Jump to content

NEW UPDATES RH 9.0!!


jong357

Recommended Posts

THIS THREAD WILL RE-APPEAR EACH TIME THERE WILL BE NEW UPDATES Do yourself a favor and make that annoying exclamation mark turn into a less annoying check mark!!! Updating after a clean install can be time consuming with dial up, but once done, will insure that you have the latest packages available for your system. Errata (bug/security fixes) do not apply by running Up2date. You must log in to your account and then visit the "Eratta" tab in order to schedule those fixes. You will have to wait in line to use their server but shouldn't take more than an hour to start downloading at any given time.... Running "up2date" at a prompt or simpliy clicking on the icon in the task bar will enable you to download all other available packages.... All updates and Eratta listed on this thread apply to a Full install of Version 9, excluding all server packages. If you run a server there may be others that are not listed here. It is important to enable "E-mail Notification" on your account to be informed of such updates.ERRATA: ( Do not log out while you are waiting )--Peachy lists a link below for manual download--Security Advisory RHSA-2003:108 Updated Evolution packages fix multiple vulnerabilities 2003-03-31Security Advisory RHSA-2003:120 Updated sendmail packages fix vulnerability 2003-03-31Security Advisory RHSA-2003:101 Updated OpenSSL packages fix vulnerabilities 2003-04-01Security Advisory RHSA-2003:091 Updated kerberos packages fix various vulnerabilities 2003-04-02Security Advisory RHSA-2003:128 Updated Eye of GNOME packages fix vulnerability 2003-04-03Security Advisory RHSA-2003:109 Updated balsa and mutt packages fix vulnerabilities 2003-04-03Security Advisory RHSA-2003:135 Updated 2.4 kernel fixes USB storage 2003-04-08Security Advisory RHSA-2003:137 New samba packages fix security vulnerability 2003-04-09Bug Fix Advisory RHBA-2003:136 glibc bugfix errata 2003-04-09Security Advisory RHSA-2003:126 Updated gtkhtml packages fix vulnerability 2003-04-14Security Advisory RHSA-2003:076 Updated ethereal packages fix security vulnerabilities 2003-04-23Security Advisory RHSA-2003:002 Updated KDE packages fix security issues 2003-05-12Security Advisory RHSA-2003:160 Updated xinetd packages fix a denial-of-service attack and other bugs 2003-05-13Security Advisory RHSA-2003:172 Updated 2.4 kernel fixes security vulnerabilities and various bugs 2003-05-14Security Advisory RHSA-2003:174 Updated tcpdump packages fix privilege dropping error 2003-05-15Security Advisory RHSA-2003:175 Updated gnupg packages fix validation bug 2003-05-20Security Advisory RHSA-2003:171 Updated CUPS packages fix denial of service attack 2003-05-27Security Advisory RHSA-2003:181 Updated ghostscript packages fix vulnerability 2003-05-30Security Advisory RHSA-2003:187 Updated 2.4 kernel fixes vulnerabilities and driver bugs 2003-06-03Bug Fix Advisory RHBA-2003:185 Updated printer database available 2003-06-09UPDATED PACKAGES : ( After applying all Errata )Well, it appears there are none after applying all erata... Every single updated package listed thru "up2date" is contained within the errata themselves... Whether you choose to update thru RHN or up2date, it doesn't matter....( disregard my statement about errata not being applied thru up2date ). For those of you using a winmodem, it will likely not work after upgrading the Kernel. Just a word of warning....

Link to comment
Share on other sites

  • Replies 87
  • Created
  • Last Reply

Top Posters In This Topic

  • jong357

    22

  • havnblast

    18

  • quint

    18

  • Bruno

    17

Top Posters In This Topic

Brilliant Jon !This will make our RedHat users happy and give them a safe and bugfree system. The list is long, but as I understand this is a backlog of several month of updates, since the release of RedHat 9.Thanks a millionB) Bruno

Link to comment
Share on other sites

Yep... That is EVERY update since the OS hit the shelves.... Once you get all that under your belt, it's relatively painless to stay current....Jon

Link to comment
Share on other sites

:huh: still don't see how it's free - cause I didn't see any of the package updates in my RedHat account on the web to download. All I saw was the update pretaining to the Kernal
Link to comment
Share on other sites

ABOUT KERNEL UPGRADES WARNING !! NOTE: People with a Nvidia kernel should wait for the right nvidia packages, or will lose their 3D support ! See Mike180´s Thread and This one from Havnblast !!!

