Red Hat Linux 5.2 (Apollo) General Errata (Updated: 22-Jan-1999 ) [1]mail problems with errata to faq-maintainer See also: * [2]Red Hat Linux/Intel 5.2 Errata * [3]Red Hat Linux/Alpha 5.2 Errata * [4]Red Hat Linux/Sparc 5.2 Errata The following are known problems with Red Hat Linux 5.2 on multiple platforms. Updates are available for FTP from: If you have problems downloading fixes from the official site (ftp.redhat.com), please try one of the many Red Hat [5]mirrors. * Intel: [6]ftp://updates.redhat.com/5.2/i386/ * Alpha: [7]ftp://updates.redhat.com/5.2/alpha/ * Sparc: [8]ftp://updates.redhat.com/5.2/sparc/ Please note that newer versions of some of these packages may be available in the same location; any new versions which are made available will fix all of the bugs older versions did, so you can use the latest version with no problems. If you experience problems downloading the RPMS using Netscape or Internet Explorer, you will need to explicitely download to file versus opening in a window. The problem you are encountering is that both browsers think that .rpm files are text files and thus try to show the contents. In netscape, you can Shift-Click to correctly download the file. _________________________________________________________________ Overview * 22-Jan-1999: [9]XFree86 * 19-Jan-1998: [10]fvwm2 * 03-Jan-1999: [11]kernel * 03-Jan-1999: [12]pam * 03-Jan-1999: [13]New Boot Images * 22-Dec-1998: [14]ftp client * 15-Dec-1998: [15]nfs server * 17-Nov-1998: [16]samba * 17-Nov-1998: [17]sysklogd _________________________________________________________________ Detailed Errata _________________________________________________________________ Package: XFree86 Updated: 22-Dec-1998 Problem: * (22-Jan-1999) New RPMs for XFree86 3.3.3.1 (X11) are available for Red Hat Linux 4.2 and 5.x on all platforms. This new release is primarily a bugfix release. It corrects problems with a few drivers (especially the 3D Labs slowdown problem), fixes Russian KOI8 font support, and fixes the font server xfs, which was inadvertently broken in our release of XFree86 3.3.3. Please see the official release notes at [18]http://www.xfree86.org/#news for further information. * (12-Jan-1998) Instructions added for installation and upgrading. * (22-Dec-1998) Security Fix: New RPMs for XFree86 3.3.3 (X11) are available for Red Hat Linux 4.2 and 5.x on all platforms. This new release contains a large number of new features and bugfixes, including some related to system security. New RPMs of the fvwm2 window manager for Red Hat Linux 5.x are also available, as the new X release exposed a serious bug. Highlights of the new X release include: + Security enhancements including several buffer overrun fixes and other changes to fix security problems reported to XFree86. + New chipsets supported including 3Dlabs, Rendition, Weitek P9x00, Cyrix MediaGX, Matrox + G100/G200, SiS 5597/98 + 6326, Trident 975AGP, NeoMagic, more Mach64 chipsets, C&T 69000, Riva TNT, EPSON SPC8110, Linux vesafb. + All XFCom servers from SuSE and Precision Insight have been included, except for the i740 server. + New XInput drivers for AceCad ADVANCEDigitizer, MicroTouch TouchPen, SGI dial box. + Numerous bug fixes. We are not releasing an updated Xconfigurator at this time; if you have a graphics card which is not supported by the latest available version of Xconfigurator for your