home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
SGI Origin & Onyx2 Patches 1998 May
/
Origin and Onyx2 System Disk Patches May 1998.img
/
dist
/
patchSG0002233.idb
/
usr
/
relnotes
/
patchSG0002233
/
ch1.z
/
ch1
Wrap
Text File
|
1997-09-04
|
7KB
|
265 lines
- 1 -
1. _P_a_t_c_h__S_G_0_0_0_2_2_3_3__R_e_l_e_a_s_e__N_o_t_e
This release note describes patch SG0002233 to IRIX 6.4.
Patch SG0002233 replaces patches SG0002217.
1.1 _S_u_p_p_o_r_t_e_d__H_a_r_d_w_a_r_e__P_l_a_t_f_o_r_m_s
This patch contains bug fixes for all hardware platforms.
1.2 _S_u_p_p_o_r_t_e_d__S_o_f_t_w_a_r_e__P_l_a_t_f_o_r_m_s
This patch contains bug fixes for IRIX 6.4.
1.3 _B_u_g_s__F_i_x_e_d__b_y__P_a_t_c_h__S_G_0_0_0_2_2_3_3
This patch contains fixes for the following bugs in IRIX
6.4. Bug numbers from Silicon Graphics bug tracking system
are included for reference.
+o The login/scheme program has a buffer overrun issue
which results in an exploitable security vulnerability
(Bug #494134).
+o A security issue has been discovered with the LOCKOUT
parameter in /etc/default/login (Bug #491422). This
incident resulted in CERT advisory CA-97.15 and AUSCERT
advisory AA-97.12.
Part of the fix for this problem is a new
/etc/default/login option, LOCKOUTEXEMPT. The file
/etc/default/login must be updated with the
LOCKOUTEXEMPT option from /etc/default/login.N before
this feature can be used.
Description follows:
If LOCKOUT is greater than zero, the users listed as
LOCKOUTEXEMPT will NOT be subject to the LOCKOUT
option. Usernames are separated by spaces, the list
must be terminated by end-of-line, maximum list length
is 240 characters. LOCKOUTEXEMPT is ignored unless
LOCKOUT is enabled, and the list is not empty.
Including privileged accounts (such as root) in the
LOCKOUTEXEMPT list is not recommended, as it allows an
indefinite number of attacks on the exempt accounts.
Also, if LOCKOUTEXEMPT is enabled, the
/etc/default/login file should be protected at mode 400
or 600 to prevent unauthorized viewing and/or tampering
with the LOCKOUTEXEMPT list.
- 2 -
LOCKOUTEXEMPT=oper1 niteop
+o A security issue has been discovered with the LOCKOUT
parameter in /etc/default/login (Bug #506487).
+o The df program has a buffer overrun issue which results
in an exploitable security vulnerability (Bug #494131).
+o The eject program has a buffer overrun issue which
results in an exploitable security vulnerability (Bug
#494133).
+o The /bin/at program appears to have a buffer overrun
issue which results in an exploitable security
vulnerability (Bug #498852).
+o DAT drives other than Archive Python were mis-
identified as type "cartridge", rather than DAT (Bug
#514461).
1.4 _S_u_b_s_y_s_t_e_m_s__I_n_c_l_u_d_e_d__i_n__P_a_t_c_h__S_G_0_0_0_2_2_3_3
This patch release includes these subsystems:
+o patchSG0002181.eoe_sw.unix
+o patchSG0002181.eoe_man
1.5 _I_n_s_t_a_l_l_a_t_i_o_n__I_n_s_t_r_u_c_t_i_o_n_s
Because you want to install only the patches for problems
you have encountered, patch software is not installed by
default. After reading the descriptions of the bugs fixed
in this patch (see Section 1.3), determine the patches that
meet your specific needs.
If, after reading Sections 1.1 and 1.2 of these release
notes, you are unsure whether your hardware and software
meet the requirements for installing a particular patch, run
_i_n_s_t. The _i_n_s_t program does not allow you to install
patches that are incompatible with your hardware or
software.
Patch software is installed like any other Silicon Graphics
software product. Follow the instructions in your _S_o_f_t_w_a_r_e
_I_n_s_t_a_l_l_a_t_i_o_n _A_d_m_i_n_i_s_t_r_a_t_o_r'_s _G_u_i_d_e to bring up the miniroot
form of the software installation tools.
- 3 -
Follow these steps to select a patch for installation:
1. At the Inst> prompt, type
iiiinnnnssssttttaaaallllllll ppppaaaattttcccchhhhSSSSGGGG_x_x_x_x_x_x_x
where _x_x_x_x_x_x_x is the patch number.
2. Initiate the installation sequence. Type
IIIInnnnsssstttt>>>> ggggoooo
3. You may find that two patches have been marked as
incompatible. (The installation tools reject an
installation request if an incompatibility is
detected.) If this occurs, you must deselect one of
the patches.
IIIInnnnsssstttt>>>> kkkkeeeeeeeepppp ppppaaaattttcccchhhhSSSSGGGG_x_x_x_x_x_x_x
where _x_x_x_x_x_x_x is the patch number.
4. After completing the installation process, exit the
_i_n_s_t program by typing
IIIInnnnsssstttt>>>> qqqquuuuiiiitttt
1.6 _P_a_t_c_h__R_e_m_o_v_a_l__I_n_s_t_r_u_c_t_i_o_n_s
To remove a patch, use the _v_e_r_s_i_o_n_s _r_e_m_o_v_e command as you
would for any other software subsystem. The removal process
reinstates the original version of software unless you have
specifically removed the patch history from your system.
vvvveeeerrrrssssiiiioooonnnnssss rrrreeeemmmmoooovvvveeee ppppaaaattttcccchhhhSSSSGGGG_x_x_x_x_x_x_x
where _x_x_x_x_x_x_x is the patch number.
To keep a patch but increase your disk space, use the
_v_e_r_s_i_o_n_s _r_e_m_o_v_e_h_i_s_t command to remove the patch history.
vvvveeeerrrrssssiiiioooonnnnssss rrrreeeemmmmoooovvvveeeehhhhiiiisssstttt ppppaaaattttcccchhhhSSSSGGGG_x_x_x_x_x_x_x
where _x_x_x_x_x_x_x is the patch number.
- 4 -
1.7 _K_n_o_w_n__P_r_o_b_l_e_m_s