 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
This page is for my own personal use with my Cobalt RaQ4. This content on this page is NOT mine. It all belongs to Sun Microsystems, Inc. Downloads should be applied from the bottom of the page to the top, as they must be applied in chronlogical order. Application of these patches in improper order will likely result in problems with the Sun Cobalt™ product.
Note: For all previous updates, please see http://ftp.cobalt.sun.com The md5sums listed below are for the unzipped ISO image files and not for the .gz files
Mutt Security Update 2.0.1
This update fixes security vulnerabilities with mutt. Pre-Requisites: Reboot Required: No MD5 Check Sum: 4a1b391bc789cd469fbcb20f1fe2eb55
ProFTPD Security Update 2.0.1
This update addresses a buffer overflow vulnerability with ProFTPD. Pre-Requisites: Reboot Required: No MD5 Check Sum: d47fcf99b19603d5096a18e63d3f5c72
Pine Security Update 2.0.1
This patch fixes security vulnerabilities in Pine. Pre-Requisites: Reboot Required: No MD5 Check Sum: 5173af407a7acffbd47d300d48279266
Fileutils Security Update 2.0.1
This updates address a remote denial of services vulnerability in the ls program, a utility that is part of the fileutils package. Pre-Requisites: Reboot Required: No MD5 Check Sum: 0160b0e292073272a0062e3ed64c8e1d
Rsync Security Update 2.0.1
This update addresses a heap overflow vulnerability in rsync, is a program for sychronizing files over the network. Pre-Requisites: Reboot Required: No MD5 Check Sum: 982e0aee16bfef2c7bf6941fd82a2134
BIND Security Update 2.0.1
This update addresses a vulnerability in BIND, that could allow an attacker to conduct cache poisoning attacks on the name servers by convincing the servers to retain invalid negative responses. For more information, see: CAN-2003-0914 Pre-Requisites: Reboot Required: No MD5 Check Sum: 3ccc453abf220577299a29602147e8aa
Slocate Security Update 2.0.1
This update addresses a vulnerability in slocate where the heap management structures could be corrupted possibly lead to an attacker gaining slocate group
privileges.
Reboot Required: No MD5 Check Sum: 7da97b57a3e721a506f95159337dc18e
Tcpdump Security Update 2.0.1
This update adresses a vulnerability in tcpdump, where the privileges were not dropped corrextly at startup time. for more information, see: CAN-2003-0194 Pre-Requisites: Reboot Required: No MD5 Check Sum: 68c07c7d46673e2505ce769192557061
Bash Security Update 2.0.1
This update addresses a vulnerability in the bash shell. Temporary files were created with insecure permissions, which could allow an attacker to launch a symlink attack to overwrite arbitrary files.
Reboot Required: No MD5 Check Sum: 637eeb5554fd973769ca9c2904a24b8a
Sendmail Security Update 2.0.2
This update addresses two vulnerabilities in Sendmail.
Version 2.0.1 ofthe patch did not preserve the configuration file correctly. This updated version (2.0.2) addresses this problem. Pre-Requisites: Reboot Required: No MD5 Check Sum: bbe4af96f826c3476286fdd48ae3497f
Apache & mod_ssl Security Update 2.0.1
This update addresses vulnerabilities discovered in Apache and mod_ssl.
Pre-Requisites: Reboot Required: Yes MD5 Check Sum: 1395cdb3d48c76b598cbd79a43eeb8e3
NFS-Utils Security Update 2.0.1
This update addresses a buffer overflow in nfs-utils that could be exploited by an attacker, causing a remote Denial of Service.
Reboot Required: No MD5 Check Sum: 3afb09c7032e5fcd94e5ee291c328d43
Sendmail Security Update 2.0.1 ***Replaced***
This update addresses two vulnerabilities in Sendmail.
Pre-Requisites: Reboot Required: No MD5 Check Sum: ba1fc625005f7c9d84f2fb4cace2ae67
Imap Clients Security Update 2.0.1
This update addresses multiple buffer overflow vulnerabilities discovered in various IMAP clients (Pine, Mutt, Imap). Reboot Required: No MD5 Check Sum: 8e61a1e9a313f87d269ceae03f33104d
BIND Security Update 2.0.1
This update addresses multiple vulnerabilities discovered in the Berkeley Internet Name Domain Server (BIND).
