Account Links: Cart | Register | Log In

Skip to content

Red Hat Linux 4.2 General Errata

The following are known problems with Red Hat Linux 4.2 on multiple platforms. Updates are available for FTP from:

If you have problems downloading fixes from the official site (ftp.redhat.com), please try one of the many Red Hat mirrors.


Please note that newer versions of some of these packages may be available in the same location; any new versions which are made available will fix all of the bugs older versions did, so you can use the latest version with no problems.

We are no longer separating the errata into general and platform specific errata If you are unsure whether an errata update is for your system, the following information should help:
Intel and Intel-based platform specific RPMs will have the i386 extension, Sparc RPMs will have the sparc extension, and RPMs for the Alpha systems will have the alpha extension. This extension is before .rpm. For example:
foo.1.2-3.i386.rpm would be for the Intel systems
foo.1.2-3.sparc.rpm would be for Sparc systems
foo.1.2-3.alpha.rpm would be for Alpha systems

If you experience problems downloading the RPMS using Netscape or Internet Explorer, you will need to explicitely download to file versus opening in a window. The problem you are encountering is that both browsers think that .rpm files are text files and thus try to show the contents. In netscape, you can Shift-Click to correctly download the file.

Overview

Detailed Errata

Package: samba
Red Hat, Inc. Security Advisory
Synopsis: New Samba packages for Red Hat Linux 4.2, 5.2, 6.0
Advisory ID: RHSA-1999:022-02
Issue date: 1999-07-22
Updated on: 1990-07-29
Keywords: samba smbd nmbd security

Revision History:
1999-07-23: Fix 'Conflicts with' section about smbmount with 2.0/2.2 kernels.

1999-07-29: Add note about %postun of Red Hat Linux 6.0 samba release.

1. Topic:

Samba 2.0.5a has been released. Among the fixes in this release are several security issues present in previous Samba releases.

2. Bug IDs fixed:

1321 2557 2625 2779 2923 2982 3715

3. Relevant releases/architectures:

Red Hat Linux 4.2, all architectures

4. Obsoleted by:

None

5. Conflicts with:

The smbmount code shipped with Samba 2.0 is only compatible with the Linux 2.2 kernel, so it has not been built for the Red Hat Linux 4.2 and 5.2 releases. If smbmount support for the 2.2 kernel is needed under Red Hat Linux 4.2 or 5.2, the source RPM can be rebuilt with the following command line (RPM version 3.0 is required): rpm --define "KERN22 yes" --rebuild samba-2.0.5a-.src.rpm

The samba package shipped with Red Hat Linux 6.0 (samba-2.0.3-8) has an erroneous post-uninstall script. If this package is upgraded to the errata release, it could cause /var/log/samba and /var/lock/samba to be missing. It is recommended that users of samba under Red Hat Linux 6.0 uninstall the previous release using 'rpm -e samba' before installing the errata release.

6. RPMs required:

Intel:

ftp://updates.redhat.com/4.2/i386/

samba-2.0.5a-0.4.2.i386.rpm
samba-client-2.0.5a-0.4.2.i386.rpm

Alpha:

ftp://updates.redhat.com/4.2/alpha/

samba-2.0.5a-0.4.2.alpha.rpm
samba-client-2.0.5a-0.4.2.alpha.rpm

SPARC:

ftp://updates.redhat.com/4.2/sparc/

samba-2.0.5a-0.4.2.sparc.rpm
samba-client-2.0.5a-0.4.2.sparc.rpm

Source:

ftp://updates.redhat.com/4.2/SRPMS
samba-2.0.5a-0.4.2.src.rpm

7. Problem description:

Several security issues were present in earlier samba releases. - a denial-of-service attack could be performed against nmbd. - a buffer overflow was present in the message service in smbd (not enabled by default under Red Hat Linux) - a race condition was present in smbmnt that could cause problems if installed setuid root (it is not installed setuid root by default under Red Hat Linux 6.0, and is not present under Red Hat Linux 4.2 or 5.2)

Thanks go to Olaf Kirch (okir@caldera.de) for discovering the security holes, as well as the Samba team.

8. Solution:

Install the updated RPMs, and restart the affected services by running:

/etc/rc.d/init.d/smb restart

For each RPM for your particular architecture, run:

rpm -Uvh filename

where filename is the name of the RPM.

9. Verification:

MD5 sum                           Package Name
--------------------------------------------------------------------------
c5d267fc6b47a84f0571f0ce1a7a15aa  samba-2.0.5a-0.4.2.i386.rpm
3d07e39245cdc5d8aa0ba8d50e6178f1  samba-client-2.0.5a-0.4.2.i386.rpm
f3db3e6f607afbd861610570154fd19d  samba-2.0.5a-0.4.2.alpha.rpm
7972cf576734d1b006258a8ca02c80ff  samba-client-2.0.5a-0.4.2.alpha.rpm
c44a4c13f171f31686d91da3b8370311  samba-2.0.5a-0.4.2.sparc.rpm
a6c235a206349e347dfe35ac0064d901  samba-client-2.0.5a-0.4.2.sparc.rpm
0c326cb2a2b0964026d286fb5f6b8079  samba-2.0.5a-0.4.2.src.rpm
These packages are also PGP signed by Red Hat Inc. for security. Our key is available at: http://www.redhat.com/about/contact/pgpkey.html

You can verify each package with the following command: rpm --checksig

If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nopgp

10. References:

<19990721023513Z12865037-4222+1570@samba.anu.edu.au>

Package: rpm
Red Hat, Inc. Errata Advisory
Synopsis: Rpm 3.0.2 release for all Red Hat platforms
Advisory ID: RHEA-1999:018-01
Issue date: 1999-07-07
Keywords: rpm

1. Topic:

This release of rpm is intended to permit all Red Hat platforms to use the same version of rpm.

