≡ Menu

yum

Postfix MTA updated to fix security vulnerabilities such as incorrectly checks the ownership of a mailbox. In some configurations, this allows for appending data to arbitrary files as root. This update has been rated as having moderate security impact.

All users of postfix should upgrade to these updated packages.

How do I patch Postfix under Debian / Ubuntu Linux?

First, update the internal database, enter:
# apt-get update
Install corrected Postfix package, enter:
# apt-get upgrade

How do I patch Postfix under RHEL / CentOS Linux?

Type the following command under RHEL / CentOS 5.x:
# yum update
Type the following command under RHEL <= 4.x: # up2date -u

Firefox 3.0.1 has been released and available for download. This update has been rated as having critical security impact by the Mozilla. Use the following instructions to upgrade Firefox.

Security Issues

An integer overflow flaw was found in the way Firefox displayed certain web content. A malicious web site could cause Firefox to crash, or execute arbitrary code with the permissions of the user running Firefox. (CVE-2008-2785)

A flaw was found in the way Firefox handled certain command line URLs. If another application passed Firefox a malformed URL, it could result in Firefox executing local malicious content with chrome privileges. (CVE-2008-2933)

Download Firefox 3.0.1

=> Visit offical site to grab Firefox 3.0.1

How do I upgrade Firefox to version 3.0.1?

See how to install firefox-3.0.1.tar.bz2 in Linux

How do I update Firefox under Redhat / Fedora / CentOS Linux?

Simply type the following command, enter:
# yum update

How do I update Firefox under Debian / Ubuntu Linux?

Open terminal and simply type the following commands, enter:
$ sudo apt-get update
$ sudo apt-get upgrade

Most Linux distro can not display multilingual text on the console / shell prompt by default. There is a small hack which allows you to display other languages such as Hindi, Chinese, Korean, Japanese etc text on the prompt.

You need to use the bterm application, which is a terminal emulator that displays to a Linux frame buffer. It is able to display Unicode text on the console.

First, enable framebuffer by editing grub.conf file, enter:
# vi /etc/grub.conf
or
# vi /boot/grub/menu.lst
Find kernel line and append "vga=0x317" parameter:
kernel /vmlinuz-2.6.18-92.1.1.el5 ro root=LABEL=/ console=tty0 console=ttyS1,19200n8 vga=0x317
Save and close the file. Next, you need to install bterm - a unicode capable terminal program for the Linux frame buffer. Type the following command to install it under Fedora / RHEL / Cent OS Linux, enter:
# yum install bogl-bterm
If you are using Debian / Ubuntu Linux, enter:
$ sudo apt-get install bogl-bterm
Now reboot your Linux desktop / workstation so that kernel can create /dev/fb0. To use multilingual text on the console, type the command bterm, enter:
$ /usr/bin/bterm

Recommended Readings:

Linux Condor security and bug fix update

Condor is a specialized workload management system for compute-intensive jobs. It provides a job queuing mechanism, scheduling policy, priority scheme, and resource monitoring and management.

A flaw was found in the way Condor interpreted wildcards in authorization lists. Certain authorization lists using wildcards in DENY rules, such as DENY_WRITE or HOSTDENY_WRITE, that conflict with the definitions in ALLOW rules, could permit authenticated remote users to submit computation jobs,
even when such access should have been denied. (CVE-2008-3424)

How do I fix this bug in Condor Software?

Type the following command to fix this bug
# up2date -u
If you are using Red Hat Enterprise MRG 1, enter:
# yum update

Bug Fixed in this update

* the /etc/condor/condor_config file started with "What machine is your
central manager?". The following line was blank, instead of having the
"CONDOR_HOST" option, causing confusion. The "What machine..." text is now
removed.

* condor_config.local defined "LOCK = /tmp/[lock file]". This is no longer
explicitly defined; however, lock files may be in "/tmp/", and could be
removed by tmpwatch. A "LOCK_FILE_UPDATE_INTERVAL" option, which defaults
to eight hours, has been added. This updates the timestamps on lock files,
preventing them from being removed by tools such as tmpwatch.

* when a "SCHEDD_NAME" name in condor_config ended with an "@", the
system's hostname was appended. For example, if "SCHEDD_NAME = test@" was
configured, "condor_q -name test@" failed with an "Collector has no record
of schedd/submitter" error. Now, the hostname is not appended when a name
ends with an "@". In High Availability (HA) Schedd deployments, this allows
a name to be shared by multiple Schedds.

* when too few arguments were passed to "condor_qedit", such as
"condor_qedit -constraint TRUE", a segfault occurred. Better argument
handling has been added to resolve this.

* due to missing common_createddl.sql and pgsql_createddl.sql files,
it was not possible to use Quill. Now, these files are included in
"/usr/share/condor/sql/".

* "condor_submit -dump ad [file-name]" caused a segfault if the [file-name]
job contained "universe = grid".

* previously, a condor user and group were created if they did not exist,
without specifying a specific UID and GID. Now, UID and GID 64 are used.
The effect of this change is non-existent if upgrading the condor packages.
If an existing condor user and group are manually changed, problems with
file ownership will occur.