Reboot Required: No MD5 Check Sum: c26bbca1ac66a5b759b65afc4c783c31
Unzip Security Update 2.0.1
Updated unzip packages resolve a vulnerability allowing arbitrary files to be overwritten. The original patch to fix this issue (16170) missed a case where the path component included a quoted slash. These updated packages contain a new patch that corrects this issue. for more information, see: CAN-2003-0282 Reboot Required: No MD5 Check Sum: 0768c2e8ebbbc2997026eac6cf15d989
Zlib Security Update 2.0.2
This update addresses a buffer overflow vulnerability in the gzprintf function of the zlib compression package. For mor information, see CAN-2003-0107 Reboot Required: No MD5 Check Sum: 2bf5b46bc1027e4d787fab4529b529ca
Maximum Disk Space Update 2.0.1
This update addresses a problem when setting the maximum disk space for a virtual site to a value divisible by 10. Reboot Required: No MD5 Check Sum: 1cf0bfa6f15770a69b63ecf9a387eb6a
Kernel Update C37 2.0.1
This updated kernel fixes a vulnerability in ptrace that could allow local users to obtain full privileges. Remote exploitation of this hole is not possible. For more information see: CAN-2003-0127 This kernel also fixes a problem with the I2C driver where the locks were not IRQ safe. This could cause problems including the system reporting false fan failures, repeated raid syncs, and random reboots. Reboot Required: Yes MD5 Check Sum: a5b1f97c372cb5b517558e141792e3d9
Vim Security Update 2.0.1
This update addresses a vulnerability found in the Vim editor, that could allow attackers to execute arbitrary commands using the libcall feature in modelines. For more information, see CAN-2002-1377 Reboot Required: No MD5 Check Sum: 8b0f0b92200cff373028a338dca568e8
Apache & SSL Security 2.0.1
This update addresses multiple vulnerabilities found in Apache and OpenSSL.
Reboot Required: Yes
MD5 Check Sum: 187867bd991cfdd0eab0b8c0e913b0e0
Qpopper Security Update 2.0.1
This update addresses a buffer overflow vulnerability found in Qpopper. Reboot Required: No MD5 Check Sum: 46730b7b3beb48f2ece82730142fd486
Wget Security Update 2.0.1
This update addresses a directory traversal vulnerability in wget. Reboot Required: No MD5 Check Sum: a010a4c05392cc1486ca0f2d7dfa4125
Pine & File Security Update 2.0.1
This update addresses vulnerabilities found in the pine mail program and the file program. Pine was vulnerable to a remote denial of service. For more information, see http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1320 File was vulnerable to a local buffer overflow. For more information, see http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0102 Reboot Required: No MD5 Check Sum: 2e13e4520140d9bd3ef7e0a1e1d1f9c0
Glibc Security Update 2.0.1
This update addresses a security vulnerability in the glibc resolver. For more information, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1146 Reboot Required: Yes
MD5 Check Sum: cbcbb45e653b62c9005e7de2347c2173
Sendmail Security Update 2.0.1
This patch updates the Sendmail program on your server to address a buffer overflow vulnerability. See http://www.cert.org/advisories/CA-2003-12.html for more information. Pre-Requisites: Reboot Required: No MD5 Check Sum: 911dd676681b050a6c17e5733c79fb45
Kernel Update 2.0.1 C35
This patch will update your kernel to version 2.2.16-C35. This kernel addresses a RAID issue on the RaQ4 where synchronization of a RAID array could take a long time. Reboot Required: Yes MD5 Check Sum: e778ebe202cca27540d2cf28cb3ca1c8
Sendmail Security Update 2.0.1
This patch updates the Sendmail program on your server to address a remote buffer overflow vulnerability. See http://www.cert.org/advisories/CA-2003-07.html for more information. Reboot Required: No MD5 Check Sum: 8d01bb169854393f6547d2718f8f7f56
PHP & PostgreSQL Security Update 2.0.1
This package addresses several issues with PHP and postgresql. Two PHP bugs have been fixed; the first is arbitrary command execution via the 5th parameter of mail() and the second is URL redirection using fopen(). In Postgresql, multiple buffer overruns have been recently identified and patched. In addition, Postgresql debugging is now disabled by default. Reboot Required: Yes MD5 Check Sum: f4798e1d90d332e23855dd5161ad5496
Root DNS server update 2.0.1
