Red Hat Linux 5.2 Errata
- 29-Jul-1999: squid (RHSA-1999:025)
- 29-Jul-1999: samba (RHSA-1999:022)
- 07-Jul-1999: rpm (RHSA-1999:018)
- 24-Jun-1999: nfs (RHSA-1999:016)
- 11-Jun-1999: timetool
- 10-Jun-1999: wu-ftpd
- 10-Jun-1999: imap
- 27-May-1999: mod_perl
- 25-May-1999: Security: Netscape
- 16-Apr-1999: NFS
- 16-Apr-1999: rsync
- 16-Apr-1999: procmail
- 16-Apr-1999: lpr
- 01-Apr-1999: XFree86
- 01-Apr-1999: pine
- 01-Apr-1999: mutt
- 06-Nov-1998: zgv
- 01-Apr-1998: sysklogd
- 19-Feb-1999: lsof
- 09-Feb-1999: minicom
- 02-Feb-1999: dump
- 02-Feb-1999: perl
- 02-Feb-1999: Xconfigurator
- 19-Jan-1999: fvwm2
- 03-Jan-1999: kernel
- 03-Jan-1999: pam
- 03-Jan-1999: New Boot Images
- 22-Dec-1998: ftp client
- 13-Nov-1998: Security: libc5
- 13-Nov-1998: Unable to Select PackagesDuring Install (Alpha)
- 06-Nov-1998: Security: svgalib
-
Package: rpm
| Synopsis: | Rpm 3.0.2 release for all Red Hat platforms |
| Advisory ID: | RHEA-1999:018-01 |
| Issue date: | 1999-07-07 |
| Keywords: | rpm |
1. Topic:
This release of rpm is intended to permit all Red Hat platforms to use the same version of rpm.
2. Bug IDs fixed:
The most significant user-visible bugs fixed in rpm-3.0.2 are
#2727 tetex after upgrade is missing files
#2916 Cannot verify installed package against package.rpm
#3449 Build of a noarch source package dumps core
3. Relevant releases/architectures:
Red Hat Linux 5.x, all architectures
4. Obsoleted by:
None
5. Conflicts with:
Packages that are linked with rpm-2.5.x libraries. This includes rpmfind, rpm2html, gnorpm, and kpackage. You will need to upgrade to a version of these packages that have been linked with rpm-3.0.x libraries.
6. RPMs required:
Intel:
ftp://archive.download.redhat.com/pub/redhat/linux/updates/5.2/en/os/i386/
rpm-3.0.2-5.x.i386.rpm
rpm-devel-3.0.2-5.x.i386.rpm
Alpha:
ftp://archive.download.redhat.com/pub/redhat/linux/updates/5.2/en/os/alpha/
rpm-3.0.2-5.x.alpha.rpm
rpm-devel-3.0.2-5.x.alpha.rpm
SPARC:
ftp://archive.download.redhat.com/pub/redhat/linux/updates/5.2/en/os/sparc/
rpm-3.0.2-5.x.sparc.rpm
rpm-devel-3.0.2-5.x.sparc.rpm
Source:
ftp://archive.download.redhat.com/pub/redhat/linux/updates/5.2/en/os/SRPMS/
rpm-3.0.2-5.x.src.rpm
7. Problem description:
This release of rpm is intended to permit all Red Hat platforms to use the same version of rpm.
8. Solution:
Upgrade to the latest errata release of rpm by downloading the correct rpm and rpm-devel packages for your architecture and version of Red Hat Linux.
You should install the packages by typing (assuming Red Hat 6.0/en/os/i386)
rpm -U rpm-3.0.2-6.0.i386.rpm rpm-devel-3.0.2-6.0.i386.rpm
If you are upgrading from rpm-2.5.x, you should then type
rpm --rebuilddb
because the database format has changed in rpm-3.0. (Note: if you
decide to reinstall rpm-2.5.x, you should also type "rpm --rebuilddb" after
reinstalling rpm-2.5.x in order to convert the database format back to
the form used by rpm-2.5.x).
If you use rpm to build packages, please note that the method of configuring rpm has changed. The commonest configuration problem encountered by packagers who upgrade is how to set topdir to something other than /usr/src/redhat:
In rpm-2.5.x, you would put the following in ~/.rpmrc topdir: /path/to/your/directory/here
In rpm-3.0.x, you should put the following in ~/.rpmmacros %_topdir /path/to/your/directory/here
9. Verification:
MD5 sum Package Name -------------------------------------------------------------------------- 8918ae8ed68a26745b0377c70b35339a 5.2/en/os/i386/rpm-3.0.2-5.x.i386.rpm 2e978540f2eb07a3f20131dfae6cd04f 5.2/en/os/i386/rpm-devel-3.0.2-5.x.i386.rpm 5af3d4d74fe67fd126c203599595857e 5.2/en/os/alpha/rpm-3.0.2-5.x.alpha.rpm ea70406e65d2d3a14a1177736927eef9 5.2/en/os/alpha/rpm-devel-3.0.2-5.x.alpha.rpm f3a5e6e32cdb401def5115aa866b1248 5.2/en/os/sparc/rpm-3.0.2-5.x.sparc.rpm 69931f1feae0b975667c3670c371ac50 5.2/en/os/sparc/rpm-devel-3.0.2-5.x.sparc.rpm 34d0fc0512071c6b2b2a97bd0e09a2f7 5.2/en/os/SRPMS/rpm-3.0.2-5.x.src.rpmThese packages are also PGP signed by Red Hat Inc. for security. Our key is available at: http://www.redhat.com/about/contact/pgpkey.html
You can verify each package with the following command:
rpm --checksig
If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
rpm --checksig --nopgp
10. References:
Package: nfs
| Synopsis: | Potential security problem in Red Hat 5.2 nfs-server. |
| Advisory ID: | RHSA-1999:016-01 |
| Issue date: | 1999-06-24 |
| Keywords: | nfs-server root-squashing security |
1. Topic:
A potential security problem has been fixed in the nfs-server package.
