Red Hat Linux 5.0 (Hurricane) General Errata included in Fermi Red Hat V5.0.2

Note: You do NOT need to apply these patches, they have been applied already.

See also:

• Red Hat Linux/Intel 5.0 Errata

• Intel: ftp://ftp.redhat.com/pub/redhat/updates/5.0/i386/

Please note that newer versions of some of these packages may be available in the same location; any new versions which are made available will fix all of the bugs older versions did, so you can use the latest version with no problems. 

Overview

• 03-Dec-1997: transfig
• 05-Dec-1997: tcp_wrappers-7.6-2
• 08-Dec-1997: window manager failure
• 10-Dec-1997: gtk
• 10-Dec-1997: mouseconfig
• 12-Dec-1997: joe
• 12-Dec-1997: vixie-cron
• 12-Dec-1997: wu-ftpd
• 17-Dec-1997: fstool
• 29-Dec-1997: util-linux
• 30-Dec-1997: ircii
• 30-Dec-1997: trn
• 31-Dec-1997: shadow-utils
• 31-Dec-1997: dump
• 31-Dec-1997: libc
• 07-Jan-1998: apache
• 13-Jan-1998: mars-nwe
• 13-Jan-1998: quota
• 19-Jan-1998: gated
• 26-Jan-1998: tmpwatch
• 26-Jan-1998: ppp
• 28-Jan-1998: gzip
• 05-Feb-1998: bru
• 08-Feb-1998: pine
• 09-Mar-1998: textutils
• 09-Mar-1998: findutils
• 10-Mar-1998: perl
• 20-Mar-1998: ncftp
• 21-Mar-1998: mh
• 25-Mar-1998: kbd
• 01-Apr-1998: lynx
• 13-Apr-1998: ncpfs,smbfs
• 17-Apr-1998: procps
• 18-Apr-1998: ypbind
• 20-Apr-1998: upgrade failure
• 23-Apr-1998: lpr
• 28-May-1998: bootp
• 28-May-1998: dhcpcd
• 28-May-1998: minicom
• 28-May-1998: dhcp
• 10-Jun-1998: xscreensaver
• 10-Jun-1998: findutils
• 23-Jun-1998: X11
• 23-Jun-1998: elm
• 30-Jun-1998: mailx
• 30-Jun-1998: metamail
• 30-Jun-1998: slang
• 30-Jun-1998: tin
• 30-Jun-1998: bind
• 02-Jul-1998: libtermcap
• 02-Jul-1998: rpm
• 14-Jul-1998: samba
• 20-Jul-1998: glibc
• 23-Jul-1998: initscripts
• 24-Jul-1998: imap
• 24-Jul-1998: kernel
• 24-Jul-1998: ncurses
• 17-Aug-1998: svgalib
• 20-Aug-1998: Netscape

Detailed Errata

Updated: 03-Dec-1997

Problem:

 
• (03-Dec-1997) XFig cannot export PostScript.

Updated: 10-Mar-1998

Problem:

 
• (10-Mar-1998) Fixes a seg fault condition when using POSIX's strftime() function. This was missed in yesterday's release. :(
• (09-Mar-1998) Security Fix: All versions of perl for Red Hat Linux have /tmp symlink attacks. New packages are available for Red Hat 5.0 which fix these problems.

The updates have been PGP signed with the Red Hat public key to ensure their authenticity.

• (05-Dec-1997) Various /var/tmp paths remain in Config.pm, breaking installs of 3rd party modules.

Updated: 05-Dec-1997

Problem:

 
• (05-Dec-1997) setenv in /etc/hosts.allow doesn't work.

Updated: 08-Dec-1997

Problem:

 
• (08-Dec-1997) The window manager will not start after upgrading to Red Hat 5.0

 
• Due to a bug in previous releases of Red Hat Linux, the problem most likely is the .Xclients file in the user's home directory. This file was installed in every user's home directory when a user was added to the system.

