Red Hat Linux/Intel 5.2 (Apollo) Errata

                                                      (Updated: 13-Nov-1998)
                                                                            
   [1]mail problems with errata to faq-maintainer
   
    See also:
    
     * [2]Red Hat Linux 5.2 General Errata
       
   The following are known problems specific to Red Hat Linux/Intel 5.2.
   Updates are available for FTP from:
   
   If you have problems downloading fixes from the official site
   (ftp.redhat.com), please try one of the many Red Hat [3]mirrors.
     * [4]updates.redhat.com
       
   Please note that newer versions of some of these packages may be
   available in the same location; any new versions which are made
   available will fix all of the bugs older versions did, so you can use
   the latest version with no problems.
     _________________________________________________________________
   
  Overview
  
     * 22-Dec-1998: [5]Security: Netscape
     * 13-Nov-1998: [6]Security: libc5
     * 06-Nov-1998: [7]Security: svgalib
     * 06-Nov-1998: [8]Security: zgv
       
     Package: Netscape
   
   Updated: 22-Dec--1998
   
   Problem:
     * (22-Dec-1998) Security Update:
       Various security vulnerabilities have been found in versions of
       Netscape Navigator and Communicator as shipped with Red Hat Linux.
       More information on the security vulnerabilities is available at
       [9]Netscape
       It is recommended that users of Red Hat Linux upgrade to the new
       packages available on our FTP site:
       
   Solution:
     * Intel: Upgrade to:
       [10]netscape-communicator-4.08-1.i386.rpm
       [11]netscape-navigator-4.08-1.i386.rpm
       [12]netscape-common-4.08-1.i386.rpm
     _________________________________________________________________
   
     Package: libc5
   
   Updated: 13-Nov-1998
   
   Problem:
     * (13-Nov-1998) Security Fix:
       A buffer overflow has been identified in all versions of the libc
       5 packages shipped with Red Hat Linux. The most affected systems
       are those that are libc 5 based (Red Hat Linux 4.2 and older).
       Only Intel and Sparc architectures are affected.
       The Red Hat Linux 5.x releases are glibc (libc 6) based, and Red
       Hat does not ship any binaries linked against libc 5 that might be
       used for compromising the system's security. However, Red Hat
       Linux 5.x releases do include for backwards compatibility a
       package containg a vulnerable library.
       Users of Red Hat Linux are recommended to upgrade to the new
       packages available under updates directory on our ftp site:
       
          rpm -Uvh libc-5.3.12-28.i386.rpm
        

   Solution:
     * Intel: Upgrade to:
       [13]libc-5.3.12-28.i386.rpm
     _________________________________________________________________
   
     Package: svgalib
   
   Updated: 06-Nov-1998
   
   Problem:
     * (06-Nov-1998) Security Fix:
       svgalib has been found to leak file descriptors to /dev/mem. Red
       Hat would like to thank the users of the BUGTRAQ security list for
       identifying the problem and Kevin Vajk for providing a fix. Users
       of Red Hat Linux are recommended to upgrade to the new packages
       available under the updates directory on our ftp site: To upgrade
       this package use the rpm command: rpm -Uvh svgalib-1.3.0-1
       
   Solution:
     * Intel: Upgrade to:
       [14]svgalib-1.3.0-3
       [15]svgalib-devel-1.3.0-3
     _________________________________________________________________
   
     Package: zgv
   
   Updated: 06-Nov-1998
   
   Problem:
     * (06-Nov-1998) Security Fix:
       Auditors of zgv have found buffer overflows that could be
       exploited to gain root privileges. Red Hat would like to thank the
       users of the BUGTRAQ security list for identifying the problem and
       Kevin Vajk for providing a fix. Users of Red Hat Linux are
       recommended to upgrade to the new packages available under the
       updates directory on our ftp site. To upgrade this package use the
       rpm command: rpm -Uvh zgv-3.0-6.i386.rpm
       
   Solution:
     * Intel: Upgrade to:
       [16]zgv-3.0-6.i386.rpm
     _________________________________________________________________
   
                     [17]Support | [18]Product Errata |
   
         Copyright © 1995-1999 Red Hat Software. [19]Legal notices

References

   1. http://www.redhat.com/support/about/faq-maintainer.html
   2. http://www.redhat.com/support/docs/rhl/rh52-errata-general.html
   3. http://www.redhat.com/mirrors.html
   4. ftp://updates.redhat.com/5.2/i386
   5. http://www.redhat.com/support/docs/rhl/intel/rh52-errata-intel.html#Netscape
   6. http://www.redhat.com/support/docs/rhl/intel/rh52-errata-intel.html#libc5
   7. http://www.redhat.com/support/docs/rhl/intel/rh52-errata-intel.html#svgalib
   8. http://www.redhat.com/support/docs/rhl/intel/rh52-errata-intel.html#zgv
   9. http://home.netscape.com/products/security/resources/notes.html
  10. ftp://updates.redhat.com/5.0/i386/netscape-communicator-4.08-1.i386.rpm
  11. ftp://updates.redhat.com/5.0/i386/netscape-navigator-4.08-1.i386.rpm
  12. ftp://updates.redhat.com/5.0/i386/netscape-common-4.08-1.i386.rpm
  13. ftp://updates.redhat.com/5.2/i386/libc-5.3.12-28.i386.rpm
  14. ftp://updates.redhat.com/5.2/i386/svgalib-1.3.0-3.i386.rpm
  15. ftp://updates.redhat.com/5.2/i386/svgalib-devel-1.3.0-3.i386.rpm
  16. ftp://updates.redhat.com/5.2/i386/zgv-3.0-6.i386.rpm
  17. http://www.redhat.com/support
  18. http://www.redhat.com/support/docs/errata.html
  19. http://www.redhat.com/redhat/website.html#legal