I also don't update the Kernel.... Many things are dependent on the Kernel version. Every six months there will be a new release anyway, so why bother.....
:huh: Bruno
Link to comment
Share on other sites

Bruno you need to fix the one link - it is messed up with the URLWhat I was hoping was that the new kernal version would be more stable than the one I got. I wonder if this is an issue with all video cards and RH 9.0 or just nvidia.

Link to comment
Share on other sites

Thanks Kelly, fixed the link . . . it´s O.K. now. ( the google-site it pointed to first did not hold any good info :huh: ):( Bruno

Link to comment
Share on other sites

Thanks!That works - downloading as we speak :unsure: I'll just skip the up2date concept and download em directly - than I got a copy for later if needed

Link to comment
Share on other sites

Thanks Peachy... That should be links for everything now..... :unsure: I also noticed that once you apply all the errata, your list of updated packages decrease significantly.... I'll have to take those out...Jon

Link to comment
Share on other sites

Ok, so quick question on the errata updates - If you see a bunch of em and you download the most current one does that include the previous ones too?I am mainly talking about the ones you see that are Updated 2.4 kernel fixes, since I just update kernal to 2.4.20-18.9 would I need the updates prior to that release date?

Link to comment
Share on other sites

Ok, so quick question on the errata updates - If you see a bunch of em and you download the most current one does that include the previous ones too?I am mainly talking about the ones you see that are Updated 2.4 kernel fixes,  since I just update kernal to 2.4.20-18.9 would I need the updates prior to that release date?
KellyIn most cases, a security update fixes a hole (vunerabillety ), the same hole is not fixed twice, if there is a new hole, that one gets fixed after . . . . so what I´m saying is you need all the updates, and the best is to do them in the order of the dates the patches came out., only a kernel upgrade would replace the old one with a new one, so previous patches are useless.Linux is always very quick to patch new vunerabilleties, that is why most of them are small and only target one problem at a time. Also this is why there are so many. Saving up bugs and security issues for one big fix is a policy of an( other ) well known software maker :blink: B) :DB) Bruno
Link to comment
Share on other sites

nlinecomputers

Bruno,

Ok, so quick question on the errata updates - If you see a bunch of em and you download the most current one does that include the previous ones too?
In most cases, a security update fixes a hole (vunerabillety ), the same hole is not fixed twice, if there is a new hole, that one gets fixed after . . . . so what I´m saying is you need all the updates, and the best is to do them in the order of the dates the patches came out., only a kernel upgrade would replace the old one with a new one, so previous patches are useless.
Perhaps I'm incorrect or I am missunderstanding you but I disagree with that line.When a linux distro makes a patch to a package (a RPM file) the old version of the package is removed and replaced with the new RPM file. It will have a new (higher) version number. Most programers use a three place version number scheme of x.y.z X is a major revison. Y a minor revision. And Z is used to denote patches. For example Mandrake 9.1 shipped with apache 2.0.45. A patch came out to push the version number to 2.0.46. If you don't have apache on your system and deside to install it it is NOT required for you to install 2.0.45 off your CDs and then "patch" it. You can simply download and install 2.0.46 from the update website.
Link to comment
Share on other sites

You are both right and it's confusing me.... It seems to be that you are both making seperate points. I don't know. I just woke up and am not happy about it... :blink: If I understand you right Kelly, you want to know if you download the most recent dated Errata, will you need all the others? Yes you do... You need all of them. They all contain diffirent packages and fix diffirent things.... Patching with a new kernel will not fix the vulnerabilities in cups or anything else for that matter... That kernel upgrade was specificly related to some problems with usb and a few others... On another note, I sort of mistated something on the first post of this thread. You can apply errata thru using up2date in your task launcher. I had 30 updated packages that it was telling me about. With each Errata that I scheduled and then applied thru RHN that list went down with every one.... If you noticed, that list at the bottom got decimated from what I originally posted... I still haven't done a few errata so more of those will probably get booted... So whether you choose to run "up2date" or just log in to RHN and apply all the errata, they are they same thing.... If you do a manual download of the eratta, you will see that they are nothing but all the packages that are listed thru Up2Date..... Anywho.....I'm in the process of manually downloading everything. I'm going to make a script that will execute one after the other. If you don't already have a package installed, the script will skip over it and move to the next one... If the script specifies a package that was not downloaded, it will skip over that (obviously).... I figured I would just list EVERYTHING in the script and gzip it for download or something... If anyone could use something like that. I'm getting tired of updating. Takes hours upon hours on a dial up... So if anyone was going to download them all like I am and burn them to disk, this script will be really nice.... It won't install anything that you don't already have or didn't want.... I'll link it after my downloads are complete and I test it out on a new install...Jon