You will need to delete the .Xclients file:

                rm -f ~/.Xclients

If you want to use the fvwm2 window manager with a different configuration, please note that fvwm2 will not read a configuration from the command line if you invoke it with

                fvwm2 -f "command"

You will need to edit the ~/.Xclients file and change that to

                fvwm2 -cmd "command"

If you use (or want to use) a totally different window manager, you will need to exec it from your .Xclients file. Customized .Xclients files which don't rely on fvwm2 or fvwm95 window managers are not affected by this compatibility problem.

Updated: 20-Apr-1998

Problem:

 
• (08-Dec-1997) Upgrading of systems fail in the "Updating Packages" stage. Users that have a working 4.x system will sometimes get a strange error in which the install fails and exits.

 
• The first thing to do is login as root and mount the Red Hat Linux 5.0 CD-ROM on the current system. For most users this is done simply by typing:

        
                mount /mnt/cdrom

If this doesn't work, you may want to view the /etc/fstab for more information on where your CD-ROM is mounted. The next thing to do is enter the RPM directory on the Red Hat Linux 5.0 CD:

        
                cd /mnt/cdrom/RedHat/RPMS

Then run the RPM upgrade command like so:

        
                rpm -Uvh rpm-2.4.10-1glibc.i386.rpm

If it won't let you upgrade RPM make sure to use the force and nodeps flags:

                rpm -Uvh --nodeps --force rpm-2.4.10-1glibc.i386.rpm

After doing this there should only be one step left before you reboot and start the upgrade process. This is to rebuild the rpm database which is done by:

        
                rpm --rebuilddb

This should be the last step and should allow you to upgrade normally.

Updated: 10-Dec-1997

Problem:

 
(10-Dec-1997) Various gtk applications dump core when no DISPLAY is set.

Updated: 10-Dec-1997

Problem:

 
• (10-Dec-1997) Serial mouse autorpobing remembers proper port

Updated: 23-Jul-1998

Problem:

 
• (23-Jul-1998)

 This newer version fixes module issues when booting with loaders other than LILO, i.e. linload, syslinux, grub, chos, and problems with module dependencies.

 NOTE: This version of initscripts is intended for more recent, 2.0.34 and 2.0.35, kernels. Please see the 5.0 Intel errata for the newest kernel.

 

• (10-Mar-1998) Security Fix: The initscripts package has various temporary file creation race conditions. These bugs allow local users to create at least denial of service conditions and may allow local users to gain root access to affected systems. All systems with local users that do not have the root password should have these fixes applied. The fixes are available for Red Hat Linux 5.0. As always, these packages have been signed with the Red Hat PGP key.
• (30-Dec-1997) /proc gets mounted properly with this package. The package initscripts-3.25 had a bug that caused problems with some clone network device configurations. This also fixes the extremely slow tar extractions (a specific case of general user and group lookname brokeness)

Updated: 24-Jul-1998

Problem:

 
• (24-Jul-1998) Security Fix:

 Potential security problems have been identified in all versions of ncurses packages shipped with Red Hat Linux. Users of Red Hat Linux are recommended to upgrade to the new packages available under updates directory on our ftp site:

• (10-Dec-1997) This fixes the screen size problems seen in ncftp (among others).
• (31-Dec-1997)

 Fixes same problem as above, however, now built properly on the alpha as well.

Updated: 24-Jul-1998

Problem:

 
• (24-Jul-1998) Security Fix: This version fixes buffer overflow problems found by the Linux Security Audit group in the imap daemon.
• (12-Dec-1997) Some users reported imapd segfaulting on some inboxes. The latest versioni of imap sources fix this problem for the the test cases we have access to.

Updated: 12-Dec-1997

Problem:

 
• (12-Dec-1997) A resize problem when run in terminals which weren't 80x25 in size (either xterm or non-standard Linux consoles) affected joe.