2. Bug IDs fixed:
3. Relevant releases/architectures:
Red Hat Linux 5.2, all architectures
4. Obsoleted by:
None
5. Conflicts with:
None
6. RPMs required:
Intel:
ftp://archive.download.redhat.com/pub/redhat/linux/updates/5.2/en/os/i386/
nfs-server-2.2beta44-1.i386.rpm
nfs-server-clients2.2beta44-1.i386.rpm
Alpha:
ftp://archive.download.redhat.com/pub/redhat/linux/updates/5.2/en/os/alpha/
nfs-server-2.2beta44-1.alpha.rpm
nfs-server-clients-2.2beta44-1.alpha.rpm
SPARC:
ftp://archive.download.redhat.com/pub/redhat/linux/updates/5.2/en/os/sparc/
nfs-server-2.2beta44-1.sparc.rpm
nfs-server-clients-2.2beta44-1.sparc.rpm
7. Problem description:
A change to 32 bit uid_t's within glibc 2.0.x has opened a potential hole in root-squashing.
8. Solution:
9. Verification:
MD5 sum Package Name -------------------------------------------------------------------------- 98bd10854eb9da9ee48d2217055a6979 SRPMS/nfs-server-2.2beta44-1.src.rpm 28da963f934cd376f8cfd0ce7c56747c alpha/nfs-server-2.2beta44-1.alpha.rpm 894c145fa449c7444b155304a1c5c29e alpha/nfs-server-clients-2.2beta44-1.alpha.rpm 0780a208a3053c0e127bfee37eb255e3 i386/nfs-server-2.2beta44-1.i386.rpm 823cae1b9bf28640ff933d1783d581c4 i386/nfs-server-clients-2.2beta44-1.i386.rpm e2578175851a9c50975d289ae4baebfd sparc/nfs-server-2.2beta44-1.sparc.rpm e66a63a62f6988ad6885f7a1acb746a8 sparc/nfs-server-clients-2.2beta44-1.sparc.rpThese packages are also PGP signed by Red Hat Inc. for security. Our key is available at: http://www.redhat.com/about/contact/pgpkey.html
10. References:
Updated: 10-Jun-1999
Problem
- (10-Jun-1999):Notice
This is a maintenance release of the wu-ftpd package that corrects problems with file name globbing that were broken in a previous errata. In addition, the packages upgrade to the latest version of wu-ftpd with all known exploits fixed on all current Red Hat releases. A problem with ftpwho not displaying complete information has also been fixed.A more complete description of current problems with wu-ftpd may be found at http://bugzilla.redhat.com/bugzilla by querying the wu-ftpd component. Bugs #2798 and #2944 describe the file globbing failure symptoms, #2455 describes the ftpwho symptoms.
Users of Red Hat Linux should upgrade to a new version of wu-ftpd in order to fix these problems.
Solution:
Red Hat 5.x:
- Intel: Upgrade to:
rpm -Uvh wu-ftpd-2.5.0-0.5.2.i386.rpm
- SPARC: Upgrade to:
rpm -Uvh wu-ftpd-2.5.0-0.5.2.sparc.rpm
- Alpha: Upgrade to:
rpm -Uvh wu-ftpd-2.5.0-0.5.2.alpha.rpm
- Source:
rpm -Uvh wu-ftpd-2.5.0-0.5.2.src.rpm
Updated: 10-Jun-1999
Problem:
- (10-Jun-1999) Security Fix:
This is a security errata for the imap package that corrects a known ipop2d exploit in Red Hat 4.x and Red Hat 5.x.
A more complete description of current problems with imap may be found at http://bugzilla.redhat.com/bugzilla by querying the imap component. Bug #3161 is the report of ipop2d exploit.
Users of Red Hat Linux 4.x and 5.x should upgrade to the new version of imap in order to correct this security problem.