Link to comment
Share on other sites

Nathan and Jon, Thanks for your remarks and clarifying things. I have to admit that in my wish to keep it simple, I did overlook a few aspects and was not accurate. The version numbers are indeed a good lead in this. As ultimate evidence of my split personality: The last post yesterday ( only ten hours earlier ) in The Tips for Linux Starters was a story explaining the version- and patch numbers :) If you both keep a close eye on me, I´m sure the members of this forum will get the right information in the end :blink: ! Thanks again B) Bruno

Link to comment
Share on other sites

nlinecomputers
You are both right and it's confusing me.... It seems to be that you are both making seperate points.
Ok I see your view point. Let me see if I can address both.Kelly and anyone else lurking in this thread. EVERY update bullitin that Red Hat issues you should get a copy of or at least be aware of it. Pay attention to Red Hat's advisory page that is found here. Now it is not necessary to install every RPM on the update list. You should only use the packages that you allready have installed. For example if you have never loaded MySQL and don't want MySQL and there is a patched RPM for MySQL then don't install it. BUT in the future should you want MySQL you should load the new RPM off the update site not the one on your CD. For whatever package your trying to install use the latest package you can find.Now to be honest if you've got a fast connection to the internet it is almost just as easy to use the CDs to install the RPM and then immediately run up2date.(We Mandrake users have it easier. With URPMI we can tell it to load "MySQL" and if the lattest packages are on our CDs it prompts us for the CDs if the lattest package is on the net it downloads off the net instead. Debian's Apt-get works the same way.) The point is for best performance and highest security use the latest packages. Can you hear me now? Good. :blink:
Link to comment
Share on other sites

Can you hear me now? Good.
Did you switch computers when you typed that? :D Yea, your right... It will remove an old rpm if you update with a new one. And you don't need the old one. They are complete packages unto themselves. Apt-Get works with Red Hat as well.... Man, I love that program... I just stumbled upon it not too long ago. When I first started using Linux, I wanted Mplayer... I downloaded the rpm, ran it.. It had several dependencies... Downloaded those. Each one of those had dependencies. I pulled my hair out, said a few cuss words and said "to **** with mplayer". apt-get downloaded everything and then installed them all... Pretty slick.... You can also type: apt-get upgrade, and it will snag all your up2date packages. Still haven't really figured out Synaptic. Don't really want to... It's better thru a prompt..Jon
Link to comment
Share on other sites

nlinecomputers

Synaptic is easy enought. You see the list of RPMs you click on one hit the install Icon and bam it grabs it all. It just a fancy front end for apt-get. Nice thing about synaptic is that you can browse the list of RPMs. Find cool things you never heard of before.

Link to comment
Share on other sites

I understand now - thanks guys and yes apt-get is a great tool I used it with 8.0 and installed it right away after I installed 9.0. I agree with you Jon about doing updates on a dial up modem - very time consumingSynaptic - hmmmmm never heard of that program, will have to look into it. I tried updating Evolution for 1.4.4 to 1.4.5 but it tells me it conflicts with files in 1.4.4 during install so it stop and doesn't do the update. I quit doing updates after that - still waiting on my Knoppix CD - gonna give it whirl.

Link to comment
Share on other sites

Yea, Synaptic is pretty cool I guess. Atleast you can see what packages are available....Kelly, just type this:suapt-get install synapticAfter it is installed, just type "synaptic" at a prompt and a gui will come up listing a whole bunch of stuff available for download....Don't forget to type:apt-get updatebefore you try to grab anything... It helps to keep your list current. It is a pain to download all those errata.... I went to a nieghbors and bought some beer and used his broadband/burner to snag em' all..... For those of you who don't know about "apt", you can get it from here. Just:cd /to/directory/where/apt/issurpm -Uvh apt-0.5.5cnc5-fr2.i386.rpmassuming that is the name of the file you downloaded... It is a program that will eliminate ALL dependencies of a particular RPM..... It makes installing programs a BREEZE.... It does everything for you... As long as apt can find the program in it's database list.... It's a really slick program....Jon

Link to comment
Share on other sites

Ran across this and figured it would fit here perfectlyYoLinux Tutorial - How To Install and Update A Redhat Linux Kernel RPMThis tutorial covers downloading and installing a new kernel for the Redhat distribution of Linux. The Kernel is loaded from the "RPM" package format. This tutorial is most useful for Red Hat 7.1 installations and older which used the Lilo operating system boot loader. Red Hat 7.2 introduced GRUB as the default boot loader and it is configured automatically by the RPM installation. Thus users of Red Hat 7.2 and later using the GRUB boot loader need not concern themselves with any special configuration requirements. Just install the RPM's and that is it. Use the RPM command "rpm -ivh kernel-2xxx.rpm" and NOT "rpm -Uvh kernel-2xxx.rpm" as is common for most RPM upgrades. The "rpm -Uvh" RPM upgrade command will remove the kernel which is still executing! Use the command "rpm -e kernel-2-OLD.rpm" to remove the old kernel after a system reboot. Also remove reference to the old kernel in the GRUB config file /etc/grub.conf.View Full Article