Updated: 12-Dec-1997

Problem:

 
• (12-Dec-1997) A patch was added to prevent exploits of the code, disposing unsafe code portions from the sources.

Updated: 12-Dec-1997

Problem:

 
• (12-Dec-1997) Security Fix: A patch applying preventive measures against a not yet published possible exploit of the FTP server when operating in passive mode. This fix was provided by Olaf Kirch.

Updated: 17-Dec-1997

Problem:

 
• (17-Dec-1997) fstool has several problems, including improperly removing partitions it cannot find on the system. In particular, a few users have reported that it has been unable to find partitions containing swap space.

 
• The cabaret program is meant as a replacement for fstool, and does not suffer from several of its problems. Simply remove the fstool program and use cabaret instead:

                rpm -e fstool

                /usr/sbin/cabaret

Updated: 13-Apr-1998

Problem:

 
(13-Apr-1998) Permissions problems when mounting ncp and smb volumes.

Updated: 29-Dec-1997

Problem:

 
• (05-Dec-1997) vipw seg faults. This causes /etc/ptmp around, which breaks both chfn and chsh. Remove this file if is exists

 

• (22-Dec-1997) Fixes bugs in chfn which let users create bad /etc/passwd files.

 

• (29-Dec-1997) Fixes problems with more not suspending with ctrl-z

Updated: 30-Dec-1997

Problem:

 
• (18-Dec-1997) pine locks when sending out a message after you invoke the alternate editor to compose a message.
• (30-Dec-1997) Fixes window resizing problems (neither pine, nor pico were resizing properly
• (08-Feb-1998) Corrects problems using external filters.

Updated: 30-Dec-1997

Problem:

 
(30-Dec-1997) Fixes the problem with ctrl-z not suspending

Updated: 30-Dec-1997

Problem:

 
• (30-Dec-1997) Fixes the problem with ctrl-z not suspending

Updated: 31-Dec-1997

Problem:

 
• (31-Dec-1997) Fixes a problem with useradd core dumping on commands like:

 useradd -G wheel -d /home/newuser -n newuser

 The -G wheel previously broke things.

Updated: 31-Dec-1997

Problem:

 
• (31-Dec-1997) Works properly with partitions > 2 gigs.

Updated: 31-Dec-1997

Problem:

 
• (31-Dec-1997) Updates fixing many problems have been added.

Updated: 07-Jan-1998

Problem:

 
• (31-Dec-1997)Security Fix:A denial-of-service attack against apache http servers was recentely discovered. This fixes the problem for 5.0.
• (07-Jan-1998)Security Fix:Some potentially serious security flaws have been found in apache. While there problems do not allow any compromises by remote users, they do allow local users to gain access to the UID which apache is running as. Under all versions of Red Hat Linux, this is the user 'nobody', which greatly minimizes the impact of these problems.

Updated: 02-Jul-1998

Problem:

 
• (02-Jul-1998)

RPM reports problems with failed trigger scripts

• (28-May-1998) A newer version of RPM is needed to be able to upgrade security releases from now on.
• (31-Dec-1997)Security Fix: This fixes problems with RPM's --setperms option setting improper permissions on files.
• (08-Jan-1998)Many fixes such as the ftp fix have been added.

Updated: 13-Jan-1998

Problem:

 
• (13-Jan-1998) Problems of stopping and starting of init script fixed.

Updated: 13-Jan-1998

Problem:

 
• (13-Jan-1998) Now includes rpc.rquotad which was missing.

Updated: 19-Jan-1998

Problem:

 
• (19-Jan-1998) Many bugfixes for OSPF area selection problems and IFF_LOOPBACK flag problems fixed.

Updated: 21-Mar-1998

Problem:

 
• (21-Mar-1998) Security Fix: Buffer overflows have been found in msgchk as included with the mh package in all versions of Red Hat. These overflows allow all users to gain root access to systems with them installed, and are distinct from the problems found in earlier versions of mh.