platform and release, we suggest you use the xf86config program which comes with XFree86. You may also want to use the XF86Setup program. Solution: In some circumstances, you may be required to add --force and/or --nodeps to the rpm command line options to insure a proper upgrade. Add these options if the command line given gives an error. * Intel: All updates can be found at [19]ftp updates Required RPMS + [20]ftp://updates.redhat.com/5.2/i386/XFree86-3.3.3.1-1.i386. rpm + [21]ftp://updates.redhat.com/5.2/i386/XFree86-75dpi-fonts-3.3 .3.1-1.i386.rpm + [22]ftp://updates.redhat.com/5.2/i386/XFree86-VGA16-3.3.3.1-1 .i386.rpm + [23]ftp://updates.redhat.com/5.2/i386/XFree86-XF86Setup-3.3.3 .1-1.i386.rpm + [24]ftp://updates.redhat.com/5.2/i386/XFree86-libs-3.3.3.1-1. i386.rpm You will want one of the following RPMS for your video card. Server RPMS + [25]ftp://updates.redhat.com/5.2/i386/XFree86-3DLabs-3.3.3.1- 1.i386.rpm + [26]ftp://updates.redhat.com/5.2/i386/XFree86-8514-3.3.3.1-1. i386.rpm + [27]ftp://updates.redhat.com/5.2/i386/XFree86-AGX-3.3.3.1-1.i 386.rpm + [28]ftp://updates.redhat.com/5.2/i386/XFree86-I128-3.3.3.1-1. i386.rpm + [29]ftp://updates.redhat.com/5.2/i386/XFree86-Mach8-3.3.3.1-1 .i386.rpm + [30]ftp://updates.redhat.com/5.2/i386/XFree86-Mach32-3.3.3.1- 1.i386.rpm + [31]ftp://updates.redhat.com/5.2/i386/XFree86-Mach64-3.3.3.1- 1.i386.rpm + [32]ftp://updates.redhat.com/5.2/i386/XFree86-Mono-3.3.3.1-1. i386.rpm + [33]ftp://updates.redhat.com/5.2/i386/XFree86-P9000-3.3.3.1-1 .i386.rpm + [34]ftp://updates.redhat.com/5.2/i386/XFree86-S3-3.3.3.1-1.i3 86.rpm + [35]ftp://updates.redhat.com/5.2/i386/XFree86-S3V-3.3.3.1-1.i 386.rpm + [36]ftp://updates.redhat.com/5.2/i386/XFree86-SVGA-3.3.3.1-1. i386.rpm + [37]ftp://updates.redhat.com/5.2/i386/XFree86-W32-3.3.3.1-1.i 386.rpm You might want one or more of these RPMS if you do development. Optional RPMS + [38]ftp://updates.redhat.com/5.2/i386/XFree86-devel-3.3.3.1-1 .i386.rpm + [39]ftp://updates.redhat.com/5.2/i386/XFree86-100dpi-fonts-3. 3.3.1-1.i386.rpm + [40]ftp://updates.redhat.com/5.2/i386/XFree86-cyrillic-fonts- 3.3.3.1-1.i386.rpm + [41]ftp://updates.redhat.com/5.2/i386/XFree86-Xnest-3.3.3.1-1 .i386.rpm + [42]ftp://updates.redhat.com/5.2/i386/XFree86-Xvfb-3.3.3.1-1. i386.rpm + [43]ftp://updates.redhat.com/5.2/i386/XFree86-xfs-3.3.3.1-1.i 386.rpm Further Instructions For instructions on upgrading users should read the [44]Red Hat XFree86 upgrade howto. This document is in its initial drafts, but should be useful. * Alpha: Upgrade to: All updates can be found at [45]ftp updates 1. Upgrade your X server. The package you need is dependent on which video card you have. Get the server which matches your card. 2. Upgrade your X libraries and base install rpm -Uvh ftp://updates.redhat.com/5.2/alpha/XFree86-libs-3.3.3.1-1.alpha.rpm rpm -Uvh ftp://updates.redhat.com/5.2/alpha/XFree86-3.3.3.1-1.alpha.rpm 3. Optionally, upgrade the additional X packages, such as fonts, devel, etc. * SPARC: Upgrade to: All updates can be found at [46]ftp updates 1. Upgrade your X server. The package you need is dependent on which frame buffer your SPARC has. Get the server which matches your card. 2. Upgrade your X libraries and base install: rpm -Uvh ftp://updates.redhat.com/5.2/sparc/XFree86-libs-3.3.3.1-1.sparc.rpm rpm -Uvh ftp://updates.redhat.com/5.2/sparc/XFree86-3.3.3.1-1.sparc.rpm 