2. Bug IDs fixed:

The most significant user-visible bugs fixed in rpm-3.0.2 are
#2727 tetex after upgrade is missing files
#2916 Cannot verify installed package against package.rpm
#3449 Build of a noarch source package dumps core

3. Relevant releases/architectures:

Red Hat Linux 4.x, all architectures

4. Obsoleted by:

None

5. Conflicts with:

Packages that are linked with rpm-2.5.x libraries. This includes rpmfind, rpm2html, gnorpm, and kpackage. You will need to upgrade to a version of these packages that have been linked with rpm-3.0.x libraries.

6. RPMs required:

Intel:

ftp://updates.redhat.com/4.2/i386/

rpm-3.0.2-4.x.i386.rpm
rpm-devel-3.0.2-4.x.i386.rpm

Alpha:

ftp://updates.redhat.com/4.2/alpha/

rpm-3.0.2-4.x.alpha.rpm
rpm-devel-3.0.2-4.x.alpha.rpm

SPARC:

ftp://updates.redhat.com/4.2/sparc/

rpm-3.0.2-4.x.sparc.rpm
rpm-devel-3.0.2-4.x.sparc.rpm

Source:

ftp://updates.redhat.com/4.2/SRPMS/
rpm-3.0.2-4.x.src.rpm
7. Problem description:

This release of rpm is intended to permit all Red Hat platforms to use the same version of rpm.

8. Solution:

Upgrade to the latest errata release of rpm by downloading the correct rpm and rpm-devel packages for your architecture and version of Red Hat Linux.

You should install the packages by typing (assuming Red Hat 6.0/en/os/i386)
rpm -U rpm-3.0.2-6.0.i386.rpm rpm-devel-3.0.2-6.0.i386.rpm

If you are upgrading from rpm-2.5.x, you should then type
rpm --rebuilddb
because the database format has changed in rpm-3.0. (Note: if you decide to reinstall rpm-2.5.x, you should also type "rpm --rebuilddb" after reinstalling rpm-2.5.x in order to convert the database format back to the form used by rpm-2.5.x).

If you use rpm to build packages, please note that the method of configuring rpm has changed. The commonest configuration problem encountered by packagers who upgrade is how to set topdir to something other than /usr/src/redhat:

In rpm-2.5.x, you would put the following in ~/.rpmrc topdir: /path/to/your/directory/here

In rpm-3.0.x, you should put the following in ~/.rpmmacros %_topdir /path/to/your/directory/here

9. Verification:

MD5 sum                           Package Name
--------------------------------------------------------------------------
ac9fefe3016b7e5e6f3c98d514b66191  4.2/i386/rpm-3.0.2-4.x.i386.rpm
27cee0b5bb1f2792b4c0881e33f2384f  4.2/i386/rpm-devel-3.0.2-4.x.i386.rpm
5f391cb539caab922b12ff6aa1ef4b41  4.2/alpha/rpm-3.0.2-4.x.alpha.rpm
418416eaf031b5aaeeed062bc4f6ef40  4.2/alpha/rpm-devel-3.0.2-4.x.alpha.rpm
449c5368d3622a1038e0a081f3078aab  4.2/sparc/rpm-3.0.2-4.x.sparc.rpm
3b3761a5e5f75b7cf1dae17c7859a350  4.2/sparc/rpm-devel-3.0.2-4.x.sparc.rpm
f34c98878a18e230150666f2dacdbbeb  4.2/SRPMS/rpm-3.0.2-4.x.src.rpm
These packages are also PGP signed by Red Hat Inc. for security. Our key is available at: http://www.redhat.com/about/contact/pgpkey.html

You can verify each package with the following command: rpm --checksig

If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nopgp

10. References:

  • Package: wu-ftpd

    Updated: 10-Jun-1999

    Problem

    • (10-Jun-1999):Notice
      This is a maintenance release of the wu-ftpd package that corrects problems with file name globbing that were broken in a previous errata. In addition, the packages upgrade to the latest version of wu-ftpd with all known exploits fixed on all current Red Hat releases. A problem with ftpwho not displaying complete information has also been fixed.

      A more complete description of current problems with wu-ftpd may be found at http://bugzilla.redhat.com/bugzilla by querying the wu-ftpd component. Bugs #2798 and #2944 describe the file globbing failure symptoms, #2455 describes the ftpwho symptoms.

