
None
5. Conflicts with:
Packages that are linked with rpm-2.5.x libraries. This includes rpmfind, rpm2html, gnorpm, and kpackage. You will need to upgrade to a version of these packages that have been linked with rpm-3.0.x libraries.
6. RPMs required:
Intel:
ftp://archive.download.redhat.com/pub/redhat/linux/updates/5.2/en/os/i386/
rpm-3.0.2-5.x.i386.rpm
rpm-devel-3.0.2-5.x.i386.rpm
Alpha:
ftp://archive.download.redhat.com/pub/redhat/linux/updates/5.2/en/os/alpha/
rpm-3.0.2-5.x.alpha.rpm
rpm-devel-3.0.2-5.x.alpha.rpm
SPARC:
ftp://archive.download.redhat.com/pub/redhat/linux/updates/5.2/en/os/sparc/
rpm-3.0.2-5.x.sparc.rpm
rpm-devel-3.0.2-5.x.sparc.rpm
Source:
ftp://archive.download.redhat.com/pub/redhat/linux/updates/5.2/en/os/SRPMS/
rpm-3.0.2-5.x.src.rpm
7. Problem description:
This release of rpm is intended to permit all Red Hat platforms to use the same version of rpm.
8. Solution:
Upgrade to the latest errata release of rpm by downloading the correct rpm and rpm-devel packages for your architecture and version of Red Hat Linux.
You should install the packages by typing (assuming Red Hat 6.0/en/os/i386)
rpm -U rpm-3.0.2-6.0.i386.rpm rpm-devel-3.0.2-6.0.i386.rpm
If you are upgrading from rpm-2.5.x, you should then type
rpm --rebuilddb
because the database format has changed in rpm-3.0. (Note: if you
decide to reinstall rpm-2.5.x, you should also type "rpm --rebuilddb" after
reinstalling rpm-2.5.x in order to convert the database format back to
the form used by rpm-2.5.x).
If you use rpm to build packages, please note that the method of configuring rpm has changed. The commonest configuration problem encountered by packagers who upgrade is how to set topdir to something other than /usr/src/redhat:
In rpm-2.5.x, you would put the following in ~/.rpmrc topdir: /path/to/your/directory/here
In rpm-3.0.x, you should put the following in ~/.rpmmacros %_topdir /path/to/your/directory/here
9. Verification:
MD5 sum Package Name -------------------------------------------------------------------------- 8918ae8ed68a26745b0377c70b35339a 5.2/en/os/i386/rpm-3.0.2-5.x.i386.rpm 2e978540f2eb07a3f20131dfae6cd04f 5.2/en/os/i386/rpm-devel-3.0.2-5.x.i386.rpm 5af3d4d74fe67fd126c203599595857e 5.2/en/os/alpha/rpm-3.0.2-5.x.alpha.rpm ea70406e65d2d3a14a1177736927eef9 5.2/en/os/alpha/rpm-devel-3.0.2-5.x.alpha.rpm f3a5e6e32cdb401def5115aa866b1248 5.2/en/os/sparc/rpm-3.0.2-5.x.sparc.rpm 69931f1feae0b975667c3670c371ac50 5.2/en/os/sparc/rpm-devel-3.0.2-5.x.sparc.rpm 34d0fc0512071c6b2b2a97bd0e09a2f7 5.2/en/os/SRPMS/rpm-3.0.2-5.x.src.rpmThese packages are also PGP signed by Red Hat Inc. for security. Our key is available at: http://www.redhat.com/about/contact/pgpkey.html
You can verify each package with the following command:
rpm --checksig
If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
rpm --checksig --nopgp 10. References:
1. Topic:
A potential security problem has been fixed in the nfs-server package.
2. Bug IDs fixed:
3. Relevant releases/architectures:
Red Hat Linux 5.2, all architectures
4. Obsoleted by:
None
5. Conflicts with:
None
6. RPMs required:
Intel:
ftp://archive.download.redhat.com/pub/redhat/linux/updates/5.2/en/os/i386/
nfs-server-2.2beta44-1.i386.rpm Alpha:
ftp://archive.download.redhat.com/pub/redhat/linux/updates/5.2/en/os/alpha/
nfs-server-2.2beta44-1.alpha.rpm SPARC:
ftp://archive.download.redhat.com/pub/redhat/linux/updates/5.2/en/os/sparc/
nfs-server-2.2beta44-1.sparc.rpm 7. Problem description:
A change to 32 bit uid_t's within glibc 2.0.x has opened a potential
hole in root-squashing.
