[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-users] RAQ3 : new update Posted: April 25, 2001

Subject: [cobalt-users] RAQ3 : new update Posted: April 25, 2001
From: tong@xxxxxxxx
Date: Mon Apr 30 08:59:30 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

vixie-cron Update 4.0.1 ( new version )
---------> RaQ3-All-Security-4.0.2-9648.pkg < ------------

Note: If you had installed version 4.0.1 of this patch please install this new version. It was
discovered that after rebooting the RaQ3 with version 4.0.1 some errors would occur.
Update 4.0.2 corrects this.

This patch upgrades the version of vixie-cron to 3.0.1-40. This version of vixie-cron
addresses the following security issue, which existed in previous versions. A buffer
overflow existed in the 'crontab' command: if called by a user with a username longer than
20 characters, it would be possible for that user to gain elevated privileges.

Kernel update 4.0.1
Posted: April 25, 2001

Reboot required: Yes

This Kernel Upgrade provides a fix for the sysctl negative offset bug as well as the ptrace
setuid bug. Information regarding this update can be found at Security Focus? website.
The urls are:
http://www.securityfocus.com/vdb/?id=2364 - sysctl bug
http://www.securityfocus.com/vdb/?id=2044 - ptrace bug

RPM 4.0.1
April 5, 2001

This package installs a newer version of RPM (rpm-3.0.5-9.6x) and all the associated rpms
RPM: rpm-3.0.5-9.6x.i386.rpm
RPM: rpm-python-3.0.5-9.6x.i386.rpm (not on Sun Cobalt RaQ 3 server)
RPM: rpm-build-3.0.5-9.6x.i386.rpm (not on Sun Cobalt RaQ 3 server)
RPM: rpm-devel-3.0.5-9.6x.i386.rpm
RPM: popt-1.5-9.6x.i386.rpm

URL Attack Exposure 4.0.1
April 5, 2001

Security fix to remove URL attack exposure from Sun Chili!Soft ASP Samples
codebrws.asp script.

This patch will remove the ability for a person to modify the URL when used in conjunction
with the codebrws.asp script that ships with the Sun Chili!Soft ASP samples, to view
system configuration files.

______
| |__| | If it's there and you can see it - it's real
| () | If it's there and you can't see it - it's transparent
|______| If it's not there and you can't see it - you erased it!

Prev by Date: [cobalt-users] Virtual sites
Next by Date: [cobalt-users] RAQ3 : vixie-cron Update 4.0.1 ( new version RaQ3-All-Security-4.0.2-9648.pkg aka 4.0.2 )
Previous by thread: RE: [cobalt-users] [OT] CI Host as Outsource
Next by thread: [cobalt-users] RAQ3 : vixie-cron Update 4.0.1 ( new version RaQ3-All-Security-4.0.2-9648.pkg aka 4.0.2 )

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index