Solution:
- Intel: Upgrade to
rpm -Uvh imap-4.5-0.5.2.i386.rpm
- Alpha: Upgrade to
rpm -Uvh imap-4.5-0.5.2.alpha.rpm
- SPARC: Upgrade to
rpm -Uvh imap-4.5-0.5.2.sparc.rpm
- Source:
rpm -Uvh imap-4.5-0.5.2.src.rpm
Updated: 11-Jun-1999
Problem:
- (27-May-1999):Notice
The "timetool" time and date configuration utility shipped with Red Hat Linux 4.2 and 5.2 has been found to represent the year 2000 as a non-leapyear, when in fact February 29, 2000 is a valid date. The timetool shipped with Red Hat Linux 6.0 does not have this issue. Users of Red Hat Linux 4.x and 5.x should upgrade to a fixed version of the timetool, which is available at the following locations:
Solution:
- All architectures Upgrade to:
rpm -Uvh timetool-2.6-1.5.noarch.rpm
Updated: 27-May-1999
Problem:
- (27-May-1999) Update to the latest
The mod_perl Apache module shipped with Red Hat Linux 5.2 and Secure Web Server 2.0 does not function properly with the latest errata release of perl available for that platform (perl-5.004m7-1). This is due to dependencies within mod_perl on perl itself. Users which rely on mod_perl functionality are encouraged to upgrade to a fixed version available at the following locations:
Solution:
- Intel: Upgrade to:
ftp://archive.download.redhat.com/pub/redhat/linux/updates/5.2/en/os/i386/mod_perl-1.19-1.i386.rpm - Alpha: Upgrade to:
ftp://archive.download.redhat.com/pub/redhat/linux/updates/5.2/en/os/alpha/mod_perl-1.19-1.alpha.rpm - SPARC: Upgrade to:
ftp://archive.download.redhat.com/pub/redhat/linux/updates/5.2/en/os/sparc/mod_perl-1.19-1.sparc.rpm
Updated: 16-Apr-1999
Problem:
- (16-Apr-1999)Update to the latest
Due to many reports of security breaches of Red Hat systems from NFS, we have updated the NFS for other versions of RH Linux to the latest. We have done the same for RH 5.2. This version fixes several small Denial of Service problems.
Solution:
- Intel: Upgrade to:
nfs-server-2.2beta40-1.i386.rpm
nfs-server-clients-2.2beta40-1.i386.rpm
- Alpha: Upgrade to:
nfs-server-2.2beta40-1.alpha.rpm
nfs-server-clients-2.2beta40-1.alpha.rpm
- SPARC: Upgrade to:
nfs-server-2.2beta40-1.sparc.rpm
nfs-server-clients-2.2beta40-1.sparc.rpm
Updated: 16-Apr-1999
Problem:
- (16-Apr-1999):Security Fix
Potential security problems have been identified in the rsync package shipped with Red Hat Linux 5.2. A user can not exploit this hole deliberately to gain privileges (ie. this is not an "active" security hole) but a system administrator could easily be caught by the bug and inadvertently compromise the security of their system.
Red Hat would like to thank Andrew Tridgel for providing an update that fixed the problem.
Users of Red Hat Linux are recommended to upgrade to the new packages available under updates directory on our ftp site:
Solution:
- Intel: Upgrade to:
ftp://archive.download.redhat.com/pub/redhat/linux/updates/5.2/en/os/i386/rsync-2.3.1-0.i386.rpm - Alpha: Upgrade to:
ftp://archive.download.redhat.com/pub/redhat/linux/updates/5.2/en/os/alpha/rsync-2.3.1-0.alpha.rpm - SPARC: Upgrade to:
ftp://archive.download.redhat.com/pub/redhat/linux/updates/5.2/en/os/sparc/rsync-2.3.1-0.sparc.rpm
Updated: 16-Apr-1999
Problem:
- (16-Apr-1999):Security Fix
Potential security problems have been identified in all the procmail packages shipped with Red Hat Linux. Currently Red Hat is not aware of any exploits built on these vulnerabilities.
Red Hat would like to thank the members of the Bugtraq list for reporting these problems and the authors of procmail for quickly providing an update.
Users of Red Hat Linux are recommended to upgrade to the new packages available under updates directory on our ftp site:
Solution:
- Intel: Upgrade to:
ftp://archive.download.redhat.com/pub/redhat/linux/updates/5.2/en/os/i386/procmail-3.13.1-1.i386.rpm - Alpha: Upgrade to:
ftp://archive.download.redhat.com/pub/redhat/linux/updates/5.2/en/os/alpha/procmail-3.13.1-1.alpha.rpm - SPARC: Upgrade to:
ftp://archive.download.redhat.com/pub/redhat/linux/updates/5.2/en/os/sparc/procmail-3.13.1-1.sparc.rpm
Updated: 16-Apr-1999
Problem:
- (16-Apr-1999):Security Fix
Security vulnerabilities have been found in the versions of lpr that ship with Red Hat Linux. Thanks go to the Linux Security Audit team for discovering the vulnerability. It is recommended that all users of Red Hat Linux upgrade to the new packages.