8. Solution:
9. Verification:
10. References:
Updated: 10-Jun-1999
Problem
A more complete description of current problems with wu-ftpd may be found at
http://bugzilla.redhat.com/bugzilla
by querying the wu-ftpd component. Bugs #2798 and #2944 describe the
file globbing failure symptoms, #2455 describes the ftpwho symptoms.
Users of Red Hat Linux should upgrade to a new version of wu-ftpd in order
to fix these problems.
Solution:
Red Hat 5.x: Updated: 10-Jun-1999
Problem:
This is a security errata for the imap package that corrects a known
ipop2d exploit in Red Hat 4.x and Red Hat 5.x.
A more complete description of current problems with imap may be found at
http://bugzilla.redhat.com/bugzilla
by querying the imap component. Bug #3161 is the report of ipop2d exploit.
Users of Red Hat Linux 4.x and 5.x should upgrade to the new version of imap
in order to correct this security problem.
Solution: Updated: 11-Jun-1999
Problem:
Solution:
Updated: 27-May-1999
Problem:
The mod_perl Apache module shipped with Red Hat Linux 5.2 and Secure
Web Server 2.0 does not function properly with the latest errata
release of perl available for that platform (perl-5.004m7-1). This is
due to dependencies within mod_perl on perl itself.
Users which rely on mod_perl functionality are encouraged to upgrade
to a fixed version available at the following locations:
Solution:
Updated: 16-Apr-1999
Problem:
Due to many reports of security breaches of Red Hat systems
from NFS, we have updated the NFS for other versions of RH
Linux to the latest. We have done the same for RH 5.2. This
version fixes several small Denial of Service problems.
Solution: Updated: 16-Apr-1999
Problem:
Potential security problems have been identified in the
rsync package shipped with Red Hat Linux 5.2. A user can not
exploit this hole deliberately to gain privileges (ie. this
is not an "active" security hole) but a system administrator
could easily be caught by the bug and inadvertently
compromise the security of their system.
Red Hat would like to thank Andrew Tridgel for providing an
update that fixed the problem.
Users of Red Hat Linux are recommended to upgrade to the
new packages available under updates directory on our ftp site:
Solution:
Updated: 16-Apr-1999
Problem:
Potential security problems have been identified in all the
procmail packages shipped with Red Hat Linux. Currently Red
Hat is not aware of any exploits built on these
vulnerabilities.
Red Hat would like to thank the members of the Bugtraq list
for reporting these problems and the authors of procmail for
quickly providing an update.
Users of Red Hat Linux are recommended to upgrade to the new
packages available under updates directory on our ftp site:
Solution:
Updated: 16-Apr-1999
Problem:
Solution:
Updated: 01-Apr-1999
Problem:
Security vulnerabilities have been identified in the XFree86
packages that ship with Red Hat Linux. This security problem
can allow local users to get write access to directories
that they are otherwise not able to write to.
Red Hat would like to thank the members of the BUGTRAQ
mailing list, the members of the Linux Security Audit team,
and others. All users of Red Hat Linux are encouraged to
upgrade to the new packages immediately. As always, these
packages have been signed with the Red Hat PGP key.
New RPMs for XFree86 3.3.3.1 (X11) are available for Red Hat
Linux 4.2 and 5.x on all platforms. This new release is
primarily a bugfix release. It corrects problems with a few
drivers (especially the 3D Labs slowdown problem), fixes
Russian KOI8 font support, and fixes the font server xfs,
which was inadvertently broken in our release of XFree86
3.3.3.
Please see the official release notes at
http://www.xfree86.org/#news for further
information.
Solution:
In some circumstances, you may be required to add --force
and/or --nodeps to the rpm command line options to insure
a proper upgrade. Add these options if the command line given
gives an error.
Required RPMS
You will want one of the following RPMS for your video
card.
You might want one or more of these RPMS if you do
development. Further Instructions
For instructions on upgrading users should read the Red Hat XFree86 upgrade
howto. This document is in its initial drafts, but should be
useful.
