Red Hat Linux 4.0 Errata

  • Packages: dialog, tetex

    Updated: 04-Oct-1996

    Problem:

    • (04-Oct-1996) The dialog package is broken.
    • (04-Oct-1996) texconfig doesn't work properly.

    Solution:

  • Package: rdate

    Updated: 04-Oct-1996

    Problem:

    • (04-Oct-1996) rdate as shipped with Red Hat Linux 4.0 isn't 64-bit clean.

    Note:

    • (04-Oct-1996) The old rdate package was built with an incorrect version number which rpm thinks is newer than this update. Before upgrading, you should first uninstall rdate using the following command:
      rpm -ev rdate

    Solution:

  • PCMCIA install fails with TCIC controller

    Updated: 15-Oct-1996

    Problem:

    • (15-Oct-1996) The boot image shipped with Red Hat Linux/Intel 4.0 doesn't initialize the TCIC PCMCIA controller properly.

    Solution:

    • Intel: Use the following boot image instead: boot.img
  • Package: sh-utils

    Updated: 15-Oct-1996

    Problem:

    • (15-Oct-1996) The `suspend' shell command doesn't work properly from su'd environments (the shell hangs).

    Solution:

  • Package: rpm

    Updated: 15-Oct-1996

    Problem:

    • (15-Oct-1996) The linux-2.1.x kernel breaks rpm.

    Solution:

  • LILO won't work when doing an FTP install

    Updated: 16-Oct-1996

    Problem:

    • (16-Oct-1996) FTP installs fail at the LILO step; cpio errors appear on tty5 (switch to tty5 using [Alt-F5]).

    Solution:

    • Intel: Reinstall using the following supplemental image: supp.img
  • Upgrading Prior Versions of Red Hat Linux

    Updated: 18-Oct-1996

    Problem:

    • (18-Oct-1996) Explicit upgrade instructions were omitted from the Red Hat Linux 4.0 User's Guide. This is covered briefly in the chapter ``Installation in Detail''.

    Solution:

    • To upgrade prior versions of Red Hat Linux based on RPM technology (2.0 and later), use the boot disk included with the Red Hat Linux 4.0 boxed set (or make a boot disk with boot.img on it from your installation medium). After answering some initial questions you will be asked if you want to upgrade an existing system or install a new system. Select Upgrade to begin the process; this has the same effect as running ./upgrade in prior versions of Red Hat Linux.

      Versions of Red Hat Linux earlier than 2.0 cannot be upgraded in place; a complete reinstallation is necessary.

  • Package: dev

    Updated: 18-Oct-1996

    Problem:

    • (18-Oct-1996) /dev/zero has incorrect permissions; should be mode 0666 (rw-rw-rw-), not 0664 (rw-rw-r--).

    Solution:

  • Packages: netcfg, pythonlib

    Updated: 18-Oct-1996

    Problem:

    • (06-Oct-1996) Editing a PPP connection: netcfg dies when trying to edit a PPP connection created by old (1.x) versions of netcfg from earlier versions of Red Hat Linux. This should only affect users with PPP connections who have upgraded from earlier versions of Red Hat Linux.
    • (18-Oct-1996) Spaces in phone numbers, etc.: netcfg doesn't handle spaces properly in modem init strings, phone numbers, and possibly other places (quoting didn't happen).
    • (18-Oct-1996) netcfg creates /etc/resolv.conf with mode 0600 (rw-------).

    Note:

    • You need to upgrade both packages listed below. After upgrading, fix the permissions of /etc/resolv.conf using the following command:
      chmod 0644 /etc/resolv.conf

    Solution:

  • Package: multimedia

    Updated: 18-Oct-1996

    Problem:

    • (18-Oct-1996) The multimedia package is missing xmdb and xg3.
    • (18-Oct-1996) Some of these apps segv on Red Hat Linux/Alpha.

    Solution:

  • Package: mh

    Updated: 21-Oct-1996

    Problem:

    • (21-Oct-1996) MH causes problems with csh/tcsh logins.