Link to comment
Share on other sites

Thanks for the info on "Apt-Get" - what a great little program for RH. :D It's almost too easy. While I'm here, was wondering if anyone has had any luck installing "gkrellm" in RH 9.0? I installed it and "lm_sensors" (latest versions), but cannot get the temperature, fan, and voltage sensors to work. Bruno had a thread awhile back where he helped me get it running in Mandrake 9.1, but when I followed those directions, they will not work in RH. :( I'm stuck at the most important part: <modprobe i2c-proc> as well as <sensors-detect>. :( Any help is greatly appreciated; Bruno really picked another great little program here, with "gkrellm". :rolleyes:

Link to comment
Share on other sites

I've never looked into that. I found their home page and will look into that... I use a laptop so it might be something cool to mess with... Still don't really know anything about it tho... If I get it working, I'll let you know Quint....Still no more updates....Jon

Link to comment
Share on other sites

WOO HOO!!!!Update:xpdf-2.01-8 ---------> xpdf-2.01-9:1Download4062 kbSummary:Updated Xpdf packages fix security vulnerabilityUpdated Xpdf packages are available that fix a vulnerability where amalicious PDF document could run arbitrary code.

Link to comment
Share on other sites

bash-2.05b-20 --------> bash-2.05b-20.1Download737 kb.Summary:> Updated bash packages fix several bugs> > Updated bash packages that fix several bugs are now available.> > Description:> The GNU Bourne-Again Shell (bash) is a command language interpreter that is> compatible with the Bourne shell (sh). Bash is the default shell> environment for Red Hat Linux.> > Several bugs have been found in the bash package, some of which affected> usability. The packages included in this erratum contain fixes that> address these issues.

Link to comment
Share on other sites

redhat-config-date-1.5.9-8 -------> redhat-config-date-1.5.15-1DownloadSummary:> An updated redhat-config-date package fixing a symlink-related bug is now> available.Description:> The redhat-config-date program is a graphically-oriented tool for setting> the system time, timezone, and date.> > When changing the timezone, redhat-config-date makes a symlink from> /etc/localtime to the appropriate timezone file in /usr/share/zoneinfo. > > If the system configuration includes a separate /usr partition, this can> cause a problem. The hwclock program (which is used to interact with the> system's hardware clock) is run at boot-time and requires access to the> selected timezone file. However, because hwclock runs before all file> systems are mounted, the symlink to the timezone file in> /usr/share/zoneinfo is invalid, and hwclock fails.> > This erratum fixes the problem by copying the timezone file into> /etc/localtime instead of making a symbolic link.THERE IS ALSO ANOTHER ONE..........Summary:> Updated ypserv packages fix a denial of service vulnerability> > Updated ypserv packages fixing a denial of service vulnerability are now> available.> Description:> The ypserv package contains the Network Information Service (NIS) server.> > A vulnerability has been discovered in the ypserv NIS server prior to> version 2.7. If a malicious client queries ypserv via TCP and subsequently> ignores the server's response, ypserv will block attempting to send the> reply. This results in ypserv failing to respond to other client requests.> > Versions 2.7 and above of ypserv have been altered to fork a child for each> client request, thus preventing any one request from causing the server to> block.> > Red Hat recommends that users of NIS upgrade to these packages, which> contain version 2.8.0 of ypserv and are therefore not vulnerable to this issue.

Link to comment
Share on other sites

unzip-5.50-7 ------------> unzip-5.50-14Download135 kb.Summary:> Updated unzip packages resolving a vulnerability allowing arbitrary files> to be overwritten are now available.> > Description:> The unzip utility is used for manipulating archives, which are multiple> files stored inside of a single file.> > A vulnerabilitiy in unzip version 5.50 and earlier allows attackers to> overwrite arbitrary files during archive extraction by placing invalid> (non-printable) characters between two "." characters. These non-printable> characters are filtered, resulting in a ".." sequence. The Common> Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name> CAN-2003-0282 to this issue.> > This erratum includes a patch ensuring that non-printable characters do not> make it possible for a malicious .zip file to write to parent directories> unless the "-:" command line parameter is specified.> > Users of unzip are advised to upgrade to these updated packages, which are> not vulnerable to this issue.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...