Updated: 01-Apr-1999
Problem:
An problem in the mime handling code could allow a remote
user to execute certain commands on a local system.
Red Hat would like to thank the members of the BUGTRAQ
mailing list, the members of the Linux Security Audit team,
and others. All users of Red Hat Linux are encouraged to
upgrade to the new packages immediately. As always, these
packages have been signed with the Red Hat PGP key.
Solution:
Further Instructions
Updated: 01-Apr-1999
Problem:
An problem in the mime handling code could allow a remote
user to execute certain commands on a local system.
Red Hat would like to thank the members of the BUGTRAQ
mailing list, the members of the Linux Security Audit team,
and others. All users of Red Hat Linux are encouraged to
upgrade to the new packages immediately. As always, these
packages have been signed with the Red Hat PGP key.
Solution:
Updated: 01-Apr-1999
Problem:
Red Hat would like to thank the members of the BUGTRAQ
mailing list, the members of the Linux Security Audit team,
and others. All users of Red Hat Linux are encouraged to
upgrade to the new packages immediately. As always, these
packages have been signed with the Red Hat PGP key.
Auditors of zgv have found buffer overflows that could be
exploited to gain root privileges.
Red Hat would like to thank the users of the BUGTRAQ security
list for identifying the problem and Kevin Vajk
Solution:
Updated: 01-Apr-1999
Problem:
An overflow in the parsing code could lead to crashes of
the system logger.
Red Hat would like to thank the members of the BUGTRAQ
mailing list, the members of the Linux Security Audit team,
and others. All users of Red Hat Linux are encouraged to
upgrade to the new packages immediately. As always, these
packages have been signed with the Red Hat PGP key.
A buffer overflow has been identified in all versions of the
sysklogd packages shipped with Red Hat Linux. As the time of this
post there are no known exploits for this security vulnerability.
Red Hat would like to thank Michal Zalewski (lcamtuf@IDS.PL)
and the members of the Bugtraq mailing list for discovering this
problem and providing a fix.
Users of Red Hat Linux are recommended to upgrade to the new
packages available under updates directory on our ftp site:
Solution:
Further Instructions
Once you have downloaded the sysklogd package for your architecture,
you will need to do the following as root:
Updated: 19-Feb-1999
Problem:
Red Hat Linux 5.2 is shipping with a vulnerable version of
lsof. The lsof binary is shipped setgid kmem and by
exploiting a buffer overflow a user will be able to get kmem
group access. Fortunately the permissions on /dev/kmem on
Red Hat Linux will only grant read only access to kmem group
members, so this exploit can not be used to get root
access.
There is an exploit floating around the net for this
security problem which is based on the fact that some
distributions grant both read and write access for the kmem
group members to /dev/kmem.
Red Hat would like to thank HERT - Hacker Emergency
Response Team - for bringing this problem to our attention.
Although this security hole can not be used to get root
access on Red Hat Linux, there are privacy concerns that
prompt us to release a security update for the lsof
package. All users of Red Hat Linux 5.2 are encouraged to
upgrade to the new lsof packages immediately. As always,
these packages have been signed with the Red Hat PGP key.
Solution:
Further Instructions:
You may get an error using this version of lsof if you have not
upgraded to the 2.0.36-1 or 2.0.36-3 kernel RPMs.
Updated: 09-Feb-1999
Problem:
Current minicom packages have permissions set to allow all
users to access a modem on a system. This update fixes this
problem limiting users to those listed in the minicom
configuration file.
New packages are available for the supported versions of Red
Hat Linux. All users of Red Hat Linux are encouraged to
upgrade to the new minicom releases immediately. As always,
these packages have been signed with the Red Hat PGP key.
Solution: Updated: 02-Feb-1999
Problem:
Solution:
Further Instructions
You should be able to upgrade the package using RPM. Example:
Updated: 02-Feb-1999
Problem:
Solution:
Further Instructions
You should be able to upgrade the package using RPM. Example:
Updated: 02-Feb-1999
Problem:
Solution:
Further Instructions
You should be able to upgrade the package using RPM. Example:
Updated: 19-Jan-1999
Problem:
Solution:
Updated: 03-Jan-1999
Problem:
Red Hat has further patched the standard 2.0.36 kernel
with updated drivers for the Adaptec 7xxx cards, NCR scsi,
3com 905B, and some other patches.