If you do not need the mh package, the easiest fix for this problem is to:

rpm -e mh

If you do need it, fixes are available for users of Red Hat 5.0. As always, these packages have been signed with the Red Hat PGP key.
• (20-Jan-1998) Buffer overflows that allow users to gain root access.

Updated: 26-Jan-1998

Problem:

 
• (13-Jan-1998) Fixes --test and /etc/cron.daily/tmpwatch is no longer empty.
• (26-Jan-1998)Now runs automatically (the script was empty). and honors --test flag.

Updated: 26-Jan-1998

Problem:

 
• (26-Jan-1998) Properly pamified (works with shadow). Also fixes problems setting routes.

Updated: 23-Jun-1998

Problem:

 
• (23-Jun-1998) Security Fix:

 Various problems have been found by the Linux Security Auditing Team. All Red Hat users should upgrade.

• (26-Jan-1998)Security Fix:

 Filter commands have been removed for buffer overflows. Procmail should be used in place of the filter option.

Updated: 18-Apr-1998

Problem:

 
• (18-Apr-1998)

 This updated package corrects some problems when connecting to a non-Linux NIS server. Connecting now works on Alpha as well.

These packages have been signed with the Red Hat PGP key.

• (26-Jan-1998)

 Fixes numerous problems with ypservices.

Updated: 23-Jul-1998

Problem:

 
• (23-Jul-1998)

Many fixes, including but not limited to: RPC security patches, timezone fixes (yes BRU should work!!!), environment security fixes, lots of paranoia and exploit-prevention enhancements, fixed threading, resolver code security fixes

• (28-May-1998) A general updated version of glibc is now required to remain compatible with current and future security updates.
• (18-Apr-1998) Security Fix:

 A bug in glibc has been discovered that allows for a denial of service attack in ftpd. The following packages correct this problem and all users of Red Hat Linux 5.0 using ftpd should upgrade. As always, these packages have been signed with the Red Hat PGP key.

• (01-Apr-1998) New glibc packages are available now on the ftp site. These new packages fix (finally!) the problems in the dynamic loader code. Applications compiled for glibc using a lot of shared objects should now work reliably under glibc. Also various fixes to the sigprocmask handlers are in place.
• (20-Mar-1998) The new glibc packages fix problems in the NIS client and a series of bugs in the dynamic loader code.

This update requires that the texinfo package also be upgraded.

• (10-Mar-1998) There is a small problem with the portmap rpm that came with 5.0 in the %post section of the install that messes up the initscript. To avoid this problem, add the --noscripts option to upgrade the package, as in:

                rpm -Uvh --noscripts portmap-4.0-8.i386.rpm

• (17-Dec-1997)Security Fix: Some security problems have been found in glibc's resolver and portmap code.
• (22-Dec-1997) When using NIS, groups with more than one key in the group file couldn't log into the system. This was a result of glibc
• (20-Jan-1997) NIS stuff and other misc problems fixed. The vast majority of users only need the first two, but you need to upgrade to amd-920824upl102-11 and portmap-4.0-8 at the same time, or those services will stop working.

(28-Jan-1997) Updated version.

Updated: 28-Jan-1998

Problem:

 
• (28-Jan-1998)The executable gzexe , part of the gzip package, uses files in /tmp withh very predictable names. This can allow users to destroy contents of files on your system. As most systems do not use gzexe, this is potentially not a problem. However, Red Hat reccomends upgrading to the new versions to avoid future problems.

Updated: 23-Jun-1998

Problem:

 
• (11-Jun-1998)

A build system mistake was made when the previous packages were built and announced. Many server packages were not built, so a rebuild of the XFree tree was done. All packages are now available in the ftp dir.

• (05-Jun-1998) Security Fix:

 Major security holes have been found in the X libraries and xterm, which allow local users access to the root user. All systems which have X-Windows installed should update their systems.

Thanks to the XFree86 group for providing the patches.