Configuration changes (from the Condor release notes - see link below):

* a new CKPT_SERVER_CHECK_PARENT_INTERVAL variable sets the time interval
between a checkpoint server checking if its parent is running. If the
parent server has died, the checkpoint server is shut down.

* a new CKPT_PROBE variable to define an executable for the helper process
Condor uses for information about the CheckpointPlatform attribute.

* STARTER_UPLOAD_TIMEOUT now defaults to 300 seconds.

* new variables (booleans) PREEMPTION_REQUIREMENTS_STABLE and
PREEMPTION_RANK_STABLE, configure whether attributes used in
PREEMPTION_REQUIREMENTS and PREEMPTION_RANK change during negotiation
cycles.

* a new GRIDMANAGER_MAX_WS_DESTROYS_PER_RESOURCE variable, with a
default value of 5, defines the number of simultaneous WS destroy commands
that can be sent to a server for type gt4 grid universe jobs.

* now, VALID_SPOOL_FILES automatically includes the "SCHEDD.lock" lock file
for condor_schedd HA failover.

* the default value for SEC_DEFAULT_SESSION_DURATION has been changed from
8640000 seconds (100 days) to 86400 seconds (one day).

Important: these updated packages upgrade Condor to version 7.0.4. For a
full list of changes, refer to the Condor release notes:
www.cs.wisc.edu/condor/manual/v7.0/8_3Stable_Release.html

condor users should upgrade to these updated packages, which resolve these
issues.

RHEL5: Linux Kernel kexec-tools bug fix update

An updated kexec-tools package that fixes a bug is now available for RHEL systems. The kexec-tools package provides tools that facilitate a new kernel to boot using the Linux kernel kexec feature, either on a normal or a panic reboot. Users of kexec-tools are advised to upgrade to this updated package, which resolves the following issue:

bt: unwind: failed to locate return link
makedumpfile corrupts vmcore on ia64: crash's bt fails to unwind

How do I fix this issue?

Type the following command as root user:
# yum update

Security Update for Red Hat Linux Kernel

Red Hat has issued a security update for its Kernel that fixes issues related to following packages. This update has been rated as having important security impact on RHEL 4.x / 5.x, and you are recommended to update system as soon as possible.

=> Updated GFS-kernel, gnbd-kernel,dlm-kernel, cmirror-kernel, cman-kernel, Virtualization_Guide, Cluster_Administration, and lobal_File_System packages that fix module loading and others issues under RHEL 4.x and 5.x available now.

How do I update my system?

Simply type the following two commands:
# yum update
Sample output:

Loading "rhnplugin" plugin
Loading "security" plugin
rhel-x86_64-server-vt-5   100% |=========================| 1.2 kB    00:00
rhel-x86_64-server-5      100% |=========================| 1.2 kB    00:00
Skipping security plugin, no data
Setting up Update Process
Resolving Dependencies
Skipping security plugin, no data
--> Running transaction check
---> Package kernel.x86_64 0:2.6.18-92.1.6.el5 set to be installed
---> Package kernel-devel.x86_64 0:2.6.18-92.1.6.el5 set to be installed
---> Package kernel-headers.x86_64 0:2.6.18-92.1.6.el5 set to be updated
---> Package Deployment_Guide-en-US.noarch 0:5.2-11 set to be updated
--> Finished Dependency Resolution
--> Running transaction check
---> Package kernel.x86_64 0:2.6.18-53.1.21.el5 set to be erased
---> Package kernel.x86_64 0:2.6.18-92.1.6.el5 set to be installed
---> Package kernel-devel.x86_64 0:2.6.18-92.1.6.el5 set to be installed
---> Package kernel-headers.x86_64 0:2.6.18-92.1.6.el5 set to be updated
---> Package Deployment_Guide-en-US.noarch 0:5.2-11 set to be updated
---> Package kernel-devel.x86_64 0:2.6.18-53.1.21.el5 set to be erased
--> Finished Dependency Resolution
Dependencies Resolved
=============================================================================
 Package                 Arch       Version          Repository        Size
=============================================================================
Installing:
 kernel                  x86_64     2.6.18-92.1.6.el5  rhel-x86_64-server-5   16 M
 kernel-devel            x86_64     2.6.18-92.1.6.el5  rhel-x86_64-server-5  5.0 M
Updating:
 Deployment_Guide-en-US  noarch     5.2-11           rhel-x86_64-server-5  3.5 M
 kernel-headers          x86_64     2.6.18-92.1.6.el5  rhel-x86_64-server-5  880 k
Removing:
 kernel                  x86_64     2.6.18-53.1.21.el5  installed          75 M
 kernel-devel            x86_64     2.6.18-53.1.21.el5  installed          15 M
Transaction Summary
=============================================================================
Install      2 Package(s)
Update       2 Package(s)
Remove       2 Package(s)
Total download size: 25 M
Is this ok [y/N]: y

Red Hat has issues urgent security update for rhpki package -- the Red Hat PKI Common Framework. This update has been rated as having important security impact by the Red Hat Security Response Team.