Several security holes were found in the Linux kernel and
patched in the 2.0.36 kernel. Users should upgrade to patch
these problems. The announcement can be found here.
Solution:
You will need to recompile the source code for your
platform.
Due to differences between versioning, Red Hat has patched
the 2.0.35 kernel with the security fixes that are in the
2.0.36 kernel.
Further Instructions
For instructions on upgrading users should read the Red Hat kernel upgrade howto.
While the howto focuses on intel, there are sub
chapters for upgrading alpha and sparc machines.
Updated: 03-Jan-1999
Problem:
The default configuration as shipped with the
supported releases of Red Hat Linux is not vulnerable
to this problem.
A race condition that can be exploited under some
particular scenarios has been identified in all
versions of the Linux-PAM library shipped with all
versions of Red Hat Linux. The vulnerability is
exhibited in the pam_unix_passwd.so module included in
Red Hat Linux, but *not* used by either of the 4.2 or
5.x releases. Red Hat Linux uses the pam_pwdb.so
module for performing PAM authentication.
You are at risk if you enabled pam_unix_passwd.so
and are using it instead of the pam_pwdb.so module. An
exploit occurs when an user with a umask setting of 0
is trying to change the login password.
As of this release there are no known exploits of
this security problem.
Solution:
Updated: 01-Feb-1999
Problem:
New boot and supplemental floppy images have been uploaded
to correct the following problems:
You will need to download these image files to your
harddrive since they are the exact size of a formatted
floppy disk (and thus will not fit).
You will then need to use the DOS rawrite.exe
command found on the CD-rom, or if you have Linux installed
on another machine, can use the dd command to write
the image to the floppy using:
Solution:
Further Instructions
Users experiencing problems with aic7xxx or
ncr53c8xx drivers need to go to
This will put the correct driver in the initrd that gets created
before lilo is installed.
Users will be able to install using 3c905B in 100 Mbps mode.
After reboot the card will be using the old driver,
therefore it will not be able to enter 100 Mbps mode.
Updating to the new kernel rpm will correct this.
Updated: 22-Dec-1998
Problem:
A security vulnerability has been identified in all versions
of the ftp client binary shipped with Red Hat Linux. An
exploit for this vulnerability would have to rely on getting
the user to connect using passive mode to a server running a
ftp daemon under the attacker's control. As of this release
time there are no known exploits of this security problem.
All users of Red Hat Linux are encouraged to upgrade to the
new package releases immediately. As always, these packages
have been signed with the Red Hat PGP key.
Solution:
Further Instructions
Once you have downloaded the NetKit package for your
architecture, you will need to do the following as root:
Updated: 25-May-1999
Problem:
New netscape packages are available. While these are not
specifically security updates, among the changes listed
are 'Fixes to improve security'; therefore it is recommended
that users update to the new packages.
Solution:
Updated: 22-Dec-1998
Problem:
Package: nfs
Synopsis:
Potential security problem in Red Hat 5.2 nfs-server.
Advisory ID:
RHSA-1999:016-01
Issue date:
1999-06-24
Keywords:
nfs-server root-squashing security
nfs-server-clients2.2beta44-1.i386.rpm
nfs-server-clients-2.2beta44-1.alpha.rpm
nfs-server-clients-2.2beta44-1.sparc.rpm
MD5 sum Package Name
--------------------------------------------------------------------------
98bd10854eb9da9ee48d2217055a6979 SRPMS/nfs-server-2.2beta44-1.src.rpm
28da963f934cd376f8cfd0ce7c56747c alpha/nfs-server-2.2beta44-1.alpha.rpm
894c145fa449c7444b155304a1c5c29e alpha/nfs-server-clients-2.2beta44-1.alpha.rpm
0780a208a3053c0e127bfee37eb255e3 i386/nfs-server-2.2beta44-1.i386.rpm
823cae1b9bf28640ff933d1783d581c4 i386/nfs-server-clients-2.2beta44-1.i386.rpm
e2578175851a9c50975d289ae4baebfd sparc/nfs-server-2.2beta44-1.sparc.rpm
e66a63a62f6988ad6885f7a1acb746a8 sparc/nfs-server-clients-2.2beta44-1.sparc.rp
These packages are also PGP signed by Red Hat Inc. for security. Our
key is available at:
http://www.redhat.com/about/contact/pgpkey.html
This is a maintenance release of the wu-ftpd package that corrects problems
with file name globbing that were broken in a previous errata. In addition,
the packages upgrade to the latest version of wu-ftpd with all known
exploits fixed on all current Red Hat releases. A problem with ftpwho
not displaying complete information has also been fixed.