3. Optionally, upgrade the additional X packages, such as fonts, devel, etc. 4. If a link named /etc/X11/X does not exist, pointing at the proper X server that you use (for instance, /usr/X11R6/bin/Xsun), create it now. _________________________________________________________________ Package: FVWM2 Updated: 19-Jan-1999 Problem: * (19-Jan-1999):Notice Users who update to the latest XFree86 also need to update to the latest FVWM2 rpms for AnotherLevel (Red Hat default window manager) to work. Solution: * Intel: Upgrade to: [47]fvwm2-2.0.46-12.i386.rpm [48]fvwm2-icons-2.0.46-12.i386.rpm * Alpha: Upgrade to: [49]fvwm2-2.0.46-12.alpha.rpm [50]fvwm2-icons-2.0.46-12.alpha.rpm * SPARC: Upgrade to: [51]fvwm2-2.0.46-12.sparc.rpm [52]fvwm2-icons-2.0.46-12.sparc.rpm _________________________________________________________________ Package: Kernel Updated: 03-Jan-1999 Problem: * (03-Jan-1999):New Drivers Red Hat has further patched the standard 2.0.36 kernel with updated drivers for the Adaptec 7xxx cards, NCR scsi, 3com 905B, and some other patches. * (08-Dec-1998):Security Fix Several security holes were found in the Linux kernel and patched in the 2.0.36 kernel. Users should upgrade to patch these problems. The announcement can be found [53]here. Solution: * Intel: Upgrade to: [54]2.0.36 kernel and default modules [55]2.0.36 IBCS modules [56]2.0.36 PCMCIA modules Optional Packages [57]2.0.36 kernel headers (needed for some development) [58]2.0.36 source RPM (needed to recompile kernel) * Alpha: Upgrade to: [59]2.0.36 Kernel Headers [60]2.0.36 Kernel Source Code You will need to recompile the source code for your platform. * SPARC: Upgrade to: Due to differences between versioning, Red Hat has patched the 2.0.35 kernel with the security fixes that are in the 2.0.36 kernel. [61]2.0.35 Kernel Headers [62]2.0.35 Kernel Source [63]2.0.35 Kernel (4c) [64]2.0.35 Kernel (SMP) Further Instructions For instructions on upgrading users should read the [65]Red Hat kernel upgrade howto. While the howto focuses on intel, there are sub chapters for upgrading alpha and sparc machines. _________________________________________________________________ Package: pam Updated: 03-Jan-1998 Problem: * (03-Jan-1998)Security Fix: 1. Risk level: SMALL The default configuration as shipped with the supported releases of Red Hat Linux is not vulnerable to this problem. 2. Description A race condition that can be exploited under some particular scenarios has been identified in all versions of the Linux-PAM library shipped with all versions of Red Hat Linux. The vulnerability is exhibited in the pam_unix_passwd.so module included in Red Hat Linux, but *not* used by either of the 4.2 or 5.x releases. Red Hat Linux uses the pam_pwdb.so module for performing PAM authentication. You are at risk if you enabled pam_unix_passwd.so and are using it instead of the pam_pwdb.so module. An exploit occurs when an user with a umask setting of 0 is trying to change the login password. As of this release there are no known exploits of this security problem. Solution: * Intel: Upgrade to [66]pam-0.64-4.i386.rpm * Alpha: Upgrade to [67]pam-0.64-4.alpha.rpm * SPARC: Upgrade to [68]pam-0.64-4.sparc.rpm _________________________________________________________________ Package: New Boot Images Updated: 03-Jan-1999 Problem: * (03-Jan-1999):Notice This boot and supp disk pair correct the following