Solution:
- Intel: Upgrade to:
ftp://archive.download.redhat.com/pub/redhat/linux/updates/5.2/en/os/i386/lpr-0.35-0.5.2.i386.rpm - Alpha: Upgrade to:
ftp://archive.download.redhat.com/pub/redhat/linux/updates/5.2/en/os/alpha/lpr-0.35-0.5.2.alpha.rpm - SPARC: Upgrade to:
ftp://archive.download.redhat.com/pub/redhat/linux/updates/5.2/en/os/sparc/lpr-0.35-0.5.2.sparc.rpm
Updated: 01-Apr-1999
Problem:
- (01-Apr-1999) Security Fix:
Security vulnerabilities have been identified in the XFree86 packages that ship with Red Hat Linux. This security problem can allow local users to get write access to directories that they are otherwise not able to write to.
Red Hat would like to thank the members of the BUGTRAQ mailing list, the members of the Linux Security Audit team, and others. All users of Red Hat Linux are encouraged to upgrade to the new packages immediately. As always, these packages have been signed with the Red Hat PGP key.
- (22-Jan-1999)
New RPMs for XFree86 3.3.3.1 (X11) are available for Red Hat Linux 4.2 and 5.x on all platforms. This new release is primarily a bugfix release. It corrects problems with a few drivers (especially the 3D Labs slowdown problem), fixes Russian KOI8 font support, and fixes the font server xfs, which was inadvertently broken in our release of XFree86 3.3.3. Please see the official release notes at http://www.xfree86.org/#news for further information.
Solution:
In some circumstances, you may be required to add --force and/or --nodeps to the rpm command line options to insure a proper upgrade. Add these options if the command line given gives an error.
- Intel:
All updates can be found at ftp updatesRequired RPMS
- ftp://archive.download.redhat.com/pub/redhat/linux/updates/5.2/en/os/i386/XFree86-3.3.3.1-1.1.i386.rpm
- ftp://archive.download.redhat.com/pub/redhat/linux/updates/5.2/en/os/i386/XFree86-75dpi-fonts-3.3.3.1-1.1.i386.rpm
- ftp://archive.download.redhat.com/pub/redhat/linux/updates/5.2/en/os/i386/XFree86-VGA16-3.3.3.1-1.1.i386.rpm
- ftp://archive.download.redhat.com/pub/redhat/linux/updates/5.2/en/os/i386/XFree86-XF86Setup-3.3.3.1-1.1.i386.rpm
- ftp://archive.download.redhat.com/pub/redhat/linux/updates/5.2/en/os/i386/XFree86-libs-3.3.3.1-1.1.i386.rpm
You will want one of the following RPMS for your video card.
Server RPMS
- ftp://archive.download.redhat.com/pub/redhat/linux/updates/5.2/en/os/i386/XFree86-3DLabs-3.3.3.1-1.1.i386.rpm
- ftp://archive.download.redhat.com/pub/redhat/linux/updates/5.2/en/os/i386/XFree86-8514-3.3.3.1-1.1.i386.rpm
- ftp://archive.download.redhat.com/pub/redhat/linux/updates/5.2/en/os/i386/XFree86-AGX-3.3.3.1-1.1.i386.rpm
- ftp://archive.download.redhat.com/pub/redhat/linux/updates/5.2/en/os/i386/XFree86-I128-3.3.3.1-1.1.i386.rpm
- ftp://archive.download.redhat.com/pub/redhat/linux/updates/5.2/en/os/i386/XFree86-Mach8-3.3.3.1-1.1.i386.rpm
- ftp://archive.download.redhat.com/pub/redhat/linux/updates/5.2/en/os/i386/XFree86-Mach32-3.3.3.1-1.1.i386.rpm
- ftp://archive.download.redhat.com/pub/redhat/linux/updates/5.2/en/os/i386/XFree86-Mach64-3.3.3.1-1.1.i386.rpm
- ftp://archive.download.redhat.com/pub/redhat/linux/updates/5.2/en/os/i386/XFree86-Mono-3.3.3.1-1.1.i386.rpm
- ftp://archive.download.redhat.com/pub/redhat/linux/updates/5.2/en/os/i386/XFree86-P9000-3.3.3.1-1.1.i386.rpm
- ftp://archive.download.redhat.com/pub/redhat/linux/updates/5.2/en/os/i386/XFree86-S3-3.3.3.1-1.1.i386.rpm
- ftp://archive.download.redhat.com/pub/redhat/linux/updates/5.2/en/os/i386/XFree86-S3V-3.3.3.1-1.1.i386.rpm
- ftp://archive.download.redhat.com/pub/redhat/linux/updates/5.2/en/os/i386/XFree86-SVGA-3.3.3.1-1.1.i386.rpm
- ftp://archive.download.redhat.com/pub/redhat/linux/updates/5.2/en/os/i386/XFree86-W32-3.3.3.1-1.1.i386.rpm
You might want one or more of these RPMS if you do development.
