The documentation that Dan attached is generic RedHat documentation. If
you use autorpm then the items described below will automatically be
upgraded if they exist on your system.
Sysklogd also needs to be restarted after the upgrade in order for the
new version to be used. You can either kill it and restart it or reboot
All of the security updates for 5.0.2 can be accessed at
Note the use of 502 vs current. This is because soon we will be making a
new current that is going to point to 521.
---------- Forwarded message ----------
Date: Wed, 07 Apr 1999 10:05:12 -0500
From: Dan Yocum <email@example.com>
Subject: [SECURITY UPDATES] pine, mutt, sysklogd, zgv, XFree86
I'm going to move the latest round of security patches from Red Hat into the
security area that autorpm grabs updates from at midnight. If you need
instructions on how to install autorpm and a Fermi-specific configuration
file, please refer to the following web page:
I've installed these packages on a default 5.0.2 system using autorpm with no
conflicts or problems. I've also installed them on my own machine (which
isn't so basic) with no problems.
Since the XFree86-<server> is updated, you may have to reboot your system or,
if you're running in runlevel 3, exit X-windows and restart it.
I'll include the announcements from Red Hat at the end of this email.
Security vulnerabilities have been identified in the XFree86 packages that
ship with Red Hat Linux. This security problem can allow local users to get
write access to directories that they are otherwise not able to write to.
All updates can be found at ftp://updates.redhat.com/5.2/i386.
1. Upgrade your X server. The package you need is dependent on which video
card you have. Get the server which matches your card.
2. Upgrade your X libraries and base install:
rpm -Uvh ftp://updates.redhat.com/5.2/i386/XFree86-libs-18.104.22.168-1.1.i386.rpm
rpm -Uvh ftp://updates.redhat.com/5.2/i386/XFree86-22.214.171.124-1.1.i386.rpm
3. Optionally, upgrade the additional X packages, such as fonts, devel,
Regarding the others:
Security vulnerabilities have been identified in various packages that
ship with Red Hat Linux.
Red Hat would like to thank the members of the BUGTRAQ mailing list,
the members of the Linux Security Audit team, and others. All users
of Red Hat Linux are encouraged to upgrade to the new packages
immediately. As always, these packages have been signed with the
Red Hat PGP key.
An problem in the mime handling code could allow a remote user
to execute certain commands on a local system.
Red Hat Linux 5.0
i386: rpm -Uvh ftp://updates.redhat.com/5.0/i386/mutt-0.95.4us-0.i386.rpm
rpm -Uvh ftp://updates.redhat.com/5.0/i386/pine-3.96-7.1.i386.rpm
source: rpm -Uvh ftp://updates.redhat.com/5.0/SRPMS/mutt-0.95.4us-0.src.rpm
rpm -Uvh ftp://updates.redhat.com/5.0/SRPMS/pine-3.96-7.1.src.rpm
An overflow in the parsing code could lead to crashes of the system
Red Hat Linux 5.0,5.1,5.2:
i386: rpm -Uvh ftp://updates.redhat.com/5.2/i386/sysklogd-1.3.31-0.5.i386.rpm
source: rpm -Uvh ftp://updates.redhat.com/5.2/SRPMS/sysklogd-1.3.31-0.5.src.rpm
--- Local users could gain root access.
Red Hat Linux 5.0: ------------------ i386: rpm -Uvh ftp://updates.redhat.com/5.0/i386/zgv-3.0-1.5.0.i386.rpm source: rpm -Uvh ftp://updates.redhat.com/5.0/SRPMS/zgv-3.0-1.5.0.src.rpm
Cristian-- ---------------------------------------------------------------------- Cristian Gafton -- firstname.lastname@example.org -- Red Hat Software, Inc. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ UNIX is user friendly. It's just selective about who its friends are.
___________________________________________________________________________ Dan Yocum | Phone: (630) 840-8525 Linux/Unix System Administrator | Fax: (630) 840-6345 Computing Division OSS/FSS | email: email@example.com .~. L Fermi National Accelerator Lab | WWW: www-oss.fnal.gov/~yocum/ /V\ I P.O. Box 500 | // \\ N Batavia, IL 60510 | "TANSTAAFL" /( )\ U ________________________________|_________________________________ ^`~'^__X_