problems: + French translation o Users must boot with "linux supp" and use a supplemental disc to get the second stage installer translated in French) + Hard drive installs from fat, vfat, and fat32 filesystems + Disk Druid can now recognize Windows 98 extended partitions. o Users installing from CD-ROM or NFS must boot with "linux supp" and use a supp disk if they need to modify disks with Windows 98 extended partitions. Solution: * Intel: Upgrade to: [69]Boot Image [70]Supplemental Image Further Instructions Users experiencing problems with aic7xxx or ncr53c8xx drivers need to go to when the mouse configuration screen comes up and type: cp /modules/aic7xxx.o /mnt/lib/modules/2.0.36-0.7/scsi or cp /modules/ncr53c8xx.o /mnt/lib/modules/2.0.36-0.7/scsi This will put the correct driver in the initrd that gets created before lilo is installed. Users will be able to install using 3c509B in 100 Mbps mode. After reboot the card will be using the old driver, therefore it will not be able to enter 100 Mbps mode. Updating to the new kernel rpm will correct this. _________________________________________________________________ Package: FTP client Updated: 22-Dec-1998 Problem: * (22-Dec-1998):Security A security vulnerability has been identified in all versions of the ftp client binary shipped with Red Hat Linux. An exploit for this vulnerability would have to rely on getting the user to connect using passive mode to a server running a ftp daemon under the attacker's control. As of this release time there are no known exploits of this security problem. All users of Red Hat Linux are encouraged to upgrade to the new package releases immediately. As always, these packages have been signed with the Red Hat PGP key. Solution: * Intel: Upgrade to: [71]ftp-client (i386) * Alpha: Upgrade to: [72]ftp-client (alpha) * SPARC: Upgrade to: [73]ftp-client (sparc) Further Instructions Once you have downloaded the NetKit package for your architecture, you will need to do the following as root: rpm -Uvh ftp-0.10-4*rpm _________________________________________________________________ Package: nfs-server Updated 15-Dec-1998 Problem [74]Cert has released an update on security vulnerabilities in Unix NFS server (rpc.mountd) security hole that affected various distributions. The update states that all versions of Red Hat Linux are vulnerable, which was correct at the time the original alert was released. The 5.2 release had this corrected before the release and thus is NOT vulnerable. Users do NOT need to download or upgrade any package at this time. _________________________________________________________________ Package: Samba Updated: 17-Nov-1998 Problem: * (17-Nov-1998):Security Fix Other security concerns have been fixed. * (17-Nov-1998):Security Fix The Samba team brought to our attention a security vulnerability in the samba-1.9.18p10-3 RPMs as distributed in RedHat 5.2. We would like to thank Andrew Tridgell and the Samba team for discovering this problem. The problem is the installation permissions of the wsmbconf binary. The RPM installs wsmbconf as a setgid binary owned by group root and executable by all users. Only users of Red Hat Linux 5.2 are affected. All systems on which the RedHat 5.2 Samba RPM are installed should immediately remove the file /usr/sbin/wsmbconf, rm -f /usr/sbin/wsmbconf or upgrade to the new packages available from our