The IP address of one of the root DNS servers (J.ROOT-SERVERS.NET) has been changed. This patch updates the list of root DNS servers on your appliance. Reboot Required: No MD5 Check Sum: f4216e305ee5341a6e6d043667c024a1
Tar & Unzip Security update 2.0.1
The unzip and tar utilities contain vulnerabilities which can allow arbitrary files to be overwritten during archive extraction. See http://www.securityfocus.com/archive/1/196445 for more information. Reboot Required: No MD5 Check Sum: b00b98f358c6bfdd239a188938e930d9
Cgiwrap Update 2.0.1
This package addresses a cross-site scripting vulnerablity with cgiwrap when used with browsers that ignore input before the HTML and BODY tags. Reboot Required: No MD5 Check Sum: 04c0e33304a3225498ac7667ff8b4a55
Util-linux Update 2.0.1
The chfn binary from the util-linux package could be used to gain unauthorized access. Reboot Required: No MD5 Check Sum: 901504d66b3a9d5500dea101765bebce
Kernel Update 2.0.1 C33
Kernel C33 fixes the "do_try_to_free_pages failed" VM problem under heavy load and also adds support for raw I/O. Reboot Required: Yes MD5 Check Sum: 0ea53b2ef29a724c16111c32b167ef17
SHP Removal 2.0.1
This patch removes the SHP package. Customers who installed SHP are advised to install this patch to remove serious compatibility issues. Reboot Required: Yes MD5 Check Sum: ca100017bc957075ba6b142f337ef0a4
IMAP Update 2.0.2
This package patches a remote buffer overflow security vulnerability in imapd. Reboot Required: No MD5 Check Sum: 7e28442e0a713afd91fbe5dadad920ab
IMAP Update 2.0.1 Updated by above!!!!!
This patch fixes a Remote Buffer Overflow in imapd. Reboot Required: No MD5 Check Sum: e6e1acac14b5699068cff28ec374c332
Apache & SSL Update 2.0.1
This patch fixes multiple security issues with the Apache HTTP Server and OpenSSL. For more information please see: Reboot Required: Yes MD5 Check Sum: 38264ad4dfcf3f16101385a6ad139178
CGIWrap Update 2.0.1
This package contains an updated CGIWrap that addresses a security issue recently discovered. For more information, please see: http://online.securityfocus.com/bid/3084 Reboot Required: No MD5 Check Sum: 579057707156df964a2e3dbf9f1f18d3
Inserted
======================================= Security Hardening patch for the Sun Cobalt RaQ 4 server appliance. Includes port scan detection and buffer overflow detection.
=================================== The version of SHP released for the Sun Cobalt RaQ 4 server appliance was found to have installation issues on some customer configurations. In addition there is a problem that could cause the /var partition of the hard disk to fill up if the system is under continuous attack. We have decided to retract the current release of SHP and release an updated version in a few days.
Update: Apache 2.0.1
This package contains an updated Apache HTTP Server that addresses a security issue recently discovered. For more information, please see http://httpd.apache.org/info/security_bulletin_20020617.txt MD5 Check Sum: d4055016dca256af3070c866cde2bcae Reboot Required: Yes
Update: TCPDUMP 2.0.1
This patch replaces the TCPDUMP network analysis tool with a new version. This version of TCPDUMP contains security fixes for issues that were found in prior releases of TCPDUMP for the Sun Cobalt Server Appliance. MD5 Check Sum: ed01348f71d8ebdaac8065d444a41269 Reboot Required: No
Update: PHP Service Settings 2.0.1
This patch fixes a sync issue between what is shown in the web UI and what the actual state is on the server for the PHP service. MD5 Check Sum: 9968454952f9e0dc773a624016df2948 Reboot Required: Yes
Update: Security Bundle 2.0.1
This package upgrades the following for a varity of security concerns:
MD5 Check Sum: 9968454952f9e0dc773a624016df2948 Reboot Required: No
Update: Duplicate Email Alias 2.0.1
This patch filters email alias entries preventing duplicate virtusertable entries on your server appliance. MD5 Check Sum: 13151e1c05deb07648056b7f0f1f87c3 Reboot Required: No
Security: PHP Update 2.0.1
This patch upgrades the version of the PHP scripting engine on your server appliance. This version of PHP contains security fixes for issues that were found in prior releases of PHP for the Sun Cobalt Server Appliance. This Update installs PHP version 4.0.6-C4. If you have upgraded PHP through a means other then packages from this website, your changes will be overwritten. MD5 Check Sum: e640b63ed855068d7df58c17d82885a2 Reboot Required: No