Optional RPMS
- ftp://archive.download.redhat.com/pub/redhat/linux/updates/5.2/en/os/i386/XFree86-devel-3.3.3.1-1.1.i386.rpm
- ftp://archive.download.redhat.com/pub/redhat/linux/updates/5.2/en/os/i386/XFree86-100dpi-fonts-3.3.3.1-1.1.i386.rpm
- ftp://archive.download.redhat.com/pub/redhat/linux/updates/5.2/en/os/i386/XFree86-cyrillic-fonts-3.3.3.1-1.1.i386.rpm
- ftp://archive.download.redhat.com/pub/redhat/linux/updates/5.2/en/os/i386/XFree86-Xnest-3.3.3.1-1.1.i386.rpm
- ftp://archive.download.redhat.com/pub/redhat/linux/updates/5.2/en/os/i386/XFree86-Xvfb-3.3.3.1-1.1.i386.rpm
- ftp://archive.download.redhat.com/pub/redhat/linux/updates/5.2/en/os/i386/XFree86-xfs-3.3.3.1-1.1.i386.rpm
Further Instructions For instructions on upgrading users should read the Red Hat XFree86 upgrade howto. This document is in its initial drafts, but should be useful.
- Alpha: Upgrade to:
All updates can be found at ftp updates - Upgrade your X server. The package you need is dependent on which video card you have. Get the server which matches your card.
- Upgrade your X libraries and base install
rpm -Uvh ftp://archive.download.redhat.com/pub/redhat/linux/updates/5.2/en/os/alpha/XFree86-libs-3.3.3.1-1.1.alpha.rpm rpm -Uvh ftp://archive.download.redhat.com/pub/redhat/linux/updates/5.2/en/os/alpha/XFree86-3.3.3.1-1.1.alpha.rpm
- Optionally, upgrade the additional X packages, such as fonts, devel, etc.
- SPARC: Upgrade to:
All updates can be found at ftp updates- Upgrade your X server. The package you need is dependent on which frame buffer your SPARC has. Get the server which matches your card.
- Upgrade your X libraries and base install:
rpm -Uvh ftp://archive.download.redhat.com/pub/redhat/linux/updates/5.2/en/os/sparc/XFree86-libs-3.3.3.1-1.1.sparc.rpm rpm -Uvh ftp://archive.download.redhat.com/pub/redhat/linux/updates/5.2/en/os/sparc/XFree86-3.3.3.1-1.1.sparc.rpm
- Optionally, upgrade the additional X packages, such as fonts, devel, etc.
- If a link named /etc/X11/X does not exist, pointing at the proper X server that you use (for instance, /usr/X11R6/bin/Xsun), create it now.
Updated: 01-Apr-1999
Problem:
- (01-Apr-1999):Security Fix
An problem in the mime handling code could allow a remote user to execute certain commands on a local system.
Red Hat would like to thank the members of the BUGTRAQ mailing list, the members of the Linux Security Audit team, and others. All users of Red Hat Linux are encouraged to upgrade to the new packages immediately. As always, these packages have been signed with the Red Hat PGP key.
Solution:
- Intel: Upgrade to:
rpm -Uvh ftp://archive.download.redhat.com/pub/redhat/linux/updates/5.2/en/os/i386/pine-4.10-1.i386.rpm - Alpha: Upgrade to:
rpm -Uvh ftp://archive.download.redhat.com/pub/redhat/linux/updates/5.2/en/os/alpha/pine-4.10-1.alpha.rpm - SPARC: Upgrade to:
rpm -Uvh ftp://archive.download.redhat.com/pub/redhat/linux/updates/5.2/en/os/sparc/pine-4.10-1.sparc.rpm
Further Instructions
Updated: 01-Apr-1999
Problem:
- (01-Apr-1999):Security Fix
An problem in the mime handling code could allow a remote user to execute certain commands on a local system.
Red Hat would like to thank the members of the BUGTRAQ mailing list, the members of the Linux Security Audit team, and others. All users of Red Hat Linux are encouraged to upgrade to the new packages immediately. As always, these packages have been signed with the Red Hat PGP key.
Solution:
- Intel: Upgrade to:
rpm -Uvh ftp://archive.download.redhat.com/pub/redhat/linux/updates/5.2/en/os/i386/mutt-0.95.4us-0.i386.rpm - Alpha: Upgrade to:
rpm -Uvh ftp://archive.download.redhat.com/pub/redhat/linux/updates/5.2/en/os/alpha/mutt-0.95.4us-0.alpha.rpm - SPARC: Upgrade to:
rpm -Uvh ftp://archive.download.redhat.com/pub/redhat/linux/updates/5.2/en/os/sparc/mutt-0.95.4us-0.sparc.rpm
Updated: 01-Apr-1999
Problem:
- (01-Apr-1999):Security Fix
Local users could gain root access.Red Hat would like to thank the members of the BUGTRAQ mailing list, the members of the Linux Security Audit team, and others. All users of Red Hat Linux are encouraged to upgrade to the new packages immediately. As always, these packages have been signed with the Red Hat PGP key.
- (06-Nov-1998) Security Fix:
Auditors of zgv have found buffer overflows that could be
exploited to gain root privileges.