updates site. Solution: * Intel: Upgrade to: [75]samba-1.9.18p10-5 * Alpha: Upgrade to: [76]samba-1.9.18p10-5 * SPARC: Upgrade to: [77]samba-1.9.18p10-5 Further Instructions To upgrade the rpm, use the following commands. rpm -Uvh samba*rpm /etc/rc.d/init.d/smb restart _________________________________________________________________ Package: Sysklogd Updated: 17-Nov-1998 Problem: * (17-Nov-1998):Security Fix A buffer overflow has been identified in all versions of the sysklogd packages shipped with Red Hat Linux. As the time of this post there are no known exploits for this security vulnerability. Red Hat would like to thank Michal Zalewski (lcamtuf@IDS.PL) and the members of the Bugtraq mailing list for discovering this problem and providing a fix. Users of Red Hat Linux are recommended to upgrade to the new packages available under updates directory on our ftp site: Solution: * Intel: Upgrade to: [78]sysklogd-1.3-26 * Alpha: Upgrade to: [79]sysklogd-1.3-26 Further Instructions Once you have downloaded the sysklogd package for your architecture, you will need to do the following as root: rpm -Uvh sysklogd*rpm /etc/rc.d/init.d/syslog restart _________________________________________________________________ _________________________________________________________________ [80]Support | [81]Product Errata | Copyright © 1995-1999 Red Hat Software. [82]Legal notices References 1. http://www.redhat.com/support/about/faq-maintainer.html 2. http://www.redhat.com/support/docs/rhl/intel/rh52-errata-intel.html 3. http://www.redhat.com/support/docs/rhl/alpha/rh52-errata-alpha.html 4. http://www.redhat.com/support/docs/rhl/sparc/rh52-errata-sparc.html 5. http://www.redhat.com/mirrors.html 6. ftp://updates.redhat.com/5.2/i386/ 7. ftp://updates.redhat.com/5.2/alpha/ 8. ftp://updates.redhat.com/5.2/sparc/ 9. http://www.redhat.com/support/docs/rhl/rh52-errata-general.html#XFree86 10. http://www.redhat.com/support/docs/rhl/rh52-errata-general.html#fvwm2 11. http://www.redhat.com/support/docs/rhl/rh52-errata-general.html#kernel 12. http://www.redhat.com/support/docs/rhl/rh52-errata-general.html#pam 13. http://www.redhat.com/support/docs/rhl/rh52-errata-general.html#BootImg 14. http://www.redhat.com/support/docs/rhl/rh52-errata-general.html#ftp-client 15. http://www.redhat.com/support/docs/rhl/rh52-errata-general.html#nfs-server 16. http://www.redhat.com/support/docs/rhl/rh52-errata-general.html#samba 17. http://www.redhat.com/support/docs/rhl/rh52-errata-general.html#sysklogd 18. http://www.redhat.com/support/docs/rhl/rh52-errata-general.html 19. ftp://updates.redhat.com/5.2/i386 20. ftp://updates.redhat.com/5.2/i386/XFree86-3.3.3.1-1.i386.rpm 21. ftp://updates.redhat.com/5.2/i386/XFree86-75dpi-fonts-3.3.3.1-1.i386.rpm 22. ftp://updates.redhat.com/5.2/i386/XFree86-VGA16-3.3.3.1-1.i386.rpm 23. ftp://updates.redhat.com/5.2/i386/XFree86-XF86Setup-3.3.3.1-1.i386.rpm 24. ftp://updates.redhat.com/5.2/i386/XFree86-libs-3.3.3.1-1.i386.rpm 25. ftp://updates.redhat.com/5.2/i386/XFree86-3DLabs-3.3.3.1-1.i386.rpm 26. ftp://updates.redhat.com/5.2/i386/XFree86-8514-3.3.3.1-1.i386.rpm 27. ftp://updates.redhat.com/5.2/i386/XFree86-AGX-3.3.3.1-1.i386.rpm 28. ftp://updates.redhat.com/5.2/i386/XFree86-I128-3.3.3.1-1.i386.rpm 29. ftp://updates.redhat.com/5.2/i386/XFree86-Mach8-3.3.3.1-1.i386.rpm 30. ftp://updates.redhat.com/5.2/i386/XFree86-Mach32-3.3.3.1-1.i386.rpm 