Security: glibc Update 2.0.1
This updates the version of glibc to fix a known vulnerability with file globbing functionality. See the following link for details: http://online.securityfocus.com/bid/3707 MD5 Check Sum: af333d0ca687404569c996f2746a4cc1 Reboot Required: Yes
Security: Kernel Update 2.0.1
Updates Kernel version to C32 to fix following security alert. http://www.securityfocus.com/advisories/3607 NOTE: This package is for Sun Cobalt RaQ 4 Non-StaQware systems only. If you have Sun Cobalt StaQware running, please install kernel update at http://www.cobalt.com/support/download/staqwareraq4.html MD5 Check Sum: 7cf79a0da0c91a0de98db51977deb430 Reboot Required: Yes
Update: DNS Update 2.0.1
This package fixes a number of issues within Sun Cobalt's DNS configuration and management interface and it's interactions with the nameserver. Moreover, after this patch, the administrator will have more options in specifying the method of RFC 2317 style reverse subnet delegation. MD5 Check Sum: b489ef028b80ceeb30bf5db2348923f9 Reboot Required: No
OS Update 2.0
This patch is an update to the Sun Cobalt RaQ 4 server appliance. It incorporates all previous patches as well as various bug fixes. See the following PDF for a complete list of bugs addressed in this update. Prerequisites:
RaQ4-en-OSUpdate-Installation.pdf MD5 Check Sum: bd95b7cf9302cb9b7c335f99863889eb Reboot Required: Yes
Security: Running Bind as Named Update 1.0.1
This patch addresses an issue with the way named is run on Sun Cobalt Server Appliances. Currently, named is run with root permissions, this patch adds a user named 'named', and installs new initscripts to startup named with the proper arguments to run as the user named. MD5 Check Sum: 6551930df28b21af5ba2d457ef2a2f0f Reboot Required: Yes
Update: Kernel Update 1.0.1
Kernel C24 and C27 would not allow the system to switch to the correct disk after a RAID failure. To correct this a new modutils has been included for the gen III Kernel so that the bandwidth module could correctly load automatically after a reboot. Also included in the update is the fix for the sysctl negative offset bug as well as the ptrace setuid bug. MD5 Check Sum: dad1efe8427613aa4830f85068529647 Reboot Required: Yes
Security: Poprelayd 2.0-5 Update 1.0.1 This update requires reboot.
This patch upgrades the version of poprelayd to 2.0-5. This version of poprelayd contains various security fixes for issues that were found in poprelayd v1.2. c1d20ae882cfd49c2802c65af3c5a03a
System: Log Files Update 1.0.1
Log files are currently stored on the root partition of the server. The root partition is small, and systems storing larger than normal log files may be corrupted. This patch corrects the corruption problem by moving the growable log files to the /home partition, which has enough space to handle large files. 2048c9b82818fe373188ef6c202b9365
Security: telnetd Update 1.0.1
This security patch addresses an issue found in the telnet daemon, where a remote attacker is able to gain access to server appliances if telnet is enabled. Information regarding this update can be found at CERT Coordination Center's website. The URL is: http://www.cert.org/advisories/CA-2001-21.html. MD5 Check Sum: 13c7ac8315b948b85343e372203fb258
Security: Apache Update 1.0.1
This patch upgrades the version of Apache to 1.3.20.
This version of Apache contains various security fixes for issues that were found in prior releases of Apache for the Sun Cobalt Server Appliance. MD5 Check Sum: 3b04eebff0e9f12a18415130079b0a72
Update: Mistaken Delete 1.0.1
If a user mistakenly double clicks the trashcan icon to delete a site the siteDel.cgi script will delete the entire /usr/admserv/html/.cobalt/siteManage directory. This package corrects the problem. MD5 Check Sum: 68531bd661aa408df07a5f07ffb7597b
Security: Samba Update 1.0.1
This package updates Samba to 2.0.9 in order to repair a locally exploitable security hole in previous versions. The security hole allows a user with a shell account to corrupt local devices (such as raw disks). MD5 Check Sum: d115ef9a2209e276c00b19aaa66fc451
Security: Telnet Access 1.0.1 This update was released and pulled on June 5 - 9925 was not available then - OK to install now.