• (04-Feb-1998) Various problems have been found in the X server which makes it a serious threat to system security. All versions of the X server, including MetroX and AcceleratedX, are thought to be affected (only XFree86 and the MIT X reference implementations are known to be, however). This problem affects all Red Hat Linux platforms and versions.

Updated: 09-Mar-1998

Problem:

 
• (09-Mar-1998) Security Fix: The findutils package has various temporary file creation race conditions. These bugs allow local users to create at least denial of service conditions and may allow local users to gain root access to affected systems. All systems with local users that do not have the root password should have these fixes applied. The fixes are available for Red Hat Linux 5.0. As always, these packages have been signed with the Red Hat PGP key.

Updated: 09-Mar-1998

Problem:

 
• (09-Mar-1998) Security Fix: The textutils package has various temporary file creation race conditions. These bugs allow local users to create at least denial of service conditions and may allow local users to gain root access to affected systems. All systems with local users that do not have the root password should have these fixes applied. The fixes are available for Red Hat Linux 4.2. As always, these packages have been signed with the Red Hat PGP key.

Updated: 20-Mar-1998

Problem:

 
• (20-Mar-1998) Security Fix: All versions of ncftp packages for Red Hat Linux have /tmp symlink attacks. New packages are available for Red Hat 5.0 which fix these problems. All users of Red Hat Linux are encouraged to upgrade to the new ncftp releases immediately. As always, these packages have been signed with the Red Hat PGP key.

Thanks to the contributors of BUGTRAQ for finding and fixing this bug.

Updated: 25-Mar-1998

Problem:

 
• (25-Mar-1998) Security Fix:

 /tmp exploits have been found in this package. The new packages have been signed with Red Hat's PGP key.

Updated: 01-Apr-1998

Problem:

 
• (01-Apr-1998) Security Fix:

 Security problems have been found in lynx which allows remote web sites to cause lynx to do unwise things. Red Hat suggests all users of Red Hat Linux upgrade to the new release of lynx.

Updated: 30-Apr-1998

Problem:

 
• (30-Jun-1998) Security Fix:

 Various problems have been found by the Linux Security Auditing Team. All Red Hat users should upgrade.

• (09-Apr-1998) Security Fix:

 Major security problems have been found in all versions of bind which affect Red Hat Linux on all platforms. All users running bind hould upgrade as soon as possible. After upgrading to the new package, you must restart bind. To do so, issue the following:

                /etc/rc.d/init.d/named stop
                /etc/rc.d/init.d/named start

• Thanks to CERT and the ISC for their handling of this problem (CA-98.05).

Updated: 28-Jul-1998

Problem:

 
• (28-Jul-1998) Security Fix:

 The 2.0.35 kernel fixes various denial of service attacks. For more information on fixes and enhancements please see the Linux HQ 2.0 kernel patches page.

 To upgrade a Red Hat 5.0 box to the new kernels, you must also upgrade the modutils and initscripts packages. The kernel-modules package has also been eliminated. The modules are now a part of the base kernel package.

Alpha customers will need to download the kernel source and header RPMs and compile a kernel for their individual machines.

• (17-Apr-1998) Security Fix:

 A denial of service attack in the TCP/IP code has been discovered with the current Red Hat kernels on all platforms and versions. Red Hat suggests that all users upgrade their kernel to one that has been patched against this attack. The packages have been signed with the Red Hat PGP key.

Thanks to Alan Cox for the fix.

Updated: 17-Apr-1998

Problem:

 
• (17-Apr-1998) Security Fix:

 A file creation and corruption bug in XConsole included in procps-X11 versions 1.2.6 and earlier has been found. An exploit which causes a Denial of Service condition preventing anyone other than root from logging into the computer has been found, and others may well be found.

Red Hat Software strongly recommends that you upgrade. Thanks to Alan Iwi for finding the bug.