Red Hat Certificate System (RHCS) is an enterprise software system designed to manage enterprise Public Key Infrastructure (PKI) deployments. rhpki-common -- the Red Hat PKI Common Framework -- is required by the following four RHCS subsystems: the Red Hat Certificate Authority; the Red
Hat Data Recovery Manager; the Red Hat Online Certificate Status Protocol Manager; and the Red Hat Token Key Service.

A flaw was found in the way Red Hat Certificate System handled Extensions in the certificate signing requests (CSR). All requested Extensions were added to the issued certificate even if constraints were defined in the Certificate Authority (CA) profile. An attacker could submit a CSR for a
subordinate CA certificate even if the CA configuration prohibited subordinate CA certificates. This lead to a bypass of the intended security policy, possibly simplifying man-in-the-middle attacks against users that trust Certificate Authorities managed by Red Hat Certificate System.

How do I update my system?

Simply type the following command:
# yum update
Sample output:

Loading "rhnplugin" plugin
Loading "security" plugin
rhel-x86_64-server-vt-5   100% |=========================| 1.2 kB    00:00
rhel-x86_64-server-5      100% |=========================| 1.2 kB    00:00
Skipping security plugin, no data
Setting up Update Process
Resolving Dependencies
Skipping security plugin, no data
--> Running transaction check
---> Package yelp.x86_64 0:2.16.0-19.el5 set to be updated
---> Package nspr.i386 0:4.7.1-1.el5 set to be updated
---> Package nspr.x86_64 0:4.7.1-1.el5 set to be updated
---> Package nss.i386 0:3.12.0.3-1.el5 set to be updated
---> Package nss-tools.x86_64 0:3.12.0.3-1.el5 set to be updated
---> Package nss.x86_64 0:3.12.0.3-1.el5 set to be updated
---> Package xulrunner.x86_64 0:1.9-1.el5 set to be updated
--> Finished Dependency Resolution
Dependencies Resolved
=============================================================================
 Package                 Arch       Version          Repository        Size
=============================================================================
Updating:
 nspr                    i386       4.7.1-1.el5      rhel-x86_64-server-5  119 k
 nspr                    x86_64     4.7.1-1.el5      rhel-x86_64-server-5  117 k
 nss                     i386       3.12.0.3-1.el5   rhel-x86_64-server-5  1.1 M
 nss                     x86_64     3.12.0.3-1.el5   rhel-x86_64-server-5  1.1 M
 nss-tools               x86_64     3.12.0.3-1.el5   rhel-x86_64-server-5  2.2 M
 xulrunner               x86_64     1.9-1.el5        rhel-x86_64-server-5   10 M
 yelp                    x86_64     2.16.0-19.el5    rhel-x86_64-server-5  583 k
Transaction Summary
=============================================================================
Install      0 Package(s)
Update       7 Package(s)
Remove       0 Package(s)
Total download size: 16 M
Is this ok [y/N]: y
Downloading Packages:
(1/7): xulrunner-1.9-1.el 100% |=========================|  10 MB    00:09
(2/7): nss-3.12.0.3-1.el5 100% |=========================| 1.1 MB    00:00
(3/7): nss-tools-3.12.0.3 100% |=========================| 2.2 MB    00:02
(4/7): nss-3.12.0.3-1.el5 100% |=========================| 1.1 MB    00:00
(5/7): nspr-4.7.1-1.el5.x 100% |=========================| 117 kB    00:00
(6/7): nspr-4.7.1-1.el5.i 100% |=========================| 119 kB    00:00
(7/7): yelp-2.16.0-19.el5 100% |=========================| 583 kB    00:00
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
  Updating  : nspr                         ####################### [ 1/14]
  Updating  : nss                          ####################### [ 2/14]
  Updating  : xulrunner                    ####################### [ 3/14]
  Updating  : nspr                         ####################### [ 4/14]
  Updating  : yelp                         ####################### [ 5/14]
  Updating  : nss-tools                    ####################### [ 6/14]
  Updating  : nss                          ####################### [ 7/14]
warning: /etc/pki/nssdb/cert8.db created as /etc/pki/nssdb/cert8.db.rpmnew
warning: /etc/pki/nssdb/key3.db created as /etc/pki/nssdb/key3.db.rpmnew
  Cleanup   : yelp                         ####################### [ 8/14]
  Cleanup   : nspr                         ####################### [ 9/14]
  Cleanup   : nspr                         ####################### [10/14]
  Cleanup   : nss                          ####################### [11/14]
  Cleanup   : nss-tools                    ####################### [12/14]
  Cleanup   : nss                          ####################### [13/14]
  Cleanup   : xulrunner                    ####################### [14/14]
Updated: nspr.i386 0:4.7.1-1.el5 nspr.x86_64 0:4.7.1-1.el5 nss.i386 0:3.12.0.3-1.el5 nss.x86_64 0:3.12.0.3-1.el5 nss-tools.x86_64 0:3.12.0.3-1.el5 xulrunner.x86_64 0:1.9-1.el5 yelp.x86_64 0:2.16.0-19.el5
Complete!