    Solution:

  • Package: ghostscript

    Updated: 21-Oct-1996

    Problem:

    • (06-Oct-1996) ghostscript can't find its fonts.
    • (21-Oct-1996) ghostscript is missing the dfax output driver, used by the efax package.

    Solution:

  • Package: screen

    Updated: 21-Oct-1996

    Problem:

    • (21-Oct-1996) screen should be suid root and won't work otherwise.

    Solution:

  • Package: gzip

    Updated: 21-Oct-1996

    Problem:

    • (21-Oct-1996) zless looks for zcat in /usr/bin, but zcat lives in /bin.

    Solution:

  • wtmp is missing

    Updated: 22-Oct-1996

    Problem:

    • (22-Oct-1996) /var/log/wtmp doesn't get created when you do a clean install. This file stores login accounting information and is used by last, among other programs.

    Solution:

    • log in as root and perform the following command:
      touch /var/log/wtmp
  • Correction: Module Parameters

    Updated: 23-Oct-1996

    Problem:

    • (23-Oct-1996) The Red Hat Linux 4.0 User's Guide, Appendix B: Module Parameters lists some incorrect module parameters, while other module parameters are missing.

    Correction:

    • For the Sony CDU31a CDROM, the I/O address argument is cdu31a_port (not cdu31a), and the IRQ argument is cdu31a_irq;

    • For the Adaptec 154x SCSI adaptor, the I/O address argument is bases.

    • For the Seagate module, which drives Seagate ST0x and Future Domain TMC8xx and TMC9xx SCSI adaptors, use these arguments:
      controller_type=type base_address=shmemaddr irq=irq
      where:
      type is 1 for Seagate, or 2 for Future Domain;
      shmemaddr is the address of the shared memory segment (for example, 0xCA000);
      and irq is the number of the IRQ line.
  • Package: kernel

    Updated: 23-Oct-1996

    Problem:

    • (23-Oct-1996) Ping bug: All Linux kernels have a major bug which allows pinging them with bad frames to crash the system.

    Solution:

  • Package: taper

    Updated: 23-Oct-1996

    Problem:

    • (23-Oct-1996) package is missing bg_backup and bg_restore.

    Solution:

  • Package: SysVinit

    Updated: 23-Oct-1996

    Problem:

    • (23-Oct-1996) The SysVinit package is missing wall, as well as man pages for both wall and inittab.

    Solution:

  • Package: tar

    Updated: 23-Oct-1996

    Problem:

    • (23-Oct-1996) tar seg faults when trying to create multivolume archives.

    Solution:

  • Package: lpr

    Updated: 25-Oct-1996

    Problem:

    • (21-Oct-1996) lpr doesn't do serial hardware handshaking properly. Doesn't unlink files when printing to remote host if -s -r is used. Address of mail lpd tries to send is incorrect.
    • (25-Oct-1996) Security Fix: There is a major security hole in all versions of BSD lpr (as shipped with all versions of Red Hat Linux and most other Linux distributions) which allows any user to gain root access to your system.

    Solution:

  • Package: setup

    Updated: 25-Oct-1996

    Problem:

    • (15-Oct-1996) csh and tcsh don't source .cshrc/.tcshrc/.login files properly.
    • (25-Oct-1996) Logging in with csh or tcsh results in a terminal type of `vt100' instead of `linux'.
    • (25-Oct-1996) www/http is not listed in /etc/services.

    Solution:

  • Package: gpm

    Updated: 25-Oct-1996

    Problem:

    • (21-Oct-1996) gpm gives errors if /etc/sysconfig/mouse is missing.
    • (25-Oct-1996) gpm emacs lisp files are placed in /usr/lib instead of /usr/share, where they should be.

    Solution:

  • Package: ncurses

    Updated: 25-Oct-1996

    Problem:

    • (25-Oct-1996) telnetd core dumps when an unknown TERM setting is used.

    Solution:

  • Package: TheNextLevel

    Updated: 25-Oct-1996

    Problem:

    • (25-Oct-1996) The default desktop doesn't work properly when started from xdm instead of startx (control-panel doesn't start, for example).