Updated: 23-Apr-1998

Problem:

 
• (23-Apr-1998) Security Fix:

 More buffer overflows have been found in lpr 0.30 as released on Saturday. As these flaws may allow users to gain root access to the local system, Red Hat Software recommends that all users upgrade to lpr 0.31 immediately.

Thanks to Niall Smart for finding this problem.

• (18-Apr-1998) Security Fix:

 
•  A major security problem has been found in all versions of lpr shipped with Red Hat Linux. Version 0.30 of lpr fixes this and is now available. Red Hat Software encourages all users of Red Hat to upgrade to this new version immediately.

Updated: 01-Jun-1998

Problem:

 
• (01-Jun-1998) Security Fix:

 The bootp package has security problems. Thanks to Chris Evans for finding this problem.

Updated: 30-Jun-1998

Problem:

 
• (30-Jun-1998) Security Fix:

 More problems have been found by the Linux Security Auditing Team. All Red Hat users should upgrade.

• (23-Jun-1998) Security Fix:

 Various problems have been found by the Linux Security Auditing Team. All Red Hat users should upgrade.

• (01-Jun-1998) Security Fix:

 
•  The metamail package has security problems. Thanks to Chris Evans for finding this problem.

Updated: 01-Jun-1998

Problem:

 
• (01-Jun-1998) Security Fix:

 The dhcpcd package has security problems. Thanks to Chris Evans for finding this problem. After upgrading, you must either reboot your machine or restart the daemon:

        /etc/rc.d/init.d/network restart

Updated: 02-Jun-1998

Problem:

 
• (02-Jun-1998) Security Fix:

 Buffer overflows have been found in the minicom package. Red Hat suggests all users upgrade to a new minicom version immediately.

Updated: 02-Jun-1998

Problem:

 
• (02-Jun-1998) Security Fix:

 A new version of the ISC dhcp daemon is now available, which fixes many security concerns. Users of Red Hat 5.0 with the package called dhcpd should upgrade to the new release immediately. After upgrading, be sure to restart the dhcp daemon with the following command:

        /etc/rc.d/init.d/dhcpd restart

Thanks to Chris Evans for pointing out these problems and to the ISC for the fix.

Updated: 10-Jun-1998

Problem:

 
• (10-Jun-1998) Security Fix:

 Various, minor security problems were found in this package. Thanks to Jamie Zawinski for fixing this.

Updated: 10-Jun-1998

Problem:

 
• (10-Jun-1998) Security Fix:

 Various, minor security problems were found in this package. Thanks to Kevin Vajk and Emmanuel Galanos for helping out with these.

Updated: 30-Jun-1998

Problem:

 
• (30-Jun-1998) Security Fix:

 More problems have been found by the Linux Security Auditing Team. All Red Hat users should upgrade.

• (23-Jun-1998) Security Fix:

 Various problems have been found by the Linux Security Auditing Team. All Red Hat users should upgrade.

• (12-Jun-1998) Security Fix:

 /tmp races have been found in the mailx package. All users of Red Hat Linux should upgrade this package.

Updated: 30-Jun-1998

Problem:

 
• (30-Jun-1998) Security Fix:

 Various problems have been found by the Linux Security Auditing Team. All Red Hat users should upgrade.

Updated: 30-Jun-1998

Problem:

 
• (30-Jun-1998) Security Fix:

 Various problems have been found by the Linux Security Auditing Team. All Red Hat users should upgrade.

Updated: 02-Jul-1998

Problem:

 
• (02-Jul-1998) Security Fix:

 Security problems have been found that allow local users to gain root access. All Red Hat users should upgrade.

Updated: 14-Jul-1998

Problem:

 
• (14-Jul-1998) Security Fix:

 Serious security problems have been found in all versions of Samba shipped with Red Hat Linux. All users of samba should upgrade to the latest version, and restart samba with: /etc/rc.d/init.d/smb stop; /etc/rc.d/init.d/smb start as soon as possible.