      Users of Red Hat Linux should upgrade to a new version of wu-ftpd in order to fix these problems.

    Solution:

  • Package: imap

    Updated: 10-Jun-1999

    Problem:

    • (10-Jun-1999) Security Fix:

      This is a security errata for the imap package that corrects a known ipop2d exploit in Red Hat 4.x and Red Hat 5.x.

      A more complete description of current problems with imap may be found at http://bugzilla.redhat.com/bugzilla by querying the imap component. Bug #3161 is the report of ipop2d exploit.

      Users of Red Hat Linux 4.x and 5.x should upgrade to the new version of imap in order to correct this security problem.

    Solution:

  • Package: timetool

    Updated: 11-Jun-1999

    Problem:

    • (11-Jun-1999):Notice
      The "timetool" time and date configuration utility shipped with Red Hat Linux 4.2 and 5.2 has been found to represent the year 2000 as a non-leapyear, when in fact February 29, 2000 is a valid date. The timetool shipped with Red Hat Linux 6.0 does not have this issue. Users of Red Hat Linux 4.x and 5.x should upgrade to a fixed version of the timetool, which is available at the following locations:

    Solution:

  • Package: NFS

    Updated: 16-Apr-1999

    Problem:

    Solution:

  • Package: procmail

    Updated: 16-Apr-1999

    Problem:

    • (16-Apr-1999):Security Fix

      Potential security problems have been identified in all the procmail packages shipped with Red Hat Linux. Currently Red Hat is not aware of any exploits built on these vulnerabilities.

      Red Hat would like to thank the members of the Bugtraq list for reporting these problems and the authors of procmail for quickly providing an update.

      Users of Red Hat Linux are recommended to upgrade to the new packages available under updates directory on our ftp site:

    Solution:

  • Package: lpr

    Updated: 16-Apr-1999

    Problem:

    • (16-Apr-1999) Security Fix:

      Security vulnerabilities have been found in the versions of lpr that ship with Red Hat Linux. Thanks go to the Linux Security Audit team for discovering the vulnerability. It is recommended that all users of Red Hat Linux upgrade to the new packages.

    • (23-Apr-1998) Security Fix:

      More buffer overflows have been found in lpr 0.30 as released on Saturday. As these flaws may allow users to gain root access to the local system, Red Hat, Inc. recommends that all users upgrade to lpr 0.31 immediately.

      Thanks to Niall Smart for finding this problem.

    • (18-Apr-1998) Security Fix:

      A major security problem has been found in all versions of lpr shipped with Red Hat Linux. Version 0.30 of lpr fixes this and is now available. Red Hat, Inc. encourages all users of Red Hat to upgrade to this new version immediately.

    • (21-May-1997) The lpr binary which shipped with Red Hat Linux/Alpha and Red Hat Linux/SPARC is an Intel binary.

    Solution:
  • Package: XFree86

    Updated: 01-Apr-1999

    Problem:

    • (01-Apr-1999) Security Fix:

      Security vulnerabilities have been identified in the XFree86 packages that ship with Red Hat Linux. This security problem can allow local users to get write access to directories that they are otherwise not able to write to.

      Red Hat would like to thank the members of the BUGTRAQ mailing list, the members of the Linux Security Audit team, and others. All users of Red Hat Linux are encouraged to upgrade to the new packages immediately. As always, these packages have been signed with the Red Hat PGP key.

      We are not releasing an updated Xconfigurator at this time; if you have a graphics card which is not supported by the latest available version of Xconfigurator for your platform and release, we suggest you use the xf86config program which comes with XFree86. You may also want to use the XF86Setup program.

    Solution:

    In some circumstances, you may be required to add --force and/or --nodeps to the rpm command line options to insure a proper upgrade. Add these options if the command line given gives an error. Also as with all newer RPM packages you will need to upgrade to the latest RPM before installing these packages.

  • Package: pine

    Updated: 01-Apr-1999

    Problem:

    • (01-Apr-1999):Security Fix

      An problem in the mime handling code could allow a remote user to execute certain commands on a local system.

      Red Hat would like to thank the members of the BUGTRAQ mailing list, the members of the Linux Security Audit team, and others. All users of Red Hat Linux are encouraged to upgrade to the new packages immediately. As always, these packages have been signed with the Red Hat PGP key.

    Solution:

    Further Instructions Once updated, no further instructions are needed.

  • Package: zgv

    Updated: 01-Apr-1999

    Problem:

    • (01-Apr-1999):Security Fix
      Local users could gain root access.

      Red Hat would like to thank the members of the BUGTRAQ mailing list, the members of the Linux Security Audit team, and others. All users of Red Hat Linux are encouraged to upgrade to the new packages immediately. As always, these packages have been signed with the Red Hat PGP key.

    Solution:

  • Package: Sysklogd

    Updated: 01-Apr-1999

    Problem:

    • (01-Apr-1999):Security Fix

      An overflow in the parsing code could lead to crashes of the system logger.