    Solution:

  • Package: mingetty

    Updated: 28-Oct-1996

    Problem:

    • (28-Oct-1996) mingetty does not allow some characters in user names. For instance, if you try to log in with a valid user name which includes a `-' character, mingetty aborts the login attempt, keeping users with `-' characters in their login names from logging in at the console.

    Solution:

  • ``Can't log in'' or other password problems

    Updated: 31-Oct-1996

    Problem:

    • (31-Oct-1996) If you can't log in, or some other authentication fails, it may be a problem with /etc/pam.conf, the PAM configuration file. This problem appears most often when upgrading from Rembrandt, a beta-test version of Red Hat Linux, but it appears to occur in other instances as well.

    Solution:

    • If you are unable to log in, reboot Linux in single-user mode (at the LILO boot: prompt, type linux single).

    • run the following command: 
      rpm --qf '%{POSTIN}' $(rpm -q --whatrequires pamconfig) | sh -x

    • If you booted in single-user mode, exit from the shell (type exit or press control-D) to continue the boot process into the normal multi-user mode.
  • Package: MAKEDEV

    Updated: 19-Nov-1996

    Problem:

    • (19-Nov-1996) MAKEDEV doesn't create mcdx devices

    Solution:

  • Package: initscripts

    Updated: 19-Nov-1996

    Problem:

    • (04-Oct-1996) IP aliasing: The initscripts package has a bug in its support of IP aliasing. This only affects users who use IP aliasing. (If you don't understand the previous sentence, then you probably don't need this bugfix.)
    • (19-Nov-1996) Another bug causes IP aliasing still not to work.
    • (19-Nov-1996) Comments are not allowed to be added to the static-routes file.
    • (19-Nov-1996) Doesn't support BOOTP (netcfg already allows you to set BOOTP support).

    Solution:

  • Package: ical

    Updated: 19-Nov-1996

    Problem:

    • (19-Nov-1996) Doesn't save calendar file in home directories correctly.

    Solution:

  • SuperProbe is setuid

    Updated: 25-Nov-1996

    Problem:

    • (25-Nov-1996) Security Fix: SuperProbe as shipped is setuid to root. This may be a possible security problem.

    Solution:

    • Perform the following command as root: 
      chmod u-s /usr/X11R6/bin/SuperProbe
  • Mitsumi CD-ROM drives

    Updated: 18-Dec-1996

    Problem:

    • Some non-ATAPI (non-IDE) Mitsumi CD-ROM drives don't work with the regular install.

    Note:

    Solution:

  • Package: libc

    Updated: 18-Dec-1996

    Problem:

    • (18-Dec-1996) Security Fix: A security hole potentially allows users root access to a system.

    Solution:

  • Package: doom

    Updated: 18-Dec-1996

    Problem:

    • (18-Dec-1996) Security Fix: A security hole allows users root access to a system.

    Solution:

    • Intel: Upgrade to doom-1.8-7.i386.rpm
    • Alpha: Red Hat Linux/Alpha is not affected.
    • SPARC: Red Hat Linux/SPARC is not affected.
  • Package: vixie-cron

    Updated: 18-Dec-1996

    Problem:

    • (18-Dec-1996) Security Fix: A security hole allows users root access to a system. An exploit has been widely distributed.

    Solution:

  • Correction: Building a Modular Kernel

    Updated: 20-Dec-1996

    Problem:

    • The Red Hat Linux 4.0 User's Guide is missing a step in Section 5.2.1: Building a modularized kernel.

    Note:

    • This applies only to Red Hat Linux/Intel and Red Hat Linux/SPARC; Alpha users must build a monolithic kernel.