31. ftp://updates.redhat.com/5.2/i386/XFree86-Mach64-3.3.3.1-1.i386.rpm 32. ftp://updates.redhat.com/5.2/i386/XFree86-Mono-3.3.3.1-1.i386.rpm 33. ftp://updates.redhat.com/5.2/i386/XFree86-P9000-3.3.3.1-1.i386.rpm 34. ftp://updates.redhat.com/5.2/i386/XFree86-S3-3.3.3.1-1.i386.rpm 35. ftp://updates.redhat.com/5.2/i386/XFree86-S3V-3.3.3.1-1.i386.rpm 36. ftp://updates.redhat.com/5.2/i386/XFree86-SVGA-3.3.3.1-1.i386.rpm 37. ftp://updates.redhat.com/5.2/i386/XFree86-W32-3.3.3.1-1.i386.rpm 38. ftp://updates.redhat.com/5.2/i386/XFree86-devel-3.3.3.1-1.i386.rpm 39. ftp://updates.redhat.com/5.2/i386/XFree86-100dpi-fonts-3.3.3.1-1.i386.rpm 40. ftp://updates.redhat.com/5.2/i386/XFree86-cyrillic-fonts-3.3.3.1-1.i386.rpm 41. ftp://updates.redhat.com/5.2/i386/XFree86-Xnest-3.3.3.1-1.i386.rpm 42. ftp://updates.redhat.com/5.2/i386/XFree86-Xvfb-3.3.3.1-1.i386.rpm 43. ftp://updates.redhat.com/5.2/i386/XFree86-xfs-3.3.3.1-1.i386.rpm 44. http://www.redhat.com/support/docs/rhl/XFree86-upgrade.html 45. ftp://updates.redhat.com/5.2/alpha 46. ftp://updates.redhat.com/5.2/sparc 47. ftp://updates.redhat.com/5.2/i386/fvwm2-2.0.46-12.i386.rpm 48. ftp://updates.redhat.com/5.2/i386/fvwm2-icons-2.0.46-12.i386.rpm 49. ftp://updates.redhat.com/5.2/alpha/fvwm2-2.0.46-12.alpha.rpm 50. ftp://updates.redhat.com/5.2/alpha/fvwm2-icons-2.0.46-12.alpha.rpm 51. ftp://updates.redhat.com/5.2/sparc/fvwm2-2.0.46-12.sparc.rpm 52. ftp://updates.redhat.com/5.2/sparc/fvwm2-icons-2.0.46-12.sparc.rpm 53. http://news.freshmeat.net/readmore?f=2.0.36-silent-fixes 54. ftp://updates.redhat.com/5.2/i386/kernel-2.0.36-3.i386.rpm 55. ftp://updates.redhat.com/5.2/i386/kernel-ibcs-2.0.36-3.i386.rpm 56. ftp://updates.redhat.com/5.2/i386/kernel-pcmcia-cs-2.0.36-3.i386.rpm 57. ftp://updates.redhat.com/5.2/i386/kernel-headers-2.0.36-3.i386.rpm 58. ftp://updates.redhat.com/5.2/i386/kernel-source-2.0.36-3.i386.rpm 59. ftp://updates.redhat.com/5.2/alpha/kernel-headers-2.0.36-3.alpha.rpm 60. ftp://updates.redhat.com/5.2/alpha/kernel-source-2.0.36-3.alpha.rpm 61. ftp://updates.redhat.com/5.2/sparc/kernel-headers-2.0.35-15.sparc.rpm 62. ftp://updates.redhat.com/5.2/sparc/kernel-source-2.0.35-15.sparc.rpm 63. ftp://updates.redhat.com/5.2/sparc/kernel-sparc-2.0.35-15.sparc.rpm 64. ftp://updates.redhat.com/5.2/sparc/kernel-sparc-smp-2.0.35-15.sparc.rpm 65. http://www.redhat.com/support/docs/rhl/kernel-upgrade.html 66. ftp://ftp.redhat.com/pub/redhat/updates/5.2/i386/pam-0.64-4.i386.rpm 67. ftp://ftp.redhat.com/pub/redhat/updates/5.2/alpha/pam-0.64-4.alpha.rpm 68. ftp://ftp.redhat.com/pub/redhat/updates/5.2/sparc/pam-0.64-4.sparc.rpm 69. ftp://updates.redhat.com/5.2/images/i386/boot.img 70. ftp://updates.redhat.com/5.2/images/i386/supp.img 71. ftp://updates.redhat.com/5.2/i386/ftp-0.10-4.i386.rpm 72. ftp://updates.redhat.com/5.2/alpha/ftp-0.10-4.alpha.rpm 73. ftp://updates.redhat.com/5.2/sparc/ftp-0.10-4.sparc.rpm 74. http://www.cert.org/ 75. ftp://updates.redhat.com/5.2/i386/samba-1.9.18p10-5.i386.rpm 76. ftp://updates.redhat.com/5.2/alpha/samba-1.9.18p10-5.alpha.rpm 77. ftp://updates.redhat.com/5.2/sparc/samba-1.9.18p10-5.sparc.rpm 78. ftp://updates.redhat.com/5.2/i386/sysklogd-1.3-26.i386.rpm 79. ftp://updates.redhat.com/5.2/alpha/sysklogd-1.3-26.alpha.rpm 80. http://www.redhat.com/support 81. http://www.redhat.com/support/docs/errata.html 82. http://www.redhat.com/redhat/website.html#legal