      Red Hat would like to thank the members of the BUGTRAQ mailing list, the members of the Linux Security Audit team, and others. All users of Red Hat Linux are encouraged to upgrade to the new packages immediately. As always, these packages have been signed with the Red Hat PGP key.

    • (17-Nov-1998):Security Fix

      A buffer overflow has been identified in all versions of the sysklogd packages shipped with Red Hat Linux. As the time of this post there are no known exploits for this security vulnerability.

      Red Hat would like to thank Michal Zalewski (lcamtuf@IDS.PL) and the members of the Bugtraq mailing list for discovering this problem and providing a fix.

      Users of Red Hat Linux are recommended to upgrade to the new packages available under updates directory on our ftp site:

    Solution:

    Further Instructions

    Once you have downloaded the sysklogd package for your architecture, you will need to do the following as root: 

    
    rpm -Uvh sysklogd*rpm

    /etc/rc.d/init.d/syslog stop
    /etc/rc.d/init.d/syslog start
  • Package: minicom

    Updated: 09-Feb-1999

    Problem:

    • (09-Feb-1999) Security Fix:

      Current minicom packages have permissions set to allow all users to access a modem on a system. This update fixes this problem limiting users to those listed in the minicom configuration file.

      New packages are available for the supported versions of Red Hat Linux. All users of Red Hat Linux are encouraged to upgrade to the new minicom releases immediately. As always, these packages have been signed with the Red Hat PGP key.

    • (02-Jun-1998) Security Fix:

      Buffer overflows have been found in the minicom package. Red Hat suggests all users upgrade to a new minicom version immediately.

    Solution:

  • Package: kernel

    Updated: 03-Jan-1999

    Problem:

    Solution:

    Further Instructions For instructions on upgrading users should read the Red Hat kernel upgrade howto. While the howto focuses on intel, there are sub chapters for upgrading alpha and sparc machines.

  • Package: pam

    Updated: 02-Jan-1998

    Problem:

    • (02-Jan-1998)Security Fix:

      1. Risk level: SMALL

        The default configuration as shipped with the supported releases of Red Hat Linux is not vulnerable to this problem.

      2. Description

        A race condition that can be exploited under some particular scenarios has been identified in all versions of the Linux-PAM library shipped with all versions of Red Hat Linux. The vulnerability is exhibited in the pam_unix_passwd.so module included in Red Hat Linux, but *not* used by either of the 4.2 or 5.x releases. Red Hat Linux uses the pam_pwdb.so module for performing PAM authentication.

        You are at risk if you enabled pam_unix_passwd.so and are using it instead of the pam_pwdb.so module. An exploit occurs when an user with a umask setting of 0 is trying to change the login password.

        As of this release there are no known exploits of this security problem.

    Solution:

  • Package: FTP client (NetKit)

    Updated: 22-Dec-1998

    Problem:

    • (22-Dec-1998):Security Fix

      A security vulnerability has been identified in all versions of the ftp client binary shipped with Red Hat Linux. An exploit for this vulnerability would have to rely on getting the user to connect using passive mode to a server running a ftp daemon under the attacker's control. As of this release time there are no known exploits of this security problem.

      All users of Red Hat Linux are encouraged to upgrade to the new package releases immediately. As always, these packages have been signed with the Red Hat PGP key. The FTP client is part of the NetKit package in the 4.2 boxed set.

    Solution:

    Further Instructions

    Once you have downloaded the NetKit package for your architecture, you will need to do the following as root: 

    
    rpm -Uvh NetKit-B-0.09-9*rpm
  • Package: libc

    Updated: 14-Nov-1998

    Problem:

    • (14-Nov-1998) Security Update:

      A buffer overflow has been identified in all versions of the libc 5 packages shipped with Red Hat Linux. The most affected systems are those that are libc 5 based (Red Hat Linux 4.2 and older). Only Intel and Sparc architectures are affected.

      The Red Hat Linux 5.x releases are glibc (libc 6) based, and Red Hat does not ship any binaries linked against libc 5 that might be used for compromising the system's security. However, Red Hat Linux 5.x releases do include for backwards compatibility a package containg a vulnerable library.

      Users of Red Hat Linux are recommended to upgrade to the new packages available under updates directory on our ftp site:

    • (31-Dec-1997) Updates fixing many problems have been added.

    Solution:

  • Package: svgalib

    Updated: 06-Nov-1998

    Problem:

    • (06-Nov-1998) Security Fix:

      svgalib has been found to leak file descriptors to /dev/mem. Red Hat would like to thank the users of the BUGTRAQ security list for identifying the problem and Kevin Vajk for providing a fix. Users of Red Hat Linux are recommended to upgrade to the new packages available under the updates directory on our ftp site: i ftp://updates.redhat.com/4.2/i386/svgalib-1.2.13-0.1.i386.rpm To upgrade this package use the rpm command: 

      
        rpm -Uvh svgalib-1.2.13-0.1.i386.rpm
    • (27-Jun-1997) Security Fix:

      Minor security problems have been found by the Linux Security Auditing group in svgalib which allow users to make the console unuseable.