    Correction:

    • The correct steps for building a modularized kernel are:

      1. make xconfig (or make menuconfig or make config)

      2. make boot (make zImage only works on Linux/Intel)

      3. make modules 

      4. rm -rf /lib/modules/2.0.18-old
        mv /lib/modules/2.0.18 /lib/modules/2.0.18-old
        (This is the step that was omitted)

      5. make modules_install

      6. Copy the newly built kernel image to /boot:
        • For Linux/Intel: 
          cp /usr/src/linux/arch/i386/boot/zImage /boot/vmlinuz-2.0.18-custom
          ln -sf vmlinuz-2.0.18-custom /boot/vmlinuz
        • For Linux/SPARC: 
          gzip -9 /usr/src/linux/vmlinux
          cp /usr/src/linux/vmlinux.gz /boot/vmlinux-2.0.18-custom.gz
          ln -sf vmlinux-2.0.18-custom.gz /boot/vmlinux.gz

      7. Modify your /etc/lilo.conf (if required)

      8. /sbin/lilo
  • Correction: Running Red Hat Linux from the CD-ROM

    Updated: 20-Dec-1996

    Problem:

    • The Red Hat Linux 4.0 User's Guide, Section 1.4: Running Directly off the CD-ROM contains incorrect information about running Red Hat Linux from the ``live'' filesystem on the CD-ROM.

    Correction:

    • Unfortunately, the ``live'' capability was not included in Red Hat Linux 4.0. With the modular kernel, adding live boot capabilities has become too complex and is no longer supported. We apologize for the inconvenience.
  • Package: sendmail

    Updated: 22-Jan-1997

    Problem:

    • (04-Oct-1996) Security Fix: Several security holes exist in sendmail-8.7.5.
    • (19-Nov-1996) Security Fix: All publically released versions of sendmail (through version 8.8.2) have a major security hole which allows any user of your system to gain root access. This is an architecture independent problem, with a single exploit working on all systems which use sendmail. Red Hat Linux 4.0 users are encouraged to upgrade immediately.
    • (18-Dec-1996) Security Fix: A security hole allows users access to the sendmail group.\
    • (22-Jan-1997) Security Fix: There are some major security bugs in sendmail 8.8.4 and earlier which allow remote users to gain root access to systems running it. Sendmail 8.8.5 contains this fix along with some other minor fixes.

    Note:

    • (02-Dec-1996) On some machines, sendmail appears to pause when booting up. To fix this, either:

      • Use netcfg to change the hostname from localhost to localhost.localdomain, or

      • edit /etc/sysconfig/network and change the line which reads: 
        HOSTNAME=localhost
        to read: 
        HOSTNAME=localhost.localdomain

    Solution:

  • Install fails with some SCSI adaptors

    Updated: 28-Jan-1997

    Problem:

    • (25-Oct-1996) In the current Linux kernels, some SCSI drivers do not work as modules. This causes various severe problems, all of which prevent installation. The most common manifestation of this problem is for the card to be detected, but no other SCSI devices found.

    Solution:

    • Intel: In order to fix the problem, we have created boot disks which include kernels with the problematic SCSI drivers linked directly into the kernel. This requires a few more steps on your part than a standard installation:

      First, you need to choose one boot image: 

          boot1542.img.gz          Adaptec 1542 adaptors that need parameters
    boot1740.img.gz          Adaptec 1740/1742 adaptors
    bootaic7xxx.img.gz       Adaptec 2740, 2840, 2940, 3940, and friends
    bootaic7xxx-alt.img.gz   Alternate aic7xxx driver if the normal one fails
    boot2940au.img.gz        Adaptec 2940AU adaptor
    bootadvansys.img.gz      All supported Advansys adaptors
    bootFlashPoint.img.gz    *Beta-test* BusLogic FlashPoint adaptors
    booteata_dma.img.gz      DPT EATA-DMA adaptors
    boot53c8xx.img.gz        NCR/Symbios 53c8xx adaptor
    bootpas16.img.gz         ProAudioSpectrum 16 SCSI
    bootultrastor24.img.gz   UltraStor 24F adaptor
    bootwd7000.img.gz        Western Digital 7000 FASST adapters

      These boot images are all available from ftp://archive.download.redhat.com/pub/redhat/linux/updates/4.0/en/os/i386/images/scsi/.

      The boot image bootaic7xxx-alt.img.gz is built with the aic7xxx driver from the linux-2.0.12 kernel. Some aic7xxx cards which do not work with the current aic7xxx driver worked with the old one, so if the new one does not work for you, you can try the old one.