Red Hat would like to thank the users of the BUGTRAQ security
list for identifying the problem and Kevin Vajk
Solution:
- Intel: Upgrade to:
rpm -Uvh ftp://archive.download.redhat.com/pub/redhat/linux/updates/5.2/en/os/i386/zgv-3.0-7.i386.rpm
Updated: 01-Apr-1999
Problem:
- (01-Apr-1999):Security Fix
An overflow in the parsing code could lead to crashes of the system logger.
Red Hat would like to thank the members of the BUGTRAQ mailing list, the members of the Linux Security Audit team, and others. All users of Red Hat Linux are encouraged to upgrade to the new packages immediately. As always, these packages have been signed with the Red Hat PGP key.
- (17-Nov-1998):Security Fix
A buffer overflow has been identified in all versions of the sysklogd packages shipped with Red Hat Linux. As the time of this post there are no known exploits for this security vulnerability.
Red Hat would like to thank Michal Zalewski (lcamtuf@IDS.PL) and the members of the Bugtraq mailing list for discovering this problem and providing a fix.
Users of Red Hat Linux are recommended to upgrade to the new packages available under updates directory on our ftp site:
Solution:
- Intel: Upgrade to:
rpm -Uvh ftp://archive.download.redhat.com/pub/redhat/linux/updates/5.2/en/os/i386/sysklogd-1.3.31-0.5.i386.rpm - Alpha: Upgrade to:
rpm -Uvh ftp://archive.download.redhat.com/pub/redhat/linux/updates/5.2/en/os/alpha/sysklogd-1.3.31-0.5.alpha.rpm - Sparc: Upgrade to:
rpm -Uvh ftp://archive.download.redhat.com/pub/redhat/linux/updates/5.2/en/os/sparc/sysklogd-1.3.31-0.5.sparc.rpm
Further Instructions
Once you have downloaded the sysklogd package for your architecture, you will need to do the following as root:
rpm -Uvh sysklogd*rpm
/etc/rc.d/init.d/syslog restart
Updated: 19-Feb-1999
Problem:
- (19-Feb-1999):Security Update
Red Hat Linux 5.2 is shipping with a vulnerable version of lsof. The lsof binary is shipped setgid kmem and by exploiting a buffer overflow a user will be able to get kmem group access. Fortunately the permissions on /dev/kmem on Red Hat Linux will only grant read only access to kmem group members, so this exploit can not be used to get root access.
There is an exploit floating around the net for this security problem which is based on the fact that some distributions grant both read and write access for the kmem group members to /dev/kmem.
Red Hat would like to thank HERT - Hacker Emergency Response Team - for bringing this problem to our attention.
Although this security hole can not be used to get root access on Red Hat Linux, there are privacy concerns that prompt us to release a security update for the lsof package. All users of Red Hat Linux 5.2 are encouraged to upgrade to the new lsof packages immediately. As always, these packages have been signed with the Red Hat PGP key.
Solution:
- Intel: Upgrade to:
ftp://archive.download.redhat.com/pub/redhat/linux/updates/5.2/en/os/i386/lsof-4.40-1.i386.rpm - Alpha: Upgrade to:
ftp://archive.download.redhat.com/pub/redhat/linux/updates/5.2/en/os/alpha/lsof-4.40-1.alpha.rpm - SPARC: Upgrade to:
ftp://archive.download.redhat.com/pub/redhat/linux/updates/5.2/en/os/sparc/lsof-4.40-1.sparc.rpm
Further Instructions: You may get an error using this version of lsof if you have not upgraded to the 2.0.36-1 or 2.0.36-3 kernel RPMs.
Updated: 09-Feb-1999
Problem:
- (09-Feb-1999) Security Fix:
Current minicom packages have permissions set to allow all users to access a modem on a system. This update fixes this problem limiting users to those listed in the minicom configuration file.
New packages are available for the supported versions of Red Hat Linux. All users of Red Hat Linux are encouraged to upgrade to the new minicom releases immediately. As always, these packages have been signed with the Red Hat PGP key.
Solution:
- Intel: Upgrade to ftp://archive.download.redhat.com/pub/redhat/linux/updates/5.2/en/os/i386/minicom-1.82-3.i386.rpm
- Alpha: Upgrade to ftp://archive.download.redhat.com/pub/redhat/linux/updates/5.2/en/os/alpha/minicom-1.82-3.alpha.rpm
- Sparc: Upgrade to ftp://archive.download.redhat.com/pub/redhat/linux/updates/5.2/en/os/sparc/minicom-1.82-3.sparc.rpm
Updated: 02-Feb-1999
Problem:
- (02-Feb-1999):Update
Dump was not working correctly on the sparc platform. However, to keep the same revision numbers on all platforms, we have released it for all 3 architectures.
Solution:
- Intel: Upgrade to:
ftp://archive.download.redhat.com/pub/redhat/linux/updates/5.2/en/os/i386/dump-0.3-17.i386.rpm - Alpha: Upgrade to:
ftp://archive.download.redhat.com/pub/redhat/linux/updates/5.2/en/os/alpha/dump-0.3-17.alpha.rpm - SPARC: Upgrade to:
ftp://archive.download.redhat.com/pub/redhat/linux/updates/5.2/en/os/sparc/dump-0.3-17.sparc.rpm
Further Instructions You should be able to upgrade the package using RPM. Example:
rpm -Uvh dump-0.3-17.sparc.rpm
Updated: 02-Feb-1999
Problem:
- (02-Feb-1999):Update
This is an update for the perl package shipped wity Red Hat 5.2 that addresses some fo the problems reported running majordomo and misc CGI scripts under this version of perl.