This package fixes a security bug that gives all users of a restored (previously suspended) site telnet access. Prerequisite: Prior to installing this update the update allowing special characters in a new username or user's full name must be installed. RaQ4-All-System-1.0.1-9925.pkg MD5 Check Sum: 1ecc1bf42930e47702031f37c427660c
Update: Special Characters 1.0.1 This update was posted on July 19, 2001
System problems may occur when using special characters when adding a new username or a user’s full name. This update enables the use of special characters such as “.” in a username and “’” in user’s full names MD5 Check Sum: e369dd50a4fb951a55b9777cca8be189
Update: Reverse delegation 1.0.1
This patch fixes reverse delegations for subnets smaller than a /24. It also adds the ability to have 127.0.0.1 map to the localhost for a domain, and ensures that information relating to Secondary Name Services for networks appears in the web interface properly. MD5 Check Sum: dea0f2693b6e79e6daf58e457c9c63aa
Security: Kernel Update 1.0.1
This Kernel Upgrade provides a complete fix for the sysctl negative offset bug as well as the ptrace setuid bug. Information regarding this update can be found at Security Focus’ website. The URLs are:
http://www.securityfocus.com/vdb/?id=2364 - sysctl bug NOTE:
MD5 Check Sum: 5a2dc48fcc35b7c8284070ddb0d6542c
Security: analog Update 1.0.2
This security update prevents a buffer overflow exploit via analog using the "alias" command. This package upgrades analog to v4.16-1(C1). This update requires the newer version of RPM (rpm-3.0.5-9.6x) RaQ4-All-System-1.0.1-9819.pkg For additional information please refer to http://www.analog.cx/ MD5 Check Sum: 6d3151e2ea740fe29859a341aaba4ede
Security: ntp Update 1.0.1
The current version of ntp was found to be susceptible to buffer overflow remote root exploits. This package corrects this with updating ntp to xntp 3-5.93-14. MD5 Check Sum: 345bf3837be7425427003724d6f4bbfe
Security: proftpd Update 1.0.1
This patch updates proftpd in response to a CERT alert (CA-2001-07) regarding the current version of proftpd. Additional information on the patch can be located at CERT ‘s official website.: http://www.cert.org/advisories/CA-2001-07.html MD5 Check Sum: 5327a6e1807d093b90e92f84ac3da2ed
Security: Deactivate backup.cgi Update 1.0.1
This update prevents a copy of the backup.cgi from being created. MD5 Check Sum: 1222e372c844a78e3205b82ee51920a5
Security: VIM Control Codes Update 1.0.1
When a user opened a file in vim-enhanced or vim-X11 with the status line option enable in .vimrc, the commands would be executed as that user. This update will disable the user from embedding malicious VIM control codes into a file. For additional information please refer to url: http://www.securityfocus.com/templates/archive.pike?list=1&mid=170642 MD5 Check Sum: 8a15d05df6ac761b4afe4adcfd16f5ff
Update: Permission to /dev/pts 1.0.1
This update to the Sun Cobalt RaQ 4 server appliance disables global write permission to /dev/pts. MD5 Check Sum: 4860bb192f11ca3d9168938f9867dda9
Kernel update 1.0.1
This Kernel Upgrade provides a fix for the sysctl negative offset bug as well as the ptrace setuid bug.
Information regarding this update can be found at Security Focus’ website. The urls are: Note: This patch is not required or intended for Sun Cobalt StaQware. It is advised that this patch not be installed on Sun Cobalt StaQware. MD5 Check Sum: cf92f40390384d555da2f331d2d6b81b
Update: RPM 1.0.1
This package installs a newer version of RPM (rpm-3.0.5-9.6x) and all the associated rpms MD5 Check Sum: f66078327bf324ee9e81d4e18e4f7458
Security: URL Attack Exposure 1.0.1
Security fix to remove URL attack exposure from Sun Chili!Soft ASP Samples codebrws.asp script. This patch will remove the ability for a person to modify the URL when used in conjunction with the codebrws.asp script that ships with the Sun Chili!Soft ASP samples, to view system configuration files. MD5 Check Sum: 2a0178cb5c03ab5aafd5fac3e3d92aa7
Security: Backup Update 1.0.1
This patch addresses an issue found in backup that allows local users to run arbitrary commands with elevated user privileges. MD5 Check Sums: 0d786e16a55484dffa26137941392559
Recovery Update 1.0.2
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||