    • (27-Jun-1997) Security Fix:

      A major security problem has been found in the svgalib library. This problem affects all releases of Red Hat Linux on Intel platforms. svgalib-1.2.10-3 fixes this security hole.

    • (25-Mar-1998)Security Fix:

      /tmp exploits have been discovered in this package. As usual, the package has been PGP signed with the Red Hat PGP key.

    Solution:

  • Package: bash

    Updated: 09-Sep-1998

    Problem:

    • (09-Sep-1998) Security Fix:

      A security vulnerability has been identified in all versions of bash shipped with Red Hat Linux. Details on the nature of the bug have been posted recently to the BUGTRAQ security list.

      The bug is not immediately exploitable - it will require that a user with shell account on one machine create a carefully constructed directory structure and then wait for somebody else with a root account to cd into that directory.

      Red Hat would like to thank Joao Manuel Carolino , Fiji , and Razvan Dragomirescu for identifying this bug and Wichert Akkerman for providing an idea of a fix.

    Solution:

  • Package: xscreensaver

    Updated: 29-Aug-1998

    Problem:

    • (29-Aug-1998) This update fixes problems with core dumps in the xlyap function of xscreensaver. Thanks to the many people reporting this on the redhat list.
    • (10-Jun-1998) Security Fix:

      Various, minor security problems were found in this package. Thanks to Jamie Zawinski for fixing this.

    Solution:

  • Package: logrotate (Sparc)

    Updated: 11-Aug-1997

    Problem:

    • (11-Aug-1997) logrotate 2.4 is now available as an update for Red Hat Linux/SPARC 4.2. This fixes a bus error which could occur on the SPARC, and also allows log names in config files to use globbing characters.

    Solution:

  • Package: apache

    Updated: 11-Aug-1998

    Problem:

    • (11-Aug-1998)Security Fix:

      A denial-of-service attack against the Apache web server has been found which lets remote sites disable your web server. This attack does not let remote users gain any sort of access to your computer, nor does it let local users gain any special access.

      Red Hat recommends upgrading apache on systems which are functioning as Internet servers. 

      	rpm -Uvh apache-1.2.6-5*rpm	 
        /etc/rc.d/init.d/httpd stop
        /etc/rc.d/init.d/httpd start
    • (17-Feb-1998) Corrected version of package on ftp machine.
    • (07-Jan-1998)Security Fix:Some potentially serious security flaws have been found in apache. While there problems do not allow any compromises by remote users, they do allow local users to gain access to the UID which apache is running as. Under all versions of Red Hat Linux, this is the user 'nobody', which greatly minimizes the impact of these problems.
    • (31-Dec-1997)Security Fix:A denial-of-service attack against apache http servers was recentely discovered. This fixes the problem for 5.0.

    Solution:

  • Package: Memory paging bug on PC164 (Alpha)

    Updated: 24-Jul-1997

    Problem:

    • (24-Jul-1997) PC164 machines with 128 or 256 MB of RAM cannot load the Linux kernel from MILO.

    Solution:

    • Set the MILO MEMORY_SIZEboot parameter as follows:
      MILO> set MEMORY_SIZE=120
      (for 128 MB; use 252 for 256 MB)

    • Use the following MILO image in place of your current MILO image: milo/milo-2029-pc164
  • Package: ncurses

    Updated: 24-Jul-1998

    Problem:

    • (24-Jul-1998) Security Fix:

      Potential security problems have been identified in all versions of ncurses packages shipped with Red Hat Linux. Users of Red Hat Linux are recommended to upgrade to the new packages available under updates directory on our ftp site:

    Solution:

  • Package: initscripts

    Updated: 24-Jul-1998

    Problem:

    • (24-Jul-1998) These initscripts are needed for people upgrading to the 2.0.35 or later kernels.
    • (10-Mar-1998) Security Fix: The initscripts package has various temporary file creation race conditions. These bugs allow local users to create at least denial of service conditions and may allow local users to gain root access to affected systems. All systems with local users that do not have the root password should have these fixes applied. The fixes are available for Red Hat Linux 4.2. As always, these packages have been signed with the Red Hat PGP key.
    • (05-Jun-1997) The initscripts shipped with Red Hat Linux 4.2 didn't properly check for the existence of /etc/ksyms, causing problems booting kernels built without support for loadable modules. Fixed in initscripts-2.93-1.

    Solution:

  • Package: NIS/NYS

    Updated: 23-Jul-1997

    Problem:

    • (23-Jul-1997) There is an error in the Red Hat Linux User's Guide in Section 5.12, ``NIS/NYS Setup'': The sample yp.conf file for yp clients is incorrect.
    • (23-Jul-1997) The Red Hat Linux User's Guide omitted proper information on setting up a yp client.
    • (23-Jul-1997) The ypbind manual page was inadvertently included in the yp-clients package; it should have been excluded.