Solution:
- Intel: Upgrade to:
ftp://archive.download.redhat.com/pub/redhat/linux/updates/5.2/en/os/i386/perl-5.004m7-1.i386.rpm - Alpha: Upgrade to:
ftp://archive.download.redhat.com/pub/redhat/linux/updates/5.2/en/os/alpha/perl-5.004m7-1.alpha.rpm - SPARC: Upgrade to:
ftp://archive.download.redhat.com/pub/redhat/linux/updates/5.2/en/os/sparc/perl-5.004m7-1.sparc.rpm
Further Instructions You should be able to upgrade the package using RPM. Example:
rpm -Uvh perl-5.004m7-1.i386.rpm
Updated: 02-Feb-1999
Problem:
- (02-Feb-1999):Notice
An updated version of Xconfigurator has been released to work with XFree86-3.3.3.1. Xconfigurator can be subsituted for XF86Setup in the setup stage of your video card.
Solution:
- Intel: Upgrade to:
ftp://archive.download.redhat.com/pub/redhat/linux/updates/5.2/en/os/i386/Xconfigurator-3.89-1.i386.rpm - Alpha: Upgrade to:
ftp://archive.download.redhat.com/pub/redhat/linux/updates/5.2/en/os/alpha/Xconfigurator-3.89-1.alpha.rpm - SPARC: Upgrade to:
There is no version of Xconfigurator for Sparc
Further Instructions You should be able to upgrade the package using RPM. Example:
rpm -Uvh Xconfigurator-3.89-1.i386.rpm
Updated: 19-Jan-1999
Problem:
- (19-Jan-1999):Notice
Users who update to the latest XFree86 also need to update to the latest FVWM2 rpms for AnotherLevel (Red Hat default window manager) to work.
Solution:
- Intel: Upgrade to:
fvwm2-2.0.46-12.i386.rpm
fvwm2-icons-2.0.46-12.i386.rpm
- Alpha: Upgrade to:
fvwm2-2.0.46-12.alpha.rpm
fvwm2-icons-2.0.46-12.alpha.rpm
- SPARC: Upgrade to:
fvwm2-2.0.46-12.sparc.rpm
fvwm2-icons-2.0.46-12.sparc.rpm
Updated: 03-Jan-1999
Problem:
- (03-Jan-1999):New Drivers
Red Hat has further patched the standard 2.0.36 kernel with updated drivers for the Adaptec 7xxx cards, NCR scsi, 3com 905B, and some other patches.
- (08-Dec-1998):Security Fix
Several security holes were found in the Linux kernel and patched in the 2.0.36 kernel. Users should upgrade to patch these problems. The announcement can be found here.
Solution:
- Intel: Upgrade to:
2.0.36 kernel and default modules
2.0.36 IBCS modules
2.0.36 PCMCIA modules
Optional Packages
2.0.36 kernel headers (needed for some development)
2.0.36 source RPM (needed to recompile kernel)
- Alpha: Upgrade to:
2.0.36 Kernel Headers
2.0.36 Kernel Source Code
You will need to recompile the source code for your platform.
- SPARC: Upgrade to:
Due to differences between versioning, Red Hat has patched
the 2.0.35 kernel with the security fixes that are in the
2.0.36 kernel.
2.0.35 Kernel Headers
2.0.35 Kernel Source
2.0.35 Kernel (4c)
2.0.35 Kernel (SMP)
Further Instructions For instructions on upgrading users should read the Red Hat kernel upgrade howto. While the howto focuses on intel, there are sub chapters for upgrading alpha and sparc machines.
Updated: 03-Jan-1999
Problem:
- (03-Jan-1999)Security Fix:
Risk level: SMALL
The default configuration as shipped with the supported releases of Red Hat Linux is not vulnerable to this problem.
Description
A race condition that can be exploited under some particular scenarios has been identified in all versions of the Linux-PAM library shipped with all versions of Red Hat Linux. The vulnerability is exhibited in the pam_unix_passwd.so module included in Red Hat Linux, but *not* used by either of the 4.2 or 5.x releases. Red Hat Linux uses the pam_pwdb.so module for performing PAM authentication.
You are at risk if you enabled pam_unix_passwd.so and are using it instead of the pam_pwdb.so module. An exploit occurs when an user with a umask setting of 0 is trying to change the login password.
As of this release there are no known exploits of this security problem.
Solution:
- Intel: Upgrade to pam-0.64-4.i386.rpm
- Alpha: Upgrade to pam-0.64-4.alpha.rpm
- SPARC: Upgrade to pam-0.64-4.sparc.rpm
Updated: 01-Feb-1999
Problem:
- (01-Feb-1999):Update
Extended instructions for writing to floppy disk. - (03-Jan-1999):Notice
New boot and supplemental floppy images have been uploaded to correct the following problems:
-
French translation
- Users must boot with "linux supp" and use a supplemental disc to get the second stage installer translated in French)
- Hard drive installs from fat, vfat, and fat32 filesystems
- Disk Druid can now recognize Windows 98 extended
partitions.