rpm -Uvh wu-ftpd-2.5.0-0.5.2.i386.rpm
rpm -Uvh wu-ftpd-2.5.0-0.5.2.sparc.rpm
rpm -Uvh wu-ftpd-2.5.0-0.5.2.alpha.rpm
rpm -Uvh wu-ftpd-2.5.0-0.5.2.src.rpm
rpm -Uvh imap-4.5-0.5.2.i386.rpm
rpm -Uvh imap-4.5-0.5.2.alpha.rpm
rpm -Uvh imap-4.5-0.5.2.sparc.rpm
rpm -Uvh imap-4.5-0.5.2.src.rpm
The "timetool" time and date configuration utility shipped with Red Hat
Linux 4.2 and 5.2 has been found to represent the year 2000 as a
non-leapyear, when in fact February 29, 2000 is a valid date. The
timetool shipped with Red Hat Linux 6.0 does not have this issue.
Users of Red Hat Linux 4.x and 5.x should upgrade to a fixed version
of the timetool, which is available at the following locations:
rpm -Uvh timetool-2.6-1.5.noarch.rpm
ftp://archive.download.redhat.com/pub/redhat/linux/updates/5.2/en/os/i386/mod_perl-1.19-1.i386.rpm
ftp://archive.download.redhat.com/pub/redhat/linux/updates/5.2/en/os/alpha/mod_perl-1.19-1.alpha.rpm
ftp://archive.download.redhat.com/pub/redhat/linux/updates/5.2/en/os/sparc/mod_perl-1.19-1.sparc.rpm
nfs-server-2.2beta40-1.i386.rpm
nfs-server-clients-2.2beta40-1.i386.rpm
nfs-server-2.2beta40-1.alpha.rpm
nfs-server-clients-2.2beta40-1.alpha.rpm
nfs-server-2.2beta40-1.sparc.rpm
nfs-server-clients-2.2beta40-1.sparc.rpm
ftp://archive.download.redhat.com/pub/redhat/linux/updates/5.2/en/os/i386/rsync-2.3.1-0.i386.rpm
ftp://archive.download.redhat.com/pub/redhat/linux/updates/5.2/en/os/alpha/rsync-2.3.1-0.alpha.rpm
ftp://archive.download.redhat.com/pub/redhat/linux/updates/5.2/en/os/sparc/rsync-2.3.1-0.sparc.rpm
ftp://archive.download.redhat.com/pub/redhat/linux/updates/5.2/en/os/i386/procmail-3.13.1-1.i386.rpm
ftp://archive.download.redhat.com/pub/redhat/linux/updates/5.2/en/os/alpha/procmail-3.13.1-1.alpha.rpm
ftp://archive.download.redhat.com/pub/redhat/linux/updates/5.2/en/os/sparc/procmail-3.13.1-1.sparc.rpm
Security vulnerabilities have been found in the versions of lpr
that ship with Red Hat Linux. Thanks go to the Linux Security
Audit team for discovering the vulnerability. It is recommended
that all users of Red Hat Linux upgrade to the new packages.
ftp://archive.download.redhat.com/pub/redhat/linux/updates/5.2/en/os/i386/lpr-0.35-0.5.2.i386.rpm
ftp://archive.download.redhat.com/pub/redhat/linux/updates/5.2/en/os/alpha/lpr-0.35-0.5.2.alpha.rpm
ftp://archive.download.redhat.com/pub/redhat/linux/updates/5.2/en/os/sparc/lpr-0.35-0.5.2.sparc.rpm
All updates can be found at ftp
updates
Server RPMS
Optional RPMS
All updates can be found at ftp updates
rpm -Uvh ftp://archive.download.redhat.com/pub/redhat/linux/updates/5.2/en/os/alpha/XFree86-libs-3.3.3.1-1.1.alpha.rpm
rpm -Uvh ftp://archive.download.redhat.com/pub/redhat/linux/updates/5.2/en/os/alpha/XFree86-3.3.3.1-1.1.alpha.rpm
All updates can be found at ftp updates
rpm -Uvh ftp://archive.download.redhat.com/pub/redhat/linux/updates/5.2/en/os/sparc/XFree86-libs-3.3.3.1-1.1.sparc.rpm
rpm -Uvh ftp://archive.download.redhat.com/pub/redhat/linux/updates/5.2/en/os/sparc/XFree86-3.3.3.1-1.1.sparc.rpm
rpm -Uvh ftp://archive.download.redhat.com/pub/redhat/linux/updates/5.2/en/os/i386/pine-4.10-1.i386.rpm
rpm -Uvh ftp://archive.download.redhat.com/pub/redhat/linux/updates/5.2/en/os/alpha/pine-4.10-1.alpha.rpm
rpm -Uvh ftp://archive.download.redhat.com/pub/redhat/linux/updates/5.2/en/os/sparc/pine-4.10-1.sparc.rpm
rpm -Uvh ftp://archive.download.redhat.com/pub/redhat/linux/updates/5.2/en/os/i386/mutt-0.95.4us-0.i386.rpm
rpm -Uvh ftp://archive.download.redhat.com/pub/redhat/linux/updates/5.2/en/os/alpha/mutt-0.95.4us-0.alpha.rpm
rpm -Uvh ftp://archive.download.redhat.com/pub/redhat/linux/updates/5.2/en/os/sparc/mutt-0.95.4us-0.sparc.rpm
Local users could gain root access.
rpm -Uvh ftp://archive.download.redhat.com/pub/redhat/linux/updates/5.2/en/os/i386/zgv-3.0-7.i386.rpm
rpm -Uvh ftp://archive.download.redhat.com/pub/redhat/linux/updates/5.2/en/os/i386/sysklogd-1.3.31-0.5.i386.rpm
rpm -Uvh ftp://archive.download.redhat.com/pub/redhat/linux/updates/5.2/en/os/alpha/sysklogd-1.3.31-0.5.alpha.rpm
rpm -Uvh ftp://archive.download.redhat.com/pub/redhat/linux/updates/5.2/en/os/sparc/sysklogd-1.3.31-0.5.sparc.rpm
rpm -Uvh sysklogd*rpm
/etc/rc.d/init.d/syslog restart
ftp://archive.download.redhat.com/pub/redhat/linux/updates/5.2/en/os/i386/lsof-4.40-1.i386.rpm
ftp://archive.download.redhat.com/pub/redhat/linux/updates/5.2/en/os/alpha/lsof-4.40-1.alpha.rpm
ftp://archive.download.redhat.com/pub/redhat/linux/updates/5.2/en/os/sparc/lsof-4.40-1.sparc.rpm
Dump was not working correctly on the sparc
platform. However, to keep the same revision numbers on all
platforms, we have released it for all 3 architectures.
ftp://archive.download.redhat.com/pub/redhat/linux/updates/5.2/en/os/i386/dump-0.3-17.i386.rpm
ftp://archive.download.redhat.com/pub/redhat/linux/updates/5.2/en/os/alpha/dump-0.3-17.alpha.rpm
ftp://archive.download.redhat.com/pub/redhat/linux/updates/5.2/en/os/sparc/dump-0.3-17.sparc.rpm
rpm -Uvh dump-0.3-17.sparc.rpm
This is an update for the perl package shipped wity Red Hat
5.2 that addresses some fo the problems reported running
majordomo and misc CGI scripts under this version of perl.
ftp://archive.download.redhat.com/pub/redhat/linux/updates/5.2/en/os/i386/perl-5.004m7-1.i386.rpm
ftp://archive.download.redhat.com/pub/redhat/linux/updates/5.2/en/os/alpha/perl-5.004m7-1.alpha.rpm
ftp://archive.download.redhat.com/pub/redhat/linux/updates/5.2/en/os/sparc/perl-5.004m7-1.sparc.rpm
rpm -Uvh perl-5.004m7-1.i386.rpm
An updated version of Xconfigurator has been released to
work with XFree86-3.3.3.1. Xconfigurator can be subsituted
for XF86Setup in the setup stage of your video card.
ftp://archive.download.redhat.com/pub/redhat/linux/updates/5.2/en/os/i386/Xconfigurator-3.89-1.i386.rpm
ftp://archive.download.redhat.com/pub/redhat/linux/updates/5.2/en/os/alpha/Xconfigurator-3.89-1.alpha.rpm
There is no version of Xconfigurator for Sparc
rpm -Uvh Xconfigurator-3.89-1.i386.rpm
Users who update to the latest XFree86 also need to update
to the latest FVWM2 rpms for AnotherLevel (Red Hat default
window manager) to work.
fvwm2-2.0.46-12.i386.rpm
fvwm2-icons-2.0.46-12.i386.rpm
fvwm2-2.0.46-12.alpha.rpm
fvwm2-icons-2.0.46-12.alpha.rpm
fvwm2-2.0.46-12.sparc.rpm
fvwm2-icons-2.0.46-12.sparc.rpm
2.0.36 kernel and default modules
2.0.36 IBCS modules
2.0.36 PCMCIA modules
Optional Packages
2.0.36 kernel headers (needed for some development)
2.0.36 source RPM (needed to recompile kernel)
2.0.36 Kernel Headers
2.0.36 Kernel Source Code
2.0.35 Kernel Headers
2.0.35 Kernel Source
2.0.35 Kernel (4c)
2.0.35 Kernel (SMP)
Risk level: SMALL
Description
Extended instructions for writing to floppy disk.
insert first floppy
dd if=boot.img of=/dev/fd0 bs=72k
change floppies
dd if=supp.img of=/dev/fd0 bs=72k
Boot Image
Supplemental Image
<ALT-F2> when the mouse configuration
screen comes up and type:
or
cp /modules/aic7xxx.o /mnt/lib/modules/2.0.36-0.7/scsi
cp /modules/ncr53c8xx.o /mnt/lib/modules/2.0.36-0.7/scsi
ftp-client (i386)
ftp-client (alpha)
ftp-client (sparc)
rpm -Uvh ftp-0.10-4*rpm
netscape-communicator-4.6-0.i386.rpm
netscape-navigator-4.6-0.i386.rpm
netscape-common-4.6-0.i386.rpm
Various security vulnerabilities have been found in versions of Netscape Navigator and Communicator as shipped with Red Hat Linux. More information on the security vulnerabilities is available at Netscape
It is recommended that users of Red Hat Linux upgrade to the new packages available on our FTP site:
Solution:
- Intel: Upgrade to:
netscape-communicator-4.08-1.i386.rpm
netscape-navigator-4.08-1.i386.rpm
netscape-common-4.08-1.i386.rpm
Updated: 13-Nov-1998
Problem:
- (13-Nov-1998) Security Fix:
A buffer overflow has been identified in all versions of the libc 5 packages shipped with Red Hat Linux. The most affected systems are those that are libc 5 based (Red Hat Linux 4.2 and older). Only Intel and Sparc architectures are affected.
The Red Hat Linux 5.x releases are glibc (libc 6) based, and Red Hat does not ship any binaries linked against libc 5 that might be used for compromising the system's security. However, Red Hat Linux 5.x releases do include for backwards compatibility a package containg a vulnerable library.
Users of Red Hat Linux are recommended to upgrade to the new packages available under updates directory on our ftp site:
rpm -Uvh libc-5.3.12-28.i386.rpm
Solution:
- Intel: Upgrade to:
libc-5.3.12-28.i386.rpm
Updated: 13-Nov-1998
Problems:
- (13-Nov-1998)
A problem has been found with the install when selecting individual packages. To get around this problem, you will need to down load the updated ramdisk from the ftp site. Then rawrite the image to a floppy following the instructions in the manual.
Solution:
- Alpha: Download the updated Ram Disk
Updated: 06-Nov-1998
Problem:
- (06-Nov-1998) Security Fix:
svgalib has been found to leak file descriptors to /dev/mem. Red Hat would like to thank the users of the BUGTRAQ security list for identifying the problem and Kevin Vajk
Solution:
- Intel: Upgrade to:
svgalib-1.3.0-3
svgalib-devel-1.3.0-3
