|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Cobalt Updates
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
This security update prevents a buffer overflow exploit via analog using the "alias" command. This package upgrades analog to v4.16-1(C1).
For additional information please refer to http://www.analog.cx/
MD5 Check Sum: 3dcc35f2157130c6a52611d45eb12ecb
vixie-cron Update 3.0.1
|
This patch upgrades the version of vixie-cron to 3.0.1-40. This version of vixie-cron addresses the following security issue, which existed in previous versions. A buffer overflow existed in the 'crontab' command: if called by a user with a username longer than 20 characters, it would be possible for that user to gain elevated privileges.
Pine Update 3.0.2
|
Upon abnormal exit, the text editor saves any changes made to the file being edited into a new file in the current working directory labeled filename.save (where filename will correspond to the name of the file being edited, e.g. test.txt will be saved as test.txt.save). When saving this file, the text editor does not check for the file type. A user editing a file in a directory writable by others could be subject to having other files written to if a malicious user were to symbollically link the filename.save file to one of owner/group write access of the user. This would result in the contents of the pico session being written to the symbolically linked file.
This security update installs Pine v4.33-C1 which includes the latest Pico v4.0.
proftpd Update 3.0.1
|
This package upgrades the version of proftpd to 1.2.0rc3.
BIND Update 3.0.3
|
This patch upgrades the version of bind used by DNS to 8.2.3. This version of bind contains various security fixes for security holes that were found in BIND-8.2.2_P5.
DoS Attack Update 3.0.7
|
This security update prevents a DoS attack by corrupting htpasswd and passwd when a site administrator adds a new user to the system and the "/tmp" directory or the "/" (root) directory is full.
ncurses Update 3.0.2
|
There used to be an overflowable buffer in the part of the ncurses library handling cursor movement. Attackers can force a privileged application to use their own termcap file containing a special terminal entry which will trigger the ncurses vulnerability, allowing them to execute arbitrary code with the privileges of the exploited binary.
glibc Update 3.0.1
|
This updates the version of glibc. Prior to this update it was possible for local users to gain root access.
Sendmail Update 3.0.3
|
This update installs sendmail version 8.9.3. Older versions of sendmail could allow expected mail to be relayed through your site.
Tmpwatch Update 3.0.1
|
Prior to this update, the tmpwatch version was vulnerable to some denial of service attacks and the possibility of local root exploits.
Syslog Update 3.0.1
|
This update fixes a format string vulnerability in klogd that can be used to gain root access locally and in certain exceptional cases remotely.
Vacation Mail Exploit Update 3.0.1
|
This update fixes a security issue related with user's vacation mail.
System Update 3.0.2
|
This update upgrades proftp to 1.2.0rc2. Issues with using chmod via ftp have been solved.
Security Update 3.0.1
|
This update resolves a security issue with e-mail. Prior to this patch it was possible to get other users e-mail.
Security Update 3.0.1
|
This security package contains an updated version of qpopper. The previous version of qpopper could possibly allow an attacker who has access to a valid account to obtain a shell with group-id 'mail', potentially allowing read/write access to all mail.
Security Update 3.0.1
|
This update resolves a security issue with Man when running makewhatis daily. Prior to this patch it would be possible to gain access to root files.
siteUserAdd Update 3.7
|
This packages addresses a security issue with the Sun Cobalt RaQ 1 server appliance user interface which could allow a site administrator from one site to modify site information for another site.
Logrotate Config Fix Update 3.8
|
Removes erroneous entries from the logrotate configuration files. This patch should only be installed after OS Update 3.0.
proftpd Update 3.5
|
The package will install a newer version of proftpd. This new version resolves the issue some people experience when there are more than 200 members of the site-admin group.
The symptom is typically that a user will FTP to the machine as a site administrator and will not be able to access any directories above his home directory. Note: This patch fixes the issue that was introduced on the Sun Cobalt RaQ 1 server appliance after RaQ1-Update-OS-3.0.pkg is installed.
DoS Update 3.4
|
This security update fixes a denial of service(DoS) attack problem with Apache. Using a bug in the HTTP headers, anyone can call certain URLs, that will result in Apache 1.3.3 consuming all system resources. This DoS attack can affect any Apache 1.3.3 web server. Applies only to Apache 1.3.3, Apache 1.3.1 is not vulnerable to this type of attack. Installing this update will eliminate the vulnerability to DoS attack.
Sendmail Update 3.3
|
This package contains an update to sendmail. The version currently installed on Sun Cobalt products could allow a user to corrupt the aliases database which would cause sendmail to stop running and the box to stop accepting e-mail. This update resolves this issue.
OS Update 3.0
|
- Active monitor fix for quota reporting problem of files ownaed by admin.
- Apache updated to 1.3.3 (also in Sun Cobalt RaQ Security update 1.0)
- DNS will be replaced by RaQ 2 DNS.
- Update to Qpopper to qpopper-2.53-1C4-NOPAM.mips.rpm fix problem with quota and temporary files.
- Proftpd update to fix problem that started in the pre2 (also in Sun Cobalt RaQ Security update 1.0)
- When user deletes vacation autoresponders, /etc/aliases gets set to nobody and mail get sent to /dev/null. Fixed.
- Add mailing list "list name" form field doesn't trim leading/trailing white space. Fixed.
- Restore of large .raq file fails. Fixed.
- Cannot create two site names with similar names. Fixed.
- English remained in secondary DNS confirm remove message. Fixed.
- Problem with Active Monitor if /etc/resolv.conf has no DNS servers specified. Fixed.
- Kernal reporting of TX packets as TX errors globbed to eth0. Fixed.
- Adding a vsite can take over a virtual interface from a running vsite. Fixed.
- analog-sitename.dat files can fill root partition. Fixed.
- Upgraded to bind 8.2.2.
- DNS not re-starting upon entering of multiple DNS entries. Fixed.
- Selecting Backup files modified in the last 31 days only backs up files modified on the first days of the past 31 day. Fixed.