    Solution:

    • To properly set up a yp client under Red Hat Linux, perform the following steps:

      1. Add the following line to /etc/sysconfig/network: 
                        YP_DOMAIN=your-yp-domain-name
      2. Put the following shell script in /etc/rc.d/init.d/ypclient.init: 
        #!/bin/sh

# ypclient:       Sets up the yp.client

# Source function library.
. /etc/rc.d/init.d/functions
# Get the yp domain name
. /etc/sysconfig/network

/bin/domainname "$YP_DOMAIN"
      3. Make the ypclient.init script executable: 
        chmod 0755 /etc/rc.d/init.d/ypclient.init
      4. Add the ypclient.init script to runlevel 3: 
        ln -s ../init.d/ypclient.init /etc/rc.d/rc3.d/S63ypclient
      5. Put the following in /etc/yp.conf:
        domainname your-yp-domain-name ypserver your-yp-server-name
  • Package: Red Hat Linux Library doesn't work

    Updated: 11-Jul-1997

    Problem:

    • (11-Jul-1997) The Red Hat Linux Library doesn't work on Red Hat Linux 4.2; running the rhlibrary command produces the following error message: 
      tixwish-tk4.1: command not found

    Solution:

    • Until a better solution is available, you can work around this problem by issuing the following commands: 
      su
ln -s tixwish4.1.7.6 /usr/bin/tixwish-tk4.1
  • Package: dosemu

    Updated: 02-Jul-1998

    Problem:

    • (02-Jul-1998) Security Fix:

      Various security holes have been found that allow root access. All Red Hat users that use Dosemu, should upgrade.

    Solution:

  • Package: libtermcap

    Updated: 08-Jul-1998

    Problem:

    • (02-Jul-1998) Security Fix:

      Security problems have been found that allow local users to gain root access. All Red Hat users should upgrade.

    Solution:

  • Package: tin

    Updated: 30-Jun-1998

    Problem:

    • (30-Jun-1998) Security Fix:

      Various problems have been found by the Linux Security Auditing Team. All Red Hat users should upgrade.

    Solution:

  • Package: slang

    Updated: 30-Jun-1998

    Problem:

    • (30-Jun-1998) Security Fix:

      Various problems have been found by the Linux Security Auditing Team. All Red Hat users should upgrade.

    Solution:

  • Package: bind

    Updated: 30-Jun-1998

    Problem:

    • (30-Jun-1998) Security Fix:

      More problems have been found by the Linux Security Auditing Team. All Red Hat users should upgrade.

    • (09-Apr-1998) Security Fix:

      Major security problems have been found in all versions of bind which affect Red Hat Linux on all platforms. All users running bind hould upgrade as soon as possible.

      Thanks to CERT and the ISC for their handling of this problem (CA-98.05).

    • (21-Jul-1997) Security Fix: Version 4.9.6 of the bind DNS name server is now available. It fixes security vulnerabilities which allowed third parties to alter DNS queries from previous versions of the name server. All Red Hat Linux systems running bind are vulnerable to this problem.

    Solution:

  • Package: metamail

    Updated: 30-Jun-1998

    Problem:

    • (30-Jun-1998) Security Fix:

      More problems have been found by the Linux Security Auditing Team. All Red Hat users should upgrade.

    • (12-Jun-1998) Security Fix:

      Various problems have been found by the Linux Security Auditing Team. All Red Hat users should upgrade.

    • (01-Jun-1998)Security Fix: The metamail package has security problems. Thanks to Chris Evans for finding this problem.

    Solution:

  • Package: mailx

    Updated: 23-Jun-1998

    Problem:

    • (30-Jun-1998) Security Fix:

      More problems have been found by the Linux Security Auditing Team. All Red Hat users should upgrade.

    • (23-Jun-1998) Security Fix:

      Various problems have been found by the Linux Security Auditing Team. All Red Hat users should upgrade.

    • (12-Jun-1998) Security Fix:

      /tmp races have been found in the mailx package. All users of Red Hat Linux should upgrade this package.

    Solution:

  • Package: elm

    Updated: 23-Jun-1998

    Problem:

    • (23-Jun-1998) Security Fix:

      Various problems have been found by the Linux Security Auditing Team. All Red Hat users should upgrade.

    • (15-May-1997) Security Fix: The version of elm shipped with all releases of Red Hat Linux has a security vulnerability which allows users on systems to read, delete, and forge other users' mail by gaining access to the mail group. elm-2.4.25-8 fixes this vulnerability.

    Solution:

  • Can't mount BackPack CD-ROM

    Updated: 10-Jun-1997

    Problem:

    • (10-Jun-1997) Users who install Red Hat Linux/Intel 4.2 from a BackPack CD-ROM may find they can't mount the CD-ROM. This is because no /dev/bpcd device exists.

    Solution:

    • (10-Jun-1997) Until a fix is available, users can manually create a /dev/bpcd device using the following commands: 
      su
mknod /dev/bpcd b 41 0
chown root:disk /dev/bpcd
chmod 660 /dev/bpcd
      Users can then mount the BackPack CD-ROM using: 
      mount -t iso9660 /dev/bpcd /cdrom
      or by adding an entry to /etc/fstab using the Filesystem Configuration tool from the Control Panel.
  • Package: X11R6.1

    Updated: 10-Jun-1997

    Problem:

    • (10-Jun-1997) Red Hat Linux/SPARC 4.2 as shipped has a broken PAM configuration for xdm that won't allow users to log in.