      The boot image boot2940au.img.gz is built with the aic7xxx driver and the pci driver from the Linux-2.0.27 kernel. The Adaptec AHA-2940AU has a different programming interface than earlier 2940 cards, and requires a new driver. We hope this version works, but we don't have a 2940AU to test it with, and so we can't be sure. See README.2940au.

      The Adaptec 1542 driver is not affected by the bug, but the 1542 driver cannot take command-line arguments when it is compiled as a module. Normally, it needs no arguments, but if you need to pass it arguments, you will need to use this boot disk.

      The BusLogic driver is not affected by the bug; however, this BETA-test update provides FlashPoint support, and needs to be installed in the same way as the other drivers here. (FlashPoint adaptors are not supported by the standard kernel.) This is a BETA-quality driver.

      Use these steps to take advantage of the correct boot image for you:

      1. Download the appropriate boot image in binary mode.

      2. Use gunzip to uncompress it.

      3. Use dd (or rawrite) to write it to a floppy disk, creating your new boot floppy.

      4. Boot it and do a normal installation or upgrade.

      5. When the installation or upgrade has finished and the computer reboots, put the boot floppy in the drive and boot off it with the boot command: 
        linux root=/dev/sd?? load_ramdisk=0 prompt_ramdisk=0
        where "sd??" is the root partition (/) on which you installed Linux.

      6. After booting, mount the boot floppy, probably like this: 
        mount -t ext2 /dev/fd0 /mnt/floppy

      7. Then copy the kernel image from the floppy over the default one provided with the system: 
        cp /mnt/floppy/vmlinuz /boot/vmlinuz

      8. Re-run lilo: 
        /sbin/lilo

      9. Shutdown and reboot: 
        /sbin/shutdown -r now

      At this point, you should have a working Linux system.

  • Package: wu-ftpd

    Updated: 17-Feb-1997

    Problem:

    • (17-Jan-1997) Security Fix: The signal handling code in wu-ftpd has some security problems which could allow users to read all files on your Red Hat Linux system.
    • (17-Feb-1997) Security Fix: Red Hat Linux 4.0 and Red Hat Linux 4.1 both were shipped with wu-ftpd 2.4 beta11, which has a few important security holes, and a few minor ones. These were fixed in wu-ftpd 2.4 beta12.
    • (17-Feb-1997) The ftpcount utility gave unusual output in the wu-ftpd-2.4.2b12-1 package. This has been fixed in wu-ftpd-2.4.2b12-1a.

    Note:

    • (17-Jan-1997) wu-ftpd-2.4b11-9 uses the same fix posted to redhat-list@redhat.com earlier by Savochkin Andrey Vladimirovich.
    • (17-Feb-1997) These fixes supercede the ones provided in wu-ftpd-2.4.2b11-9, which was previously released to solve some, but not all, of the vulnerabilities present in wu-ftpd 2.4 beta11.

    Solution:

  • Package: imap

    Updated: 03-Mar-1997

    Problem:

    • (03-Mar-1997) Security Fix: The IMAP servers included with all versions of Red Hat Linux have a buffer overrun which allow remote users to gain root access on systems which run them. imap-4.1.BETA-3 closes this security hole.

    Note:

    • (03-Mar-1997) Because the Alpha package was built using a recent version of rpm, Linux/Alpha users need to upgrade using the following command: 
      rpm -Uvh --ignorearch imap-4.1.BETA-3.alpha.rpm
      If you don't use the --ignorearch option, rpm will complain that the package is for the incorrect architecture.

    Solution:

  • Package: cmu-snmp

    Updated: 23-Mar-1997

    Problem:

    • (23-Mar-1997) Security Fix: The SNMP services in cmu-snmp are misconfigured and allow all remote systems read access to networking information machines which are running snmpd. It is also straightforward to gain write access to networking information due to these misconfigurations, which enables simple denial of service attacks. Fixed in cmu-snmp-3.3-1.

    Note:

    • (23-Mar-1997) New versions of cmu-snmp-devel and cmu-snmp-tools are available for completeness. They do not need to be installed to fix this problem; only the main cmu-snmp package is necessary.

      Because the Alpha package was built using a recent version of rpm, Linux/Alpha users need to upgrade using the following command: 

      rpm -Uvh --ignorearch cmu-snmp-3.3-1.alpha.rpm
      If you don't use the --ignorearch option, rpm will complain that the package is for the incorrect architecture.

    Solution:

  • Packages: pam, util-linux, NetKit-B

    Updated: 01-Apr-1997

    Problem:

    • (04-Oct-1996) pam: Securetty checking: There's a problem with securetty checking and multiple superuser accounts. This only affects users with multiple superuser accounts who want securetty checking for all superuser accounts.
    • (15-Oct-1996) pam: adduser/passwd fails after changing passwords once.
    • (15-Oct-1996) util-linux: chfn and chsh require root user to enter password.
    • (15-Oct-1996) util-linux: when zsh is used as a login shell and [Ctrl-C] is pressed at the shell prompt, the shell exits.
    • (21-Oct-1996) NetKit-B: telnet disconnects when too much traffic is thrown at it.
    • (25-Oct-1996) pam, util-linux, NetKit-B: Support for the /etc/nologin file is missing.
    • (25-Oct-1996) NetKit-B: talk was broken by an earlier fix.
    • (25-Oct-1996) NetKit-B: Various permissions are broken (notably rpcinfo).
    • (26-Oct-1996) pam: Security Fix: allows users to use the passwd program to create a 0 length password file. We recommend that all users of Red Hat Linux 4.0 upgrade as soon as possible.
    • (28-Oct-1996) NetKit-B: rlogind in some cases puts the wrong machine name in utmp, causing utilities like `w' to incorrectly report what remote machine users are logged in from.
    • (19-Nov-1996) pam: Strict password checking: Strict password checking cannot be disabled.
    • (24-Mar-1997) NetKit-B: Security Fix: There is a small security hole in the in.tftpd daemon which allows remote users to read all files on systems which run tftp from inetd, even if the server is supposed to be run with a restricted directory path (note that all versions of Red Hat have tftp support off by default). NetKit-B-0.09-1 includes a patch to fix this problem.

    Note:

    • (15-Oct-1996) pam: If passwd was failing, your /etc/passwd file may still be locked after upgrading PAM. Use the following command to unlock it:
      rm -f /etc/.pwd.lock
    • (19-Nov-1996) pam: PAM now automatically disables strict password checking for the root user, and it allows the root user to turn off strict password checking altogether by giving the strict=false argument to the pam_unix_passwd module: 
      passwd password required  /lib/security/pam_unix_passwd.so strict=false
      This enables system administrators to relax password security on their systems.

    • (24-Mar-1997) NetKit-B: NetKit-B-0.09-1 won't work on Red Hat Linux/Alpha 4.0; Linux/Alpha users are encouraged to either upgrade to 4.1 or disable tftp support on their machines.

    • (01-Apr-1997) NetKit-B: when upgrading to NetKit-B-0.09-1, users may encounter a message from rpm indicating that pam-0.54 or greater is required. Users of Red Hat Linux 4.0 may safely ignore that message, and can upgrade NetKit-B using: 
      rpm --nodeps

    Solution:

  • Package: inn

    Updated: 02-Apr-1997

    Problem:

    • (19-Feb-1997) Security Fix: inn-1.5.1-3 contains an important security fix.
    • (26-Feb-1997) inn-1.5.1-3 continues to have miscellaneous problems which inn-1.5.1-5 fixes.
    • (02-Apr-1997) Security Fix: inn contains a critical security hole; this hole is closed in inn-1.5.1-6.

    Note:

    • (02-Apr-1997) Because the Alpha package was built using a recent version of rpm, Linux/Alpha users need to upgrade using the following command: 
      rpm -Uvh --ignorearch inn-1.5.1-6.alpha.rpm
      If you don't use the --ignorearch option, rpm will complain that the package is for the incorrect architecture.

    Solution:

  • Package: amd

    Updated: 09-Apr-1997

    Problem:

    • (09-Apr-1997) Security Fix: amd doesn't handle the nodev option properly, creating potential security problems. amd-920824upl102-8 fixes this problem.

    Solution:

  • Package: perl

    Updated: 24-Apr-1997

    Problem:

    • (18-Oct-1996) Security Fix: The perl RPM shipped with Red Hat Linux 4.0 allows all users to gain root group access. This is not the same as root user access and not nearly as large a security risk. Due to Red Hat's user/group scheme, however, it is an important problem, and we recommend upgrading all Red Hat Linux 4.0 systems immediately.
    • (24-Apr-1997) Security Fix: There is a critical security hole in perl (specifically /usr/bin/sperl); a new version, perl-5.003-8, is now available which closes this security hole.

    Note:

    • (24-Apr-1997) Because the Alpha package was built using a recent version of rpm, Linux/Alpha users need to upgrade using the following command: 
      rpm -Uvh --ignorearch perl-5.003-8.alpha.rpm
      If you don't use the --ignorearch option, rpm will complain that the package is for the incorrect architecture.

    Solution:

  • Package: metamail

    Updated: 28-Apr-1997

    Problem:

    • (28-Apr-1997) Security Fix: There is a security hole in metamail which affects all versions of Red Hat Linux. metamail-2.7-7 closes this security hole.

    Note:

    • (28-Apr-1997) Because the Alpha package was built using a recent version of rpm, Linux/Alpha users need to upgrade using the following command: 
      rpm -Uvh --ignorearch metamail-2.7-7.alpha.rpm
      If you don't use the --ignorearch option, rpm will complain that the package is for the incorrect architecture.

    • (28-Apr-1997) Versions of rpm prior to 2.3.10 will complain about an improper signature on this packages. As long as the ``pgp'' report from --checksig (-K) is in lower case, the PGP signature has verified properly. We suggest upgrading to rpm-2.3.10 to avoid this problem in the future.

    Solution:

  • Package: elm

    Updated: 15-May-1997

    Problem:

    • (15-May-1997) Security Fix: The version of elm shipped with all releases of Red Hat Linux has a security vulnerability which allows users on systems to read, delete, and forge other users' mail by gaining access to the mail group. elm-2.4.25-8 fixes this vulnerability.

    Note:

    • (15-May-1997) Because the Alpha package was built using a recent version of rpm, Linux/Alpha users need to upgrade using the following command: 
      rpm -Uvh --ignorearch elm-2.4.25-8.alpha.rpm
      If you don't use the --ignorearch option, rpm will complain that the package is for the incorrect architecture.

    Solution:

  • Packages: XFree86, X11R6.1

    Updated: 29-May-1997

    Problem:

    • (29-May-1997) Security Fix: A buffer overflow has been found in one of the X11 libraries, allowing local users to gain unathorized root access to a system through any setuid root application linked against libX11. This problem affects all Red Hat Linux machines with X Windows installed.

      Applications which are dynamically linked may be fixed by upgrading to the X...-libs package appropriate for your architecture.

      If you have any statically linked setuid X programs you must recompile them against the new libX11.a contained in the X...-devel package for your architecture. Red Hat Linux does not include any statically linked X applications, so this only a problem if you've hand installed statically linked setuid applications (we don't know of any applications likely to be installed in this configuration).

    • (05-Jun-1997) Security Fix: More buffer overflows have been found in one of the X11 libraries, allowing local users to gain unathorized root access to a system through any setuid root application linked against libX11. This problem affects all Red Hat Linux machine with X Windows installed.

      Applications which are dynamically linked may be fixed by upgrading to the X...-libs X package appropriate for your architecture.

      If you have any statically linked setuid X programs you must recompile them against the new libX11.a contained in the X...-devel package for your architecture. Red Hat Linux does not include any statically linked X applications so this only a problem if you've hand installed statically linked setuid applications (we don't know of any applications likely to be installed in this configuration).

    Note:

    • The upcoming release of XFree86-3.3 is not vulnerable to this problem; users may safely install release 3.3 once it is available. The XFree86-3.2A beta release, however, is vulnerable.

    Solution:

  • Package: svgalib

    Updated: 27-Jun-1997

    Problem:

    • (27-Jun-1997) Security Fix: A major security problem has been found in the svgalib library. This problem affects all releases of Red Hat Linux on Intel platforms. svgalib-1.2.10-3 fixes this security hole.

    Solution:

  • Package: ld.so

    Updated: 18-Jul-1997

    Problem:

    • (18-Jul-1997) Security Fix: There is a buffer overflow in Linux's ELF program loader on Intel and SPARC platforms. New versions of the ld.so and ld.so-sparc packages are available which fix the problem.

    Solution:

  • Package: bind

    Updated: 21-Jul-1997

    Problem:

    • (10-Mar-1997) Security Fix: There is a possibility for a denial of service attack in bind-4.9.5 which allows users to render nameservers inoperative. bind-4.9.5p1-1 includes a patch to fix this behaviour.
    • (21-Jul-1997) Security Fix: Version 4.9.6 of the bind DNS name server is now available. It fixes security vulnerabilities which allowed third parties to alter DNS queries from previous versions of the name server. All Red Hat Linux systems running bind are vulnerable to this problem.

    Note:

    • (21-Jul-1997) Because the Alpha package was built using a recent version of rpm, Linux/Alpha users need to upgrade using the following command: 
      rpm -Uvh --ignorearch bind-4.9.6-1.alpha.rpm
      If you don't use the --ignorearch option, rpm will complain that the package is for the incorrect architecture.

    Solution:

  • SILO Installation

    The install program will prompt you to install other operating systems to be bootable from SILO. Unfortunately, this option is broken and should not be used.

    Fix: You should only setup SILO to boot Linux. If you need to boot SunOS or Solaris, you can add support for that after installing and booting your system for the first time. See /usr/doc/silo-0.6.5-1/README for details on how to modify /etc/silo.conf for booting Solaris and SunOS.

    You may still be able to boot SunOS by issuing the following at the SILO boot: prompt:

    boot: /boot/old.b
    You should still be able to boot Solaris using the PROM prompt. To get out of SILO type:
    boot: halt

  • Hard Disk Setup

    If you are doing a CD-ROM install without a floppy (ie you put the CD in the local drive and did a boot cdrom from the PROM prompt) you will not be able to install across multiple partitions.

    Fix: You must use one large partition to hold everything. This is due to a bug in the install program. Because it is burnt on the CD, there is no way to fix it until we go to a new release.

    You can install to multiple partitions if you boot via the floppy or if you do an NFS install. It even works if you do an NFS rooted install from the CD-ROM mounted on an NFS server.

  • X windows won't start.

    The kernel as shipped with Red Hat Linux/SPARC 4.0 can not share the mouse device between programs. The gpm package as installed will start gpm at boot time. You can not start X until you kill gpm.

    Fix: Kill gpm using the following command:

    /etc/rc.d/init.d/gpm stop
    You can then start gpm again when you aren't running X by:
    /etc/rc.d/init.d/gpm start
    If you would like to remove gpm from the startup scripts so that it does not start at boot time, but you would still like to be able to start it when you wish, simply do:
    rm -f /etc/rc.d/rc?.d/S*gpm
    Then start and stop gpm with the above commands when you need to use it. If you would like to remove gpm entirely and never use it, first stop it and then run:
    rpm -e gpm

  • IPX networking

    The kernel as shipped with Red Hat Linux/SPARC 4.0 can not handle IPX networking properly. If your machine is connected to a network where IPX traffic exists, Linux will load the IPX module, and your machine will enventually crash.

    Fix: Remove the offending module so that it cannot load, using the following command:

    rmmod ipx rm -f /lib/modules/2.0.18/misc/ipx.o
    Then add the following line to /etc/conf.modules:
    alias net-pf-4 off
    Finally, restart kerneld:
    killall kerneld /sbin/kerneld
    23-Oct-1996

    Note: IPX networking works properly on Red Hat Linux/SPARC 4.0 with the most recent kernel-sparc fix