- Users installing from CD-ROM or NFS must boot with "linux supp" and use a supp disk if they need to modify disks with Windows 98 extended partitions.
You will need to download these image files to your harddrive since they are the exact size of a formatted floppy disk (and thus will not fit).
You will then need to use the DOS rawrite.exe command found on the CD-rom, or if you have Linux installed on another machine, can use the dd command to write the image to the floppy using:
insert first floppy dd if=boot.img of=/dev/fd0 bs=72k change floppies dd if=supp.img of=/dev/fd0 bs=72k
-
French translation
Solution:
- Intel: Upgrade to:
Boot Image Supplemental Image
Further Instructions
Users experiencing problems with aic7xxx or
ncr53c8xx drivers need to go to
<ALT-F2> when the mouse configuration
screen comes up and type:
cp /modules/aic7xxx.o /mnt/lib/modules/2.0.36-0.7/scsi
cp /modules/ncr53c8xx.o /mnt/lib/modules/2.0.36-0.7/scsi
This will put the correct driver in the initrd that gets created before lilo is installed.
Users will be able to install using 3c905B in 100 Mbps mode. After reboot the card will be using the old driver, therefore it will not be able to enter 100 Mbps mode. Updating to the new kernel rpm will correct this.
Updated: 22-Dec-1998
Problem:
- (22-Dec-1998):Security
A security vulnerability has been identified in all versions of the ftp client binary shipped with Red Hat Linux. An exploit for this vulnerability would have to rely on getting the user to connect using passive mode to a server running a ftp daemon under the attacker's control. As of this release time there are no known exploits of this security problem.
All users of Red Hat Linux are encouraged to upgrade to the new package releases immediately. As always, these packages have been signed with the Red Hat PGP key.
Solution:
- Intel: Upgrade to:
ftp-client (i386) - Alpha: Upgrade to:
ftp-client (alpha) - SPARC: Upgrade to:
ftp-client (sparc)
Further Instructions
Once you have downloaded the NetKit package for your architecture, you will need to do the following as root:
rpm -Uvh ftp-0.10-4*rpm
Updated: 25-May-1999
Problem:
- (25-May-1999) Security Update:
New netscape packages are available. While these are not specifically security updates, among the changes listed are 'Fixes to improve security'; therefore it is recommended that users update to the new packages.
Solution:
- Intel: Upgrade to:
netscape-communicator-4.6-0.i386.rpm
netscape-navigator-4.6-0.i386.rpm
netscape-common-4.6-0.i386.rpm
Updated: 22-Dec-1998
Problem:
- (22-Dec-1998) Security Update:
Various security vulnerabilities have been found in versions of Netscape Navigator and Communicator as shipped with Red Hat Linux. More information on the security vulnerabilities is available at Netscape
It is recommended that users of Red Hat Linux upgrade to the new packages available on our FTP site:
Solution:
- Intel: Upgrade to:
netscape-communicator-4.08-1.i386.rpm
netscape-navigator-4.08-1.i386.rpm
netscape-common-4.08-1.i386.rpm
Updated: 13-Nov-1998
Problem:
- (13-Nov-1998) Security Fix:
A buffer overflow has been identified in all versions of the libc 5 packages shipped with Red Hat Linux. The most affected systems are those that are libc 5 based (Red Hat Linux 4.2 and older). Only Intel and Sparc architectures are affected.
The Red Hat Linux 5.x releases are glibc (libc 6) based, and Red Hat does not ship any binaries linked against libc 5 that might be used for compromising the system's security. However, Red Hat Linux 5.x releases do include for backwards compatibility a package containg a vulnerable library.
Users of Red Hat Linux are recommended to upgrade to the new packages available under updates directory on our ftp site:
rpm -Uvh libc-5.3.12-28.i386.rpm
Solution:
- Intel: Upgrade to:
libc-5.3.12-28.i386.rpm
Updated: 13-Nov-1998
Problems:
- (13-Nov-1998)
A problem has been found with the install when selecting individual packages. To get around this problem, you will need to down load the updated ramdisk from the ftp site. Then rawrite the image to a floppy following the instructions in the manual.
Solution:
- Alpha: Download the updated Ram Disk
Updated: 06-Nov-1998
Problem:
- (06-Nov-1998) Security Fix:
svgalib has been found to leak file descriptors to /dev/mem. Red Hat would like to thank the users of the BUGTRAQ security list for identifying the problem and Kevin Vajk
for providing a fix. Users of Red Hat Linux are recommended to upgrade to the new packages available under the updates directory on our ftp site: To upgrade this package use the rpm command: rpm -Uvh svgalib-1.3.0-1
Solution:
- Intel: Upgrade to:
svgalib-1.3.0-3
svgalib-devel-1.3.0-3