    Solution:

  • Package: findutils

    Updated: 10-Jun-1998

    Problem:

    • (10-Jun-1998) Security Fix:

      Various, minor security problems were found in this package. Thanks to Kevin Vajk and Emmanuel Galanos for helping out with these.

    • (09-Mar-1998) Security Fix: The findutils package has various temporary file creation race conditions. These bugs allow local users to create at least denial of service conditions and may allow local users to gain root access to affected systems. All systems with local users that do not have the root password should have these fixes applied. The fixes are available for Red Hat Linux 4.2. As always, these packages have been signed with the Red Hat PGP key.

    Solution:

  • Package: bootp

    Updated: 01-Jun-1998

    Problem:

    • (01-Jun-1998) Security Fix:

      The bootp package has security problems. Thanks to Chris Evans for finding this problem.

    Solution:

  • Package: dhcpcd

    Updated: 01-Jun-1998

    Problem:

    • (01-Jun-1998) Security Fix:

      The dhcpcd package has security problems. Thanks to Chris Evans for finding this problem. After upgrading, you must either reboot your machine or restart the daemon: 

              /etc/rc.d/init.d/network stop; /etc/rc.d/init.d/network start

    Solution:

  • Packages: groff,rhs-printfilters,tetex

    Updated: 24-Oct-1997

    Problem:

    • (24-Oct-1997)Security Fix: Numerous security holes have recentely been fixed in these packages. Most are minor problems with possible /tmp exploits. These fixes apply to all users of Red Hat 4.x releases. The mktemp package is now required to be installed for these fixes. It is available as an update for Red Hat 4.2.

    Solution:

  • Package: procps

    Updated: 17-Apr-1998

    Problem:

    • (17-Apr-1998) Security Fix:

      A file creation and corruption bug in XConsole included in procps-X11 versions 1.2.6 and earlier has been found. An exploit which causes a Denial of Service condition preventing anyone other than root from logging into the computer has been found, and others may well be found.

      Red Hat, Inc. strongly recommends that you upgrade. Thanks to Alan Iwi for finding the bug.

    Solution:

  • Package: lynx

    Updated: 01-Apr-1998

    Problem:

    • (01-Apr-1998) Security Fix:

      Security problems have been found in lynx which allows remote web sites to cause lynx to do unwise things. Red Hat suggests all users of Red Hat Linux upgrade to the new release of lynx.

    Solution:

  • Package: kbd

    Updated: 25-Mar-1998

    Problem:

    • (25-Mar-1998) Security Fix:

      /tmp exploits have been found in this package. The new packages have been signed with Red Hat's PGP key.

      NOTE: there is no kbd package on the SPARC.

    Solution:

  • Package: mh

    Updated: 21-Mar-1998

    Problem:

    • (21-Mar-1998) Security Fix: Buffer overflows have been found in msgchk as included with the mh package in all versions of Red Hat. These overflows allow all users to gain root access to systems with them installed, and are distinct from the problems found in earlier versions of mh.

      If you do not need the mh package, the easiest fix for this problem is to:

      rpm -e mh
      If you do need it, fixes are available for users of Red Hat 4.2. As always, these packages have been signed with the Red Hat PGP key.

    • (20-Jan-1998) Buffer overflows that allow users to gain root access.

    • (17-Feb-1998) Corrected version of update.

    Solution:

  • Package: ncftp

    Updated: 20-Mar-1998

    Problem:

    • (20-Mar-1998) Security Fix: All versions of ncftp packages for Red Hat Linux have /tmp symlink attacks. New packages are available for Red Hat 4.2 which fix these problems. All users of Red Hat Linux are encouraged to upgrade to the new ncftp releases immediately. As always, these packages have been signed with the Red Hat PGP key.

      Thanks to the contributors of BUGTRAQ for finding and fixing this bug.

    Solution:

  • Package: textutils

    Updated: 09-Mar-1998

    Problem:

    • (09-Mar-1998) Security Fix: The textutils package has various temporary file creation race conditions. These bugs allow local users to create at least denial of service conditions and may allow local users to gain root access to affected systems. All systems with local users that do not have the root password should have these fixes applied. The fixes are available for Red Hat Linux 4.2. As always, these packages have been signed with the Red Hat PGP key.

    Solution:

  • Package: perl

    Updated: 09-Mar-1998

    Problem:

    • (09-Mar-1998) Security Fix: All versions of perl for Red Hat Linux have /tmp symlink attacks. New packages are available for Red Hat 4.2 which fix these problems. The updates have been PGP signed with the Red Hat public key to ensure their authenticity.
    • (15-Nov-1997) Security Fix: A(nother) buffer overrun has been found in perl 5.003, allowing users to gain root access through sperDthrough sperl. Upgrading to perl 5.004 fixes this problem. The updates have been PGP signed with the Red Hat public key to ensure their authenticity.

    Solution:

  • Package: gzip

    Updated: 28-Jan-1998

    Problem:

    • (28-Jan-1998)The executable gzexe , part of the gzip package, uses files in /tmp withh very predictable names. This can allow users to destroy contents of files on your system. As most systems do not use gzexe, this is potentially not a problem. However, Red Hat reccomends upgrading to the new versions to avoid future problems.

    Solution:

  • Package: setserial

    Updated: 13-Jan-1998

    Problem:

    • (13-Jan-1998): util-linux update for 4.2 doesn't include setserial. This package is needed to finish the update.

    Solution:

  • Package: netcfg

    Updated: 31-Oct-1997

    Problem:

    • (31-Oct-1997)Security Fix: netcfg-2.16-1 contained a security hole in that if you edit an ethernet interface and enabled the option to bring up the interface at boot time the interface was also set to be controllable by users. This is a denial of service attack because any user on your system has the ability to bring down the ethernet device at will. netcfg-2.16-1.1fixes this bug. However, fixing this potential denial-of-service attack may require one extra action on your part. If you edited any ethernet interfaces with netcfg, install netcfg-2.16-1.1, edit the ethernet interfaces, turn off the "Any user can (de)activate interface" option, and save the change.

    Solution:

  • Packages: traceroute, man

    Updated: 23-Sep-1997

    Problem:

    • (23-Sep-1997)Security Fix:There are now fixes for a number of security problems available. These fixes fix problems in the man and traceroute commands and in the finger, ftp, and tftp daemons. Red Hat strongly encourages all users of Red Hat 4.2 to upgrade to these packages. The man and traceroute fixes will work on any Red Hat 4.x release. Users of Red Hat 4.0 and 4.1 should disable the finger, ftp, and tftp services (note that tftp is turned off by default on Red Hat systems) until they can upgrade to Red Hat 4.2 with these fixes. Thanks to all of the folks who helped find these problems, including (but not limited to) David Holland, Olaf Kirch, and Alan Cox. All of these packages have been PGP-signed with the Red Hat PGP key.

    Solution:

  • Packages: kernelcfg, pythonlib

    Updated: 11-Aug-1997

    Problem:

    • (05-Jun-1997) kernelcfg (the Kernel Configurator control-panel tool) stops working in some circumstances, including after upgrading from Red Hat Linux 4.0 or Red Hat Linux 4.1 or after building a custom kernel.

    Note:

    • (05-Jun-1997) As an alternative to installing the update below, you may manually fix the problem using the following command as the root user: 
      rpm -q kernel --qf '%{postin}' | sh -x

    • (11-Aug-1997)pythonlib-1.18 caused problems when the User Group tool was used with shadow passwords; pythonlib-1.19 fixes these problems. If you used the User Group tool to create users on a system that uses shadow passwords, check to see whether passwords have migrated into the password file for users created with the User Group tool with shadow passwords in effect.

    Solution:

  • Packages: inn,inews

    Updated: 08-Aug-1997

    Problem:

    • (08-Aug-1997) Security Fix: Security holes in INN are fixed by the following packages.

    Solution:

  • Package: ld.so

    Updated: 18-Jul-1997

    Problem:

    • (18-Jul-1997) Security Fix: There is a buffer overflow in Linux's ELF program loader on Intel and SPARC platforms. New versions of the ld.so and ld.so-sparc packages are available which fix the problem.

    Solution:

  • Package: db

    Updated: 09-Jul-1997

    Problem:

    • (09-Jul-1997) Security Fix: db-1.85 contains a possible security problem involving snprintf(); no attacks exploiting this minor problem are currently known. The problem is fixed in db-1.85-11.

    Note:

    • (09-Jul-1997) When you install this update, rpm may complain about failed dependencies; if so, you may install this update without problems using one of the following commands: 
      rpm -Uvh --nodeps db-1.85-11.i386.rpm db-devel-1.85-11.i386.rpm
      or: 
      rpm -Uvh --nodeps db-1.85-11.sparc.rpm db-devel-1.85-11.sparc.rpm

    Solution:

  • Package: pwdb

    Updated: 05-Jun-1997

    Problem:

    • (05-Jun-1997) The pwdb package as shipped with Red Hat Linux 4.2 had some problems with the shadow password implementation. Also, on Red Hat Linux/SPARC only, new passwords could not be set with the passwd program. pwdb-0.54-4 fixes these problems.

    Note:

    • (20-Jun-1997) A few people have reported that they had problems with NIS when using pwdb-0.54-3, and that those problems were resolved by using pwdb-0.54-4. Please note, however, that pwdb does not currently include support for changing passwords. The yppasswd program is still required for changing passwords when using NIS.

    Solution:

  • Package: kaffe

    Updated: 05-Jun-1997

    Problem:

    • (05-Jun-1997) The kaffe package is missing symbolic links, which makes it difficult to run properly. Fixed in kaffe-0.8.3-6.

    Solution:

  • Package: mkinitrd

    Updated: 05-Jun-1997

    Problem:

    • (05-Jun-1997) A small bug in mkinitrd makes it impossible to create a working boot image on a very few SCSI platforms with unusual configurations. mkinitrd-1.7-1 fixes this problem.

    Solution: