Download Print this page

Red Hat ENTERPRISE LINUX 5.4 - TECHNICAL NOTES Manual

Hide thumbs Also See for ENTERPRISE LINUX 5.4 - TECHNICAL NOTES:

Reference manual (86 pages)

,

Manual (80 pages)

,

Release note (20 pages)

Table Of Contents

page of 466

/ 466
Contents
Table of Contents
Bookmarks

Table of Contents

Advertisement

Quick Links

Download this manual See also: Reference Manual

Red Hat Enterprise

Linux 5.4

Technical Notes

Every Change to Every Package

Table of Contents

Advertisement

Table of Contents

Need help?

Need help?

Do you have a question about the ENTERPRISE LINUX 5.4 - TECHNICAL NOTES and is the answer not in the manual?

Questions and answers

Summary of Contents for Red Hat ENTERPRISE LINUX 5.4 - TECHNICAL NOTES

Page 1 Red Hat Enterprise Linux 5.4 Technical Notes Every Change to Every Package...
Page 2 Every Change to Every Package Edition 1 Author rhelv5-list@redhat.com Copyright © 2009 Red Hat. The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/.
Page 3: Table Of Contents
Preface xvii 1. Package Updates 1.1. NetworkManager ......................1 1.1.1. RHSA-2009:0361: Moderate security update ............1 1.1.2. RHBA-2009:1389: bug fix update ..............1 1.2. OpenIPMI ........................2 1.2.1. RHEA-2009:1312: bug fix and enhancement update ........... 2 1.3. acpid .......................... 4 1.3.1.
Page 4 Technical Notes 1.19.4. RHSA-2009:1341: Low security, bug fix, and enhancement update ....24 1.20. cmirror ........................26 1.20.1. RHEA-2009:1340: bug-fix update ..............26 1.21. cmirror-kmod ......................26 1.21.1. RHBA-2009:1367: bug fix update ..............26 1.22. conga ........................27 1.22.1. RHBA-2009:0381: bug fix update ..............27 1.22.2.
Page 5 1.40.1. RHBA-2009:1347: bug-fix and enhancement update ........45 1.41. dos2unix ......................... 46 1.41.1. RHBA-2009:0276: bug fix update ..............46 1.42. dump ........................46 1.42.1. RHBA-2009:0425: bug fix update ..............46 1.43. dvd+rw-tools ......................47 1.43.1. RHBA-2009:1072: bug fix update ..............47 1.44.
Page 6 Technical Notes 1.62. gcc44 ........................67 1.62.1. RHBA-2009:1375: bug fix and enhancement update ........67 1.63. gdb ......................... 68 1.63.1. RHBA-2009:1361: bug fix update ..............68 1.64. gdm ........................69 1.64.1. RHSA-2009:1364: Low security and bug fix update ......... 69 1.65.
Page 7 1.82.1. RHBA-2009:0277: bug fix update ..............89 1.83. hwdata ........................89 1.83.1. RHEA-2009:1348: enhancement update ............89 1.84. ia32el ........................90 1.84.1. RHBA-2009:1271: bug fix and enhancement update ........90 1.85. icu .......................... 90 1.85.1. RHSA-2009:1122: Moderate security update ..........90 1.85.2.
Page 8 Technical Notes 1.104.2. RHBA-2009:1093: bug fix update ............... 110 1.104.3. RHSA-2009:0392: Critical security update ........... 110 1.104.4. RHEA-2009:0284: enhancement update ............. 111 1.105. kdebase ......................111 1.105.1. RHBA-2009:1277: bug fix update ............... 111 1.106. kdegraphics ......................112 1.106.1. RHSA-2009:1130: Critical security update ........... 112 1.106.2.
Page 9 1.122.1. RHBA-2009:1273: bug fix update ............... 151 1.123. libsoup ........................ 152 1.123.1. RHSA-2009:0344: Moderate security update ..........152 1.124. libspe2 ........................ 152 1.124.1. RHBA-2009:1263: bug fix and enhancement update ........152 1.125. libtiff ........................153 1.125.1. RHSA-2009:1159: Moderate security update ..........153 1.126.
Page 10 Technical Notes 1.146.2. RHBA-2009:1365: bug fix update ............... 169 1.147. module-init-tools ....................170 1.147.1. RHBA-2009:1362: bug fix update ............... 170 1.148. mysql ........................171 1.148.1. RHSA-2009:1289: Moderate security and bug fix update ......171 1.149. mysql-connector-odbc ..................173 1.149.1. RHBA-2009:1290: bug fix update ............... 173 1.150.
Page 11 1.186.1. RHEA-2009:1417: bug fix and enhancement update ........212 1.187. readline ....................... 213 1.187.1. RHBA-2009:1078: bug fix update ............... 213 1.188. redhat-release ..................... 213 1.188.1. RHEA-2009:1400: bug fix and enhancement update ........213 1.189. redhat-release-notes .................... 214 1.189.1. RHEA-2009:1385: enhancement update ............. 214...
Page 12 Technical Notes 1.190. redhat-rpm-config ....................214 1.190.1. RHBA-2009:1089: bug fix update ............... 214 1.191. rgmanager ......................214 1.191.1. RHBA-2009:1196: bug-fix update ............... 214 1.191.2. RHBA-2009:0415: bug fix update ............... 215 1.191.3. RHSA-2009:1339: Low security, bug fix, and enhancement update ....215 1.192.
Page 13 1.212.1. RHSA-2009:1203: Important security update ..........237 1.213. sudo ........................237 1.213.1. RHSA-2009:0267: Moderate security update ..........237 1.213.2. RHBA-2009:0438: bug fix update ............... 238 1.214. system-config-cluster ................... 238 1.214.1. RHBA-2009:1401: bug-fix and enhancement update ........238 1.215. system-config-date ....................239 1.215.1.
Page 14 Technical Notes 1.235. virt-viewer ......................255 1.235.1. RHBA-2009:1299: bug fix update ............... 255 1.236. vnc ........................256 1.236.1. RHSA-2009:0261: Moderate security update ..........256 1.237. vsftpd ........................256 1.237.1. RHBA-2009:1068: bug fix update ............... 256 1.237.2. RHBA-2009:1282: bug fix update ............... 257 1.238.
Page 15 2.4. RHEA-2009:1276: etherboot ..................275 2.5. RHEA-2009:1318: fcoe-utils ..................276 2.6. RHEA-2009:1320: fuse .................... 276 2.7. RHEA-2009:1297: gnupg2 ..................277 2.8. RHEA-2009:1281: hmaccalc ..................277 2.9. RHEA-2009:1275: iasl ..................... 277 2.10. RHEA-2009:1272: kvm ..................277 2.11. RHEA-2009:1296: libassuan ................... 278 2.12.
Page 16 Technical Notes 4.25. pdksh ........................309 4.26. qspice ........................309 4.27. rsyslog ........................309 4.28. sblim ........................310 4.29. selinux-policy ......................310 4.30. systemtap ....................... 311 4.31. udev ........................312 4.32. virt-manager ......................312 4.33. virtio-win ......................... 312 4.34. xen ........................312 4.35.
Page 17: Preface
Preface The Red Hat Enterprise Linux 5.4 Technical Notes list and document the changes made to the Red Hat Enterprise Linux 5 operating system and its accompanying applications between minor release Red Hat Enterprise Linux 5.3 and minor release Red Hat Enterprise Linux 5.4. For system administrators and others planning Red Hat Enterprise Linux 5.4 upgrades and deployments, the Technical Notes provide a single, organized record of the bugs fixed in, features added to, and Technology Previews included with this new release of Red Hat Enterprise Linux.
Page 18 xviii...
Page 19: Package Updates
NetworkManager did not warn users of the potential security risks, users could unwittingly compromise the security of their computers. Now, NetworkManager uses "WEP Passphrase" as the default security option for creating a new wifi network, and allows administrators to disable users' https://www.redhat.com/security/data/cve/CVE-2009-0365.html https://www.redhat.com/security/data/cve/CVE-2009-0578.html...
Page 20: Openipmi
Chapter 1. Package Updates ability to share wifi connections without security in place, or their ability to share wifi connections at all. These measures make it less likely that a user could inadvertently compromise a sensitive system. (BZ#496247 • accessing the context (right-click) menu of the NetworkManager GNOME applet could trigger the GNOME Keyring Unlock dialog to appear, after which no X11 applications could receive keyboard or mouse events.
Page 21 With this update, a Kg key can now be specified as a hexadecimal value using the '-y' command line option. (BZ#479252 • the "sensor list" section of the ipmitool(1) man page now describes each columnar value of the command "ipmitool sensors list". (BZ#479702 In addition, these updated packages provide the following enhancements: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=475542...
Page 22: Acpid
In some pre-release versions of Red Hat Enterprise Linux 5.4, the Hardware Abstraction Layer (HAL) daemon was initialized before the ACPI daemon. Consequently, this resulted in the HAL daemon preventing the ACPI daemon from accessing /proc/acpi/event. With this update, the acpid package https://www.redhat.com/security/data/cve/CVE-2009-0798.html...
Page 23: Acroread
All Adobe Reader users should install these updated packages. They contain Adobe Reader version 8.1.6, which is not vulnerable to these issues. All running instances of Adobe Reader must be restarted for the update to take effect. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=503177 https://www.redhat.com/security/data/cve/CVE-2009-0198.html https://www.redhat.com/security/data/cve/CVE-2009-0509.html https://www.redhat.com/security/data/cve/CVE-2009-0510.html...
Page 24: Rhsa-2009:0478: Critical Security Update
All Adobe Reader users should install these updated packages. They contain Adobe Reader version 8.1.4, which is not vulnerable to these issues. All running instances of Adobe Reader must be restarted for the update to take effect. https://www.redhat.com/security/data/cve/CVE-2009-1492.html https://www.redhat.com/security/data/cve/CVE-2009-1493.html https://www.redhat.com/security/data/cve/CVE-2009-0193.html https://www.redhat.com/security/data/cve/CVE-2009-0658.html...
Page 25: Aide
aide 1.5. aide 1.5.1. RHEA-2009:1073: enhancement update Note This update has already been released (prior to the GA of this release) as FASTRACK RHEA-2009:1073 errata An enhanced aide package that contains minor adjustments to the aide.conf configuration file to offer improved initial behavior is now available.
Page 26: Anaconda
Chapter 1. Package Updates 1.7. anaconda 1.7.1. RHBA-2009:1306: bug fix and enhancement update Updated anaconda packages that fix several bugs and add various enhancements are now available. Anaconda is the system installer. These updated anaconda packages provide fixes for the following bugs: Anaconda is the system installer.
Page 27 RHBA-2009:1306: bug fix and enhancement update • an unexpected exception during Logical Unit Number (LUN) selection caused installation to fail. (BZ#475271 • when installing on a low-memory system or virtual machine over HTTP or FTP, a non-present "lspci" binary caused installation to fail. (BZ#476476 •...
Page 28: Apr
Apache Portable Runtime (APR). It aims to provide a free library of C data structures and routines. This library contains additional utility interfaces for APR; including support for XML, LDAP, database interfaces, URI parsing, and more. https://www.redhat.com/security/data/cve/CVE-2009-2412.html...
Page 29: Aspell
• the previous aspell-nl update provided also an empty aspell-nl-debuginfo package. The dictionary packages for Aspell do not require debuginfo packages; this update therefore removes the extraneous aspell-nl-debuginfo package. (BZ#500540 All Dutch language Aspell users are advised to upgrade to this updated package, which resolves this issue. https://www.redhat.com/security/data/cve/CVE-2009-1956.html https://www.redhat.com/security/data/cve/CVE-2009-1955.html https://www.redhat.com/security/data/cve/CVE-2009-0023.html...
Page 30: Audit
Chapter 1. Package Updates 1.11. audit 1.11.1. RHBA-2009:0475: bug fix and enhancement update Note This update has already been released (prior to the GA of this release) as errata RHBA-2009:0475 Updated audit packages that fix a bug and add an enhancement are now available. The audit packages contain user-space utilities for storing and searching the audit records generated by the audit subsystem in the Linux 2.6 kernel.
Page 31: Rhea-2009:1303: Enhancement
RHEA-2009:1303: enhancement • certain audit rules failed parser checks even though they were specified correctly, which prevented those rules from being loaded into the kernel. With this update, all correctly-specified audit rules pass parser checks and can be loaded into the kernel, thus resolving the problem. All users of audit are advised to upgrade to these updated packages, which resolve these issues.
Page 32: Authconfig
Chapter 1. Package Updates • remote logging is a technology preview item and as such had some bugs. Robustness of this facility was improved. • on busy systems, pam had problems communicating with the audit system, which resulted in a timeout and being denied access to the system.
Page 33: Authd
authd 1.13. authd 1.13.1. RHBA-2009:0442: bug fix update Note This update has already been released (prior to the GA of this release) as FASTRACK RHBA-2009:0442 errata An updated authd package that fixes various bugs is now available. The authd package contains a small and fast RFC 1413 ident protocol daemon with both xinetd server and interactive modes that supports IPv6 and IPv4 as well as the more popular features of pidentd.
Page 34: Rhba-2009:1397: Bug Fix Update
Chapter 1. Package Updates The autofs utility controls the operation of the automount daemon, which automatically mounts, and then unmounts file systems after a period of inactivity. File systems can include network file systems, CD-ROMs, diskettes, and other media. This updated autofs package fixes the following bug: •...
Page 35 RHBA-2009:1397: bug fix update failed SASL connections. Autofs therefore performs more reliably when used in authenticated environments. (BZ#481139 • Submounts are detached threads that do not belong to the master map entry list. Previously, autofs did not release mount resources when a mount thread for a submount was terminated. With these resources not released, a segmentation fault during a shutdown or reboot of the system could result.
Page 36: Avahi
Chapter 1. Package Updates lookup fails, autofs sets the rpc client to NULL, and therefore avoids the segmentation fault on subsequent lookup attempts. (BZ#491351 • Previously, in LDAP environments were both Red Hat Enterprise Linux and Solaris were in use, autofs would not correctly interpret master map keys added by Solaris.
Page 37: Bind
All BIND users are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the update, the BIND daemon (named) will be restarted automatically. https://www.redhat.com/security/data/cve/CVE-2009-0696.html...
Page 38: Rhba-2009:1137: Bug Fix Update
(BZ#455802 • when using the '-4' option with the "host" and "dig" utilities to force them to use an IPv4 transport, the order in which IPv4 and IPv6 nameservers were listed in the /etc/resolv.conf configuration file https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=457036...
Page 39: Binutils
binutils affected whether the command would fail or succeed. This has been fixed so that these utilities continue to look for an IPv4 address, even past listed IPv6 addresses, when the '-4' option is supplied. (BZ#469441 • the "named-checkconf" utility ignored the "check-names" option in the /etc/named.conf configuration file, which caused the named daemon to fail to start, even if the configuration was valid.
Page 40: Busybox
Chapter 1. Package Updates has been corrected in these updated packages so that executables do not contain spurious zero- filled gaps. (BZ#458301 • the error message for the "strings -n [non-number]" command were less clear than in the previous package release, and therefore has been reverted and clarified. (BZ#480009 •...
Page 41: Cman
cman 1.19. cman 1.19.1. RHBA-2009:1192: bug fix update Note This update has already been released (prior to the GA of this release) as errata RHBA-2009:1192 Updated cman packages that fix various bugs are now available. The Cluster Manager (cman) utility provides user-level services for managing a Linux cluster. This update applies the following bug fixes: •...
Page 42: Rhsa-2009:1341: Low Security, Bug Fix, And Enhancement Update
• an issue which caused gfs_controld to segfault when mounting hundreds of file systems has been fixed. • the LPAR fencing agent now properly reports status when an LPAR is in Open Firmware mode. • the LPAR fencing agent now works properly with systems using the Integrated Virtualization Manager (IVM). https://www.redhat.com/security/data/cve/CVE-2008-4579.html https://www.redhat.com/security/data/cve/CVE-2008-6552.html...
Page 43 RHSA-2009:1341: Low security, bug fix, and enhancement update • the APC SNMP fencing agent now properly recognizes outletStatusOn and outletStatusOff return codes from the SNMP agent. • the WTI fencing agent can now connect to fencing devices with no password. •...
Page 44: Cmirror
Chapter 1. Package Updates Enhancements: • support for: ePowerSwitch 8+ and LPAR/HMC v3 devices, Cisco MDS 9124 and MDS 9134 SAN switches, the virsh fencing agent, and broadcast communication with cman. • fence_scsi limitations added to fence_scsi man page. Users of cman are advised to upgrade to these updated packages, which resolve these issues and add these enhancements.
Page 45: Conga
conga 1.22. conga 1.22.1. RHBA-2009:0381: bug fix update Note This update has already been released (prior to the GA of this release) as errata RHBA-2009:0381 Updated conga packages that fix a bug are now available. The conga packages contain a web-based administration tool for remote cluster and storage management.
Page 46: Coreutils
Chapter 1. Package Updates • Support for choosing between the Xen and KVM hypervisors for virtual machine services. Users of conga are advised to upgrade to these updated packages, which resolve these issues and add these enhancements. 1.23. coreutils 1.23.1. RHBA-2009:1262: bug fix update An updated coreutils package that fixes several bugs and adds various enhancements is now available.
Page 47: Cpio
cpio • the coreutils package's locale directories were not owned by the coreutils package. This has been corrected by ensuring that all locale directories are owned by the package. (BZ#481804 In addition, this updated package provides the following enhancements: • the '-v' option of the "ls" command sorts directory listings based upon version numbers. However, "ls -v"...
Page 48: Cpuspeed
Chapter 1. Package Updates 1.25. cpuspeed 1.25.1. RHBA-2009:0424: bug fix update Note This update has already been released (prior to the GA of this release) as FASTRACK RHBA-2009:0424 errata An updated cpuspeed package that fixes various bugs is now available. The cpuspeed package provides CPU frequency scaling support.
Page 49: Rhba-2009:1283: Bug Fix Update
Crash now parses these filenames correctly. (BZ#480136 • an existing Itanium INIT and MCA handler bug incorrectly writes the pseudo task's command name in its comm[] name string such that the CPU number may not be part of the string. The "bt" https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=494028...
Page 50: Cryptsetup-Luks
Chapter 1. Package Updates command could not link back to a PID 0 swapper task that was interrupted by an Itanium INIT or MCA exception, and displayed the error message: "bt: unwind: failed to locate return link (ip=0x0)!" Crash now uses a different method to obtain the CPU number for the interrupted task, and the backtrace correctly transitions back to the interrupted task.
Page 51: Cups
• an optimization in the libcups library for fetching details of a print queue when its name is known caused problems with obtaining the name of the default printer when "lpoptions" files listed a non- existent queue as the default. (BZ#481481) https://www.redhat.com/security/data/cve/CVE-2004-2541.html https://www.redhat.com/security/data/cve/CVE-2009-0148.html...
Page 52: Rhsa-2009:1082: Important Security Update
1.29.3. RHSA-2009:0429: Important security update Important This update has already been released (prior to the GA of this release) as the security RHSA-2009:0429 errata Updated cups packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5. https://www.redhat.com/security/data/cve/CVE-2009-0949.html...
Page 53 Will Dormann of the CERT/CC for responsibly reporting these flaws. Users of cups are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the update, the cupsd daemon will be restarted automatically. https://www.redhat.com/security/data/cve/CVE-2009-0147.html https://www.redhat.com/security/data/cve/CVE-2009-1179.html https://www.redhat.com/security/data/cve/CVE-2009-0146.html https://www.redhat.com/security/data/cve/CVE-2009-1182.html...
Page 54: Curl
"file://" URL type. This could allow a remote server to force a local libcurl- using application to read a local file instead of the remote one, possibly exposing local files that were not meant to be exposed. (CVE-2009-0037 https://www.redhat.com/security/data/cve/CVE-2009-2417.html https://www.redhat.com/security/data/cve/CVE-2009-0037.html...
Page 55: Cvs
Note: Applications using libcurl that are expected to follow redirects to "file://" protocol must now explicitly call curl_easy_setopt(3) and set the newly introduced CURLOPT_REDIR_PROTOCOLS option as required. cURL users should upgrade to these updated packages, which contain backported patches to correct these issues.
Page 56: Rhba-2009:1120: Bug Fix Update
Cyrus databases. (BZ#463230 Users are advised to upgrade to these updated cyrus-imapd packages, which resolve these issues and add this enhancement. 1.33. cyrus-sasl 1.33.1. RHBA-2009:1330: bug fix update Updated cyrus-sasl packages that fix various bugs are now available. https://www.redhat.com/security/data/cve/CVE-2009-0688.html...
Page 57: Db4
The cyrus-sasl packages contain the Cyrus implementation of SASL. SASL is the Simple Authentication and Security Layer, a method for adding authentication support to connection-based protocols. This errata fixes the following bugs: • the shadow authentication method was not working properly on 64 bit architectures. The saslauthd might randomly crash if it was configured to authenticate against the shadow file.
Page 58: Device-Mapper-Multipath
Chapter 1. Package Updates The device-mapper packages provide a library required by logical volume management utilities such as LVM2 and dmraid. This update applies the following bug fixes: • Fixes crash when dmsetup -U, -G, and -M options are used. •...
Page 59: Rhsa-2009:0411: Moderate Security Update
Until this issue is resolved, we recommend restarting the multipathd service by issuing the following commands in sequence: # killall -KILL multipathd # service multipathd restart 1.36.3. RHBA-2009:0283: bug fix update Note This update has already been released (prior to the GA of this release) as errata RHBA-2009:0283 https://www.redhat.com/security/data/cve/CVE-2009-0115.html...
Page 60: Rhea-2009:1377: Bug-Fix And Enhancement Update
Chapter 1. Package Updates Updated device-mapper-multipath packages that fix a bug are now available. The device-mapper-multipath packages provide tools to manage multipath devices by giving the device-mapper multipath kernel module instructions on what to do, as well as by managing the creation and removal of partitions for device-mapper devices.
Page 61: Dhcp
dhcp • It is now possible to set the verbosity level for the multipath and multipathd commands in /etc/ multipath.conf. • The TUR path checker retries on more transient errors, so that multipathd will not fail a path due to a transient error.
Page 62: Dhcpv6
• decodes slot IDs of AGP 8x and PCIE slots • decodes newer processor characteristics (multi-core, multi-thread, 64-bit) • supports newer types of chassis, processor, socket, connector and memory device • supports x86 EFI 248247 BZ#459048 This updated package fixes the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=506722...
Page 63: Dmraid
dmraid • the default method used by dmidecode to retrieve entries from the DMI table produces unaligned access errors when used on Itanium systems. When built for the Itanium architecture, this version of 250249 BZ#459048 the package includes a workaround that avoids these errors. ( Users of dmidecode are advised to upgrade to this updated package, which adds this enhancements and fixes this bug.
Page 64: Dos2Unix
Chapter 1. Package Updates 1.41. dos2unix 1.41.1. RHBA-2009:0276: bug fix update Note This update has already been released (prior to the GA of this release) as FASTRACK RHBA-2009:0276 errata Updated dos2unix packages that resolve two bugs are now available. The dos2unix utility converts DOS or MAC format text files to UNIX format. This updated package provides fixes for the following bugs: •...
Page 65: Dvd+Rw-Tools
dvd+rw-tools DUMP: Date of this level dump: Thu Apr 2 09:05:09 2009 DUMP: Date of this level dump: Thu Apr 2 09:05:09 2009 This has been corrected in these updated packages so that the dump level is no longer missing in output in which it is shown.
Page 66: E2Fsprogs
Chapter 1. Package Updates 1.44. e2fsprogs 1.44.1. RHBA-2009:1291: bug fix and enhancement update An updated e2fsprogs package that fixes various bugs and adds an enhancement is now available. The e2fsprogs package contains a number of utilities that create, check, modify, and correct inconsistencies in second extended (ext2) file systems.
Page 67: Ecryptfs-Utils
A disclosure flaw was found in the way the "ecryptfs-setup-private" script passed passphrases to the "ecryptfs-wrap-passphrase" and "ecryptfs-add-passphrase" commands as command line arguments. A local user could obtain the passphrases of other users who were running the script from the process listing. (CVE-2008-5188 https://www.redhat.com/security/data/cve/CVE-2008-5188.html...
Page 68 Chapter 1. Package Updates These updated packages provide various enhancements, including a mount helper and supporting libraries to perform key management and mounting functions. Notable enhancements include: • a new package, ecryptfs-utils-gui, has been added to this update. This package depends on the pygtk2 and pygtk2-libglade packages and provides the eCryptfs Mount Helper GUI program.
Page 69: Efax
efax 1.47. efax 1.47.1. RHBA-2009:1113: bug fix update Note This update has already been released (prior to the GA of this release) as FASTRACK RHBA-2009:1113 errata An updated efax package that fixes a bug is now available. The efax program is a small ANSI C/POSIX utility that sends and receives faxes using any Class 1, 2 or 2.0 fax modem.
Page 70: Ethtool
Chapter 1. Package Updates Users of esc are advised to upgrade to this updated package, which resolves these issues. 1.49. ethtool 1.49.1. RHEA-2009:1408: enhancement update An enhanced ethtool package that adds support for GRO options is now available. Ethtool allows querying and changing of ethernet card settings, such as speed, port, autonegotiation, and PCI locations.
Page 71 RHBA-2009:1260: bug fix update These updated evolution packages provide fixes for the following bugs: • when adding a new Exchange account, a Mailbox name separate from the user name can now be specified. (BZ#205787 • pasting text into an event summary by issuing the Ctrl+V control code did not work as expected. (BZ#208356 •...
Page 72: Evolution-Connector
Chapter 1. Package Updates • it was not possible to create a new folder from the New Search Folder dialog box and related menus. Also, attempting to name a new folder and then clicking the "Create" button caused Evolution to crash under certain circumstances. (BZ#473024 •...
Page 73: Evolution-Data-Server
The evolution-data-server package provides a unified back end for applications which interact with contacts, task and calendar information. Evolution Data Server was originally developed as a back end for Evolution, but is now used by multiple other applications. These updated evolution-data-server packages provide fixes for the following bugs: https://www.redhat.com/security/data/cve/CVE-2009-0547.html https://www.redhat.com/security/data/cve/CVE-2009-0582.html https://www.redhat.com/security/data/cve/CVE-2009-0587.html...
Page 74 Chapter 1. Package Updates • occasionally, a "?" appeared as the last result of the list obtained when viewing the "Select Contacts from Address Book" dialog. With these updated packages, this incorrect entry no longer occurs in the dialog window when selecting contacts. (BZ#220431 •...
Page 75: File
file 1.54. file 1.54.1. RHBA-2009:0456: bug fix update Note This update has already been released (prior to the GA of this release) as errata RHBA-2009:0456 An updated file package that fixes a bug is now available. The file command is used to identify a particular file according to the type of data contained in the file. This updated file package provides fixes for the following bug: •...
Page 76: Firefox
Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user CVE-2009-2463 CVE-2009-2464 CVE-2009-2465 running Firefox. (CVE-2009-2462 CVE-2009-2466 CVE-2009-2467 CVE-2009-2469 CVE-2009-2471 https://www.redhat.com/security/data/cve/CVE-2009-2462.html https://www.redhat.com/security/data/cve/CVE-2009-2463.html https://www.redhat.com/security/data/cve/CVE-2009-2464.html https://www.redhat.com/security/data/cve/CVE-2009-2465.html https://www.redhat.com/security/data/cve/CVE-2009-2466.html https://www.redhat.com/security/data/cve/CVE-2009-2467.html https://www.redhat.com/security/data/cve/CVE-2009-2469.html https://www.redhat.com/security/data/cve/CVE-2009-2471.html...
Page 77: Rhsa-2009:1095: Critical Security Update
A flaw was found in the way Firefox displayed certain Unicode characters in International Domain Names (IDN). If an IDN contained invalid characters, they may have been displayed as spaces, making it appear to the user that they were visiting a trusted site. (CVE-2009-1834 https://www.redhat.com/security/data/cve/CVE-2009-2472.html https://www.redhat.com/security/data/cve/CVE-2009-1392.html https://www.redhat.com/security/data/cve/CVE-2009-1832.html https://www.redhat.com/security/data/cve/CVE-2009-1833.html https://www.redhat.com/security/data/cve/CVE-2009-1837.html...
Page 78: Rhsa-2009:0449: Critical Security Update
Important This update has already been released (prior to the GA of this release) as the security RHSA-2009:0436 errata Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. https://www.redhat.com/security/data/cve/CVE-2009-1836.html https://www.redhat.com/security/data/cve/CVE-2009-1313.html...
Page 79: Rhsa-2009:0397: Critical Security Update
5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. https://www.redhat.com/security/data/cve/CVE-2009-1302.html https://www.redhat.com/security/data/cve/CVE-2009-1303.html https://www.redhat.com/security/data/cve/CVE-2009-1304.html https://www.redhat.com/security/data/cve/CVE-2009-1305.html https://www.redhat.com/security/data/cve/CVE-2009-0652.html https://www.redhat.com/security/data/cve/CVE-2009-1306.html...
Page 80: Rhsa-2009:0315: Critical Security Update
Firefox user into surrendering sensitive information. CVE-2009-0777 (CVE-2009-0776 For technical details regarding these flaws, please see the Mozilla security advisories for Firefox 3.0.7. You can find a link to the Mozilla advisories in the References section of this errata. https://www.redhat.com/security/data/cve/CVE-2009-1169.html https://www.redhat.com/security/data/cve/CVE-2009-1044.html https://www.redhat.com/security/data/cve/CVE-2009-0040.html https://www.redhat.com/security/data/cve/CVE-2009-0771.html https://www.redhat.com/security/data/cve/CVE-2009-0772.html https://www.redhat.com/security/data/cve/CVE-2009-0773.html...
Page 81: Rhsa-2009:0256: Critical Security Update
You can find a link to the Mozilla advisories in the References section. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.0.6, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. https://www.redhat.com/security/data/cve/CVE-2009-0352.html https://www.redhat.com/security/data/cve/CVE-2009-0353.html https://www.redhat.com/security/data/cve/CVE-2009-0356.html https://www.redhat.com/security/data/cve/CVE-2009-0354.html https://www.redhat.com/security/data/cve/CVE-2009-0355.html...
Page 82: Flash-Plugin
This update has already been released (prior to the GA of this release) as the security RHSA-2009:0332 errata An updated Adobe Flash Player package that fixes several security issues is now available for Red Hat Enterprise Linux 5 Supplementary. https://www.redhat.com/security/data/cve/CVE-2009-1862.html https://www.redhat.com/security/data/cve/CVE-2009-1863.html https://www.redhat.com/security/data/cve/CVE-2009-1864.html https://www.redhat.com/security/data/cve/CVE-2009-1865.html https://www.redhat.com/security/data/cve/CVE-2009-1866.html https://www.redhat.com/security/data/cve/CVE-2009-1868.html...
Page 83: Foomatic
With this update, /etc/foomatic/defaultspooler is created during installation and the default spooler is set to CUPS, ensuring foomatic-configure is aware of CUPS. (BZ#454684 All foomatic users should upgrade to this updated package, which resolves these issues. https://www.redhat.com/security/data/cve/CVE-2009-0520.html https://www.redhat.com/security/data/cve/CVE-2009-0519.html https://www.redhat.com/security/data/cve/CVE-2009-0521.html...
Page 84: Freetype
GFortran code from compiling if the code contained symbols defined by USE and ONLY clauses. Whenever this occurred, the compile attempt would fail with a segmentation fault. This update adds a special function that correctly reconciles symbols with unique symtrees, which resolves this bug. (BZ#483845 https://www.redhat.com/security/data/cve/CVE-2009-0946.html...
Page 85: Gcc44
(instead of terminating the compilation gracefully). An upstream fix for this bug is now included with this release. (BZ#466928 • Whenever gcc is used with the option -march=z9-ec or -march=z10, hardware decimal floating point (DFP) support is used by default. (BZ#474367 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=494563...
Page 86: Gdb
Chapter 1. Package Updates • An improper option (i.e. %global _use_internal_dependency_generator 0) used during the build of libgomp in previous releases disabled "file coloring". This caused RPM to erroneously detect a file conflict on /usr/lib/libgomp.so.1.0.0 when installing libgomp from the Itanium compatibility layer. This release includes a properly-built libgomp, which resolves this issue.
Page 87: Gdm
• the GDM Reference Manual is now included with the gdm packages. The gdm-docs package installs this document in HTML format in "/usr/share/doc/". (BZ#196054 • GDM appeared in English on systems using Telugu (te_IN). With this update, GDM has been localized in te_IN. (BZ#226931 https://www.redhat.com/security/data/cve/CVE-2009-2697.html...
Page 88: Gfs-Kmod
Chapter 1. Package Updates • the Ctrl+Alt+Backspace sequence resets the X server when in runlevel 5. In previous releases, however, repeated use of this sequence prevented GDM from starting the X server as part of the reset process. This was because GDM sometimes did not notice the X server shutdown properly and would subsequently fail to complete the reset process.
Page 89: Gfs-Utils
gfs-utils • A potential deadlock causing gfs to hang in 'wait_for_completion' was fixed by prefaulting buffer pages. • Applications using sendfile on files with the inherit_jdata flag are now notified that sendfile will not work on those files instead of failing. •...
Page 90: Rhba-2009:0418: Bug Fix Update
Chapter 1. Package Updates The updated gfs2-utils packages apply the following bug fix: • A segfault was fixed in gfs2_fsck which can be triggered by a stuffed directory inode block also being listed as a data block. All users of gfs2-utils should upgrade to these updated packages, which resolve this issue. 1.67.2.
Page 91 • when mounting a GFS2 file system as '/', mount_gfs2 no longer fails after being unable to find the file system in '/proc/mounts'. • gfs2_fsck no longer segfaults when fixing 'EA leaf block type' problems. All gfs2-utils users should upgrade to this updated package, which resolves these issues. https://www.redhat.com/security/data/cve/CVE-2008-6552.html...
Page 92: Ghostscript
This update has already been released (prior to the GA of this release) as the security RHSA-2009:0345 errata Updated ghostscript packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. https://www.redhat.com/security/data/cve/CVE-2009-0792.html https://www.redhat.com/security/data/cve/CVE-2008-6679.html https://www.redhat.com/security/data/cve/CVE-2007-6725.html https://www.redhat.com/security/data/cve/CVE-2009-0196.html...
Page 93: Rhba-2009:1257: Bug Fix Update
• this update also fixes ColorSpace initialization in the InkJet Server (IJS) driver, which is used by hpijs and gimp-print drivers in some configurations. In previous releases, print jobs that did not initialize ColorSpace failed whenever they used Ghostscript to render and print PDFs on devices that used the ijs driver. (BZ#504254 https://www.redhat.com/security/data/cve/CVE-2009-0583.html https://www.redhat.com/security/data/cve/CVE-2009-0584.html...
Page 94: Giflib
This update has already been released (prior to the GA of this release) as the security RHSA-2009:0336 errata Updated glib2 packages that fix several security issues are now available for Red Hat Enterprise Linux This update has been rated as having moderate security impact by the Red Hat Security Response Team. https://www.redhat.com/security/data/cve/CVE-2005-2974.html https://www.redhat.com/security/data/cve/CVE-2005-3350.html...
Page 95: Glibc
(BZ#467316 • dl_runtime_profile on the IBM System Z incorrectly used the instruction lr to remove stack frames, which could result in corrupted stacks in rare cases. With this update, https://www.redhat.com/security/data/cve/CVE-2008-4316.html...
Page 96 Chapter 1. Package Updates dl_runtime_profile uses the correct instruction (lgr) to remove stack frames instead. (BZ#470300 • An improper break statement in the getgrouplist() function caused searches to abort prematurely. This resulted in a bug that prevented getgrouplist() from retrieving group definitions from LDAP.
Page 97 RHBA-2009:1415: bug fix and enhancement update • The inet6_rth_reverse() function produced an incorrect return order of addresses in the routing header. This was caused by an incorrect identifier (ip6r0_segleft instead of ip6r0_len) in the inet/inet6_rth.c source code. This update corrects the identifier, ensuring that inet6_rth_reverse() returns the correct output.
Page 98: Rhba-2009:1202: Bug Fix Update
Chapter 1. Package Updates memory pooling becomes fully supported, it will also become the default behavior; this will render the MALLOC_PER_THREAD option obsolete then. (BZ#494758 Users are advised to upgrade to this version of glibc. 1.71.2. RHBA-2009:1202: bug fix update Note This update has already been released (prior to the GA of this release) as errata RHBA-2009:1202...
Page 99: Gnome-Session
gnome-session 1.73. gnome-session 1.73.1. RHBA-2009:1079: bug fix update Note This update has already been released (prior to the GA of this release) as FASTRACK RHBA-2009:1079 errata An updated gnome-session package that fixes a bug is now available. gnome-session manages a GNOME desktop session. It starts up the other core GNOME components and handles logout and saving the session.
Page 100: Grub
Chapter 1. Package Updates • certain output control option combinations could cause the grep tool to segmentation fault. With this updated package, these combinations work as expected and no longer cause a segmentation fault. (BZ#452127 • the example attached to the "--label" option description was not illustrative enough: as documented, the option actually had no effect.
Page 101: Gstreamer-Plugins-Good
1.77.2. RHSA-2009:0271: Important security update Important This update has already been released (prior to the GA of this release) as the security RHSA-2009:0271 errata Updated gstreamer-plugins-good packages that fix several security issues are now available for Red Hat Enterprise Linux 5. https://www.redhat.com/security/data/cve/CVE-2009-0586.html https://www.redhat.com/security/data/cve/CVE-2009-1932.html...
Page 102: Gtk-Vnc
An updated hal package that fixes various bugs and adds several enhancements is now available. HAL is daemon for collection and maintaining information from several sources about the hardware on the system. It provides a live device list through D-BUS. https://www.redhat.com/security/data/cve/CVE-2009-0386.html https://www.redhat.com/security/data/cve/CVE-2009-0387.html https://www.redhat.com/security/data/cve/CVE-2009-0397.html...
Page 103: Htdig
htdig Bugs fixed in these updated packages include: • hal now detects blank optical media correctly on buggy hardware. (BZ#488265 • if a device identifier was not well formed, the error message the presented was not correctly formatted. This has been fixed. (BZ#471004 •...
Page 104: Httpd
CPU if mod_deflate was enabled for a large file. (CVE-2009-1891 All httpd users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. https://www.redhat.com/security/data/cve/CVE-2009-1890.html https://www.redhat.com/security/data/cve/CVE-2009-1891.html...
Page 105: Rhsa-2009:1075: Moderate Security Update
• the "mod_ssl" module placed a hard-coded 128K limit on the amount of request body data which would be buffered if an SSL renegotiation was required in a Location or Directory context. This could occur if a POST request was made to a Directory or Location which required client https://www.redhat.com/security/data/cve/CVE-2008-1678.html https://www.redhat.com/security/data/cve/CVE-2009-1195.html...
Page 106 Chapter 1. Package Updates certificate authentication. The limit on the amount of data to buffer is now configurable using the "SSLRenegBufferSize" directive. (BZ#479806 • when configuring a reverse proxy using an .htaccess file (instead of httpd.conf) by using a "RewriteRule" to proxy requests using the "[P]" flag, space characters in URIs would not be correctly escaped in remote server requests, resulting in "404 Not Found"...
Page 107: Hwbrowser
hwbrowser 1.82. hwbrowser 1.82.1. RHBA-2009:0277: bug fix update Note This update has already been released (prior to the GA of this release) as FASTRACK RHBA-2009:0277 errata An updated hwbrowser package that fixes a bug is now available. Hwbrowser is a browser for the current hardware configuration. This updated package contains the following bug fix: •...
Page 108: Ia32El
Chapter 1. Package Updates 1.84. ia32el 1.84.1. RHBA-2009:1271: bug fix and enhancement update An ia32el update that features a new release of ia32el, adds support for SSE4.2 instructions, and fixes several bugs is now available. The ia32el package contains the IA-32 Execution Layer platform, which allows emulation of IA-32 binaries on Intel Itanium processors.
Page 109: Rhsa-2009:0296: Moderate Security Update
• previously, if a vlan device was a member of a bridge, and the vlan device was removed from the bridge the vlan interface was not removed. With this update, the ifdown script has been updated to (BZ#481557 BZ#463325) remove vlan interfaces if the device is removed from the bridge. https://www.redhat.com/security/data/cve/CVE-2009-0153.html https://www.redhat.com/security/data/cve/CVE-2008-1036.html...
Page 110 Chapter 1. Package Updates • in some cases, when network service failed to restart, the /etc/init.d/network initscript would return an incorrect status of "0". With this update, /etc/init.d/network has been modified to return 1 if the (BZ#481002) service fails to start or if any NIC fails to get an address. •...
Page 111: Iptables
iptables • the ifup initscript has been updated to ensure HiperSocket VLAN support is initialized correctly (BZ#490584) during boot. • previously, adding networking routes using the system-config-network-gui resulted in the following error message being displayed: /lib/udev/ccw_init: line 31: echo: write error: Operation not permitted With this update the initscripts have been fixed, allowing the use of system-config-networking-gui to (BZ#484411) add network routes.
Page 112: Iproute
Chapter 1. Package Updates 1.88. iproute 1.88.1. RHBA-2009:0404: bug fix update Note This update has already been released (prior to the GA of this release) as FASTRACK RHBA-2009:0404 errata An updated iproute package that fixes a bug is now available. The iproute package contains networking utilities such as ip and rtmon, which use the advanced networking capabilities of the Linux 2.4 and 2.6 kernels.
Page 113: Ipsec-Tools
This updated iputils package fixes the following bug: • it is the rdisc utility which is called at boot time to populate the network routing tables with default routes. This bug caused rdisc to fail during initialization when more than one IP address was https://www.redhat.com/security/data/cve/CVE-2009-1574.html https://www.redhat.com/security/data/cve/CVE-2009-1632.html...
Page 114: Ipvsadm
Chapter 1. Package Updates assigned to a single interface. This has been solved so that when rdisc encounters two or more IP addresses assigned to the same interface, it continues working as expected. (BZ#470498 All users of iputils are advised to upgrade to this updated package, which resolves this issue. 1.92.
Page 115: Iscsi-Initiator-Utils
iscsi-initiator-utils 1.94. iscsi-initiator-utils 1.94.1. RHBA-2009:1099: bug fix update Note This update has already been released (prior to the GA of this release) as errata RHBA-2009:1099 An updated iscsi-initiator-utils package that fixes a bug is now available. The iscsi-initiator-utils package provides the server daemon for the iSCSI protocol, as well as the utility programs used to manage it.
Page 116: Isdn4K-Utils
Chapter 1. Package Updates think that a problem existed with their iSCSI configuration. The iSCSI tools no longer present this type of error to users and therefore do not create this potential misunderstanding. Note that certain combinations of new tools with old kernels might still present a related "-22" error. (BZ#497940 •...
Page 117: Iwl3945-Firmware
iwl3945-firmware installed) or 6 (program is not configured), as appropriate. The improved init scripts also check for correct privileges and exit with exit status 4 (user has insufficient privileges) when appropriate. (BZ#237831 • the isdn4k-utils packages contained spurious CVS files; they have been removed in these updated packages.
Page 118: Jadetex
The IBM® 1.4.2 SR13 Java™ release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java https://www.redhat.com/security/data/cve/CVE-2008-2086.html 2 Software Development Kit. These vulnerabilities are summarized on the IBM "Security alerts" https://www.redhat.com/security/data/cve/CVE-2008-5339.html...
Page 119: Java-1.5.0-Ibm
Java programming language. The Java 5 SDK software also includes a JDBC/ODBC bridge for Java applications that need to communicate with a database. These updated packages comprise the IBM Java 5 SR10 release. https://www.redhat.com/security/data/cve/CVE-2008-5342.html https://www.redhat.com/security/data/cve/CVE-2008-5343.html https://www.redhat.com/security/data/cve/CVE-2008-5344.html https://www.redhat.com/security/data/cve/CVE-2008-5345.html https://www.redhat.com/security/data/cve/CVE-2008-5346.html...
Page 120: Rhsa-2009:1038: Critical Security Update
CVE-2009-1107 All users of java-1.5.0-ibm are advised to upgrade to these updated packages, containing the IBM 1.5.0 SR9-SSU Java release. All running instances of IBM Java must be restarted for this update to take effect. https://www.redhat.com/security/data/cve/CVE-2009-1093.html https://www.redhat.com/security/data/cve/CVE-2009-1094.html https://www.redhat.com/security/data/cve/CVE-2009-1095.html https://www.redhat.com/security/data/cve/CVE-2009-1096.html https://www.redhat.com/security/data/cve/CVE-2009-1097.html https://www.redhat.com/security/data/cve/CVE-2009-1098.html...
Page 121: Java-1.5.0-Sun
This update has been rated as having critical security impact by the Red Hat Security Response Team. The Sun 1.5.0 Java release includes the Sun Java 5 Runtime Environment and the Sun Java 5 Software Development Kit. https://www.redhat.com/security/data/cve/CVE-2009-2475.html https://www.redhat.com/security/data/cve/CVE-2009-2625.html https://www.redhat.com/security/data/cve/CVE-2009-2670.html https://www.redhat.com/security/data/cve/CVE-2009-2671.html https://www.redhat.com/security/data/cve/CVE-2009-2672.html...
Page 122: Java-1.6.0-Ibm
This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. These vulnerabilities are summarized on the IBM "Security alerts" CVE-2009-1094 CVE-2009-1095 page listed in the References section. (CVE-2009-1093 CVE-2009-1096 CVE-2009-1097 CVE-2009-1098 CVE-2009-1099 CVE-2009-1100 https://www.redhat.com/security/data/cve/CVE-2006-2426.html https://www.redhat.com/security/data/cve/CVE-2009-1093.html https://www.redhat.com/security/data/cve/CVE-2009-1094.html https://www.redhat.com/security/data/cve/CVE-2009-1095.html https://www.redhat.com/security/data/cve/CVE-2009-1096.html https://www.redhat.com/security/data/cve/CVE-2009-1098.html https://www.redhat.com/security/data/cve/CVE-2009-1099.html https://www.redhat.com/security/data/cve/CVE-2009-1100.html https://www.redhat.com/security/data/cve/CVE-2009-1103.html https://www.redhat.com/security/data/cve/CVE-2009-1104.html https://www.redhat.com/security/data/cve/CVE-2009-1107.html https://www.redhat.com/security/data/cve/CVE-2009-1093.html...
Page 123: Rhsa-2009:0369: Critical Security Update
CVE-2008-5358 All users of java-1.6.0-ibm are advised to upgrade to these updated packages, containing the IBM 1.6.0 SR4 Java release. All running instances of IBM Java must be restarted for the update to take effect. https://www.redhat.com/security/data/cve/CVE-2009-1101.html https://www.redhat.com/security/data/cve/CVE-2009-1103.html https://www.redhat.com/security/data/cve/CVE-2009-1104.html https://www.redhat.com/security/data/cve/CVE-2009-1105.html https://www.redhat.com/security/data/cve/CVE-2009-1106.html https://www.redhat.com/security/data/cve/CVE-2009-1107.html...
Page 124: Java-1.6.0-Openjdk
An additional flaw was found in the proxy mechanism implementation. This flaw allowed an untrusted applet or application to bypass access restrictions and communicate using non-authorized socket or URL connections to hosts other than the origin host. (CVE-2009-2673 https://www.redhat.com/security/data/cve/CVE-2009-0217.html https://www.redhat.com/security/data/cve/CVE-2009-2475.html https://www.redhat.com/security/data/cve/CVE-2009-2476.html https://www.redhat.com/security/data/cve/CVE-2009-2625.html https://www.redhat.com/security/data/cve/CVE-2009-2670.html...
Page 125: Rhsa-2009:0377: Important Security Update
These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. The Java Runtime Environment (JRE) contains the software and tools that users need to run applications written using the Java programming language. https://www.redhat.com/security/data/cve/CVE-2009-2674.html https://www.redhat.com/security/data/cve/CVE-2009-2675.html https://www.redhat.com/security/data/cve/CVE-2009-2689.html...
Page 126 A buffer overflow flaw was found in how GIF images were processed. A remote attacker could extend privileges to read and write local files, as well as execute local applications with the privileges of the user running the java process. (CVE-2009-1098 https://www.redhat.com/security/data/cve/CVE-2006-2426.html https://www.redhat.com/security/data/cve/CVE-2009-0581.html https://www.redhat.com/security/data/cve/CVE-2009-0723.html https://www.redhat.com/security/data/cve/CVE-2009-0733.html https://www.redhat.com/security/data/cve/CVE-2009-0793.html...
Page 127: Java-1.6.0-Sun
CVE-2009-2673 CVE-2009-2674 CVE-2009-2675 CVE-2009-2676 CVE-2009-2690 Users of java-1.6.0-sun should upgrade to these updated packages, which correct these issues. All running instances of Sun Java must be restarted for the update to take effect. https://www.redhat.com/security/data/cve/CVE-2009-0217.html https://www.redhat.com/security/data/cve/CVE-2009-2475.html https://www.redhat.com/security/data/cve/CVE-2009-2476.html https://www.redhat.com/security/data/cve/CVE-2009-2625.html https://www.redhat.com/security/data/cve/CVE-2009-2670.html https://www.redhat.com/security/data/cve/CVE-2009-2671.html https://www.redhat.com/security/data/cve/CVE-2009-2672.html https://www.redhat.com/security/data/cve/CVE-2009-2673.html...
Page 128: Rhba-2009:1093: Bug Fix Update
6 Software Development Kit. These vulnerabilities are summarized on the "Advance notification of Security Updates for Java SE" page from Sun Microsystems, listed in the References section. CVE-2009-1093 CVE-2009-1094 CVE-2009-1095 CVE-2009-1096 (CVE-2006-2426 CVE-2009-1097 CVE-2009-1098 CVE-2009-1099 CVE-2009-1100 CVE-2009-1101 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=505075 https://www.redhat.com/security/data/cve/CVE-2006-2426.html https://www.redhat.com/security/data/cve/CVE-2009-1093.html https://www.redhat.com/security/data/cve/CVE-2009-1094.html https://www.redhat.com/security/data/cve/CVE-2009-1095.html https://www.redhat.com/security/data/cve/CVE-2009-1096.html https://www.redhat.com/security/data/cve/CVE-2009-1097.html https://www.redhat.com/security/data/cve/CVE-2009-1098.html https://www.redhat.com/security/data/cve/CVE-2009-1099.html...
Page 129: Rhea-2009:0284: Enhancement Update
HAL 0.5, KDE 3 would not allow users to mount file systems on devices which the HAL could not poll. KDE now includes a modified HAL back end that https://www.redhat.com/security/data/cve/CVE-2009-1100.html https://www.redhat.com/security/data/cve/CVE-2009-1101.html https://www.redhat.com/security/data/cve/CVE-2009-1102.html https://www.redhat.com/security/data/cve/CVE-2009-1103.html...
Page 130: Kdegraphics
(Konqueror crash). (CVE-2009-0945 All users of kdegraphics should upgrade to these updated packages, which contain backported patches to correct these issues. The desktop must be restarted (log out, then log back in) for this update to take effect. https://www.redhat.com/security/data/cve/CVE-2009-1709.html https://www.redhat.com/security/data/cve/CVE-2009-0945.html...
Page 131: Rhsa-2009:0431: Important Security Update
Red Hat would like to thank Braden Thomas and Drew Yao of the Apple Product Security team, and Will Dormann of the CERT/CC for responsibly reporting these flaws. Users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. https://www.redhat.com/security/data/cve/CVE-2009-0147.html https://www.redhat.com/security/data/cve/CVE-2009-1179.html https://www.redhat.com/security/data/cve/CVE-2009-0146.html https://www.redhat.com/security/data/cve/CVE-2009-1182.html https://www.redhat.com/security/data/cve/CVE-2009-0166.html...
Page 132: Kdelibs
The desktop must be restarted (log out, then log back in) for this update to take effect. 1.108. kdenetwork 1.108.1. RHBA-2009:0452: bug fix update Note This update has already been released (prior to the GA of this release) as FASTRACK RHBA-2009:0452 errata https://www.redhat.com/security/data/cve/CVE-2009-1698.html https://www.redhat.com/security/data/cve/CVE-2009-1690.html https://www.redhat.com/security/data/cve/CVE-2009-1687.html...
Page 133: Kdepim
kdepim Updated kdenetwork packages that resolve an issue are now available. The kdenetwork packages provide a collection of networking applications for the K Desktop Environment (KDE). These updated kdenetwork packages fix the following bug: • the krfb command is a VNC-compatible server for sharing KDE desktops. The desktop can be shared by running krfb from the command line.
Page 134 Chapter 1. Package Updates Updated kernel packages that fix several security issues and several bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team.
Page 135: Rhba-2009:1151: Bug Fix Update
RHBA-2009:1151: bug fix update • on 32-bit systems, core dumps for some multithreaded applications did not include all thread information. (BZ#505322 • a stack buffer used by get_event_name() was not large enough for the nul terminator sprintf() writes. This could lead to an invalid pointer or kernel panic. (BZ#506906 •...
Page 136: Rhba-2009:1133: Bug Fix Update
Chapter 1. Package Updates this issue so that simultaneous access of a single file on a HugeTLB file system is no longer problematic. (BZ#510235 Red Hat Enterprise Linux 5 users are advised to upgrade to these updated packages, which resolve these issues.
Page 137 RHSA-2009:1106: Important security and bug fix update • several flaws were found in the way the Linux kernel CIFS implementation handles Unicode strings. CIFS clients convert Unicode strings sent by a server to their local character sets, and then write those strings into memory.
Page 138: Rhsa-2009:0473: Important Security And Bug Fix Update
Chapter 1. Package Updates • the "-fwrapv" flag was added to the gcc build options to prevent gcc from optimizing away wrapping. (BZ#501751 • a kernel panic when enabling and disabling iSCSI paths. (BZ#502916 • using the Broadcom NetXtreme BCM5704 network device with the tg3 driver caused high system load and very bad performance.
Page 139 RHSA-2009:0473: Important security and bug fix update • the Linux kernel implementation of the Network File System (NFS) did not properly initialize the file name limit in the nfs_server data structure. This flaw could possibly lead to a denial of service on a client mounting an NFS share.
Page 140: Rhsa-2009:0326: Important Security And Bug Fix Update
Chapter 1. Package Updates 1.110.6. RHSA-2009:0326: Important security and bug fix update Important This update has already been released (prior to the GA of this release) as the security RHSA-2009:0326 errata Updated kernel packages that fix several security issues and several bugs are now available for Red Hat Enterprise Linux 5.
Page 141: Rhsa-2009:0264: Important Security Update
RHSA-2009:0264: Important security update • a word endianness problem in the qla2xx driver on PowerPC-based machines may have corrupted flash-based devices. (BZ#485908 • a memory leak in pipe() may have caused a system deadlock. The workaround in Section 1.5, Known Issues, of the Red Hat Enterprise Linux 5.3 Release Notes Updates, which involved manually allocating extra file descriptors to processes calling do_pipe, is no longer necessary.
Page 142 Chapter 1. Package Updates This update addresses the following security issues: • a memory leak in keyctl handling. A local user could use this flaw to deplete kernel memory, eventually leading to a denial of service. (CVE-2009-0031 , Important) • a buffer overflow in the Linux kernel Partial Reliable Stream Control Transmission Protocol (PR- SCTP) implementation.
Page 143: Rhsa-2009:1222: Important Security And Bug Fix Update
RHSA-2009:1222: Important security and bug fix update 1.110.8. RHSA-2009:1222: Important security and bug fix update Important This update has already been released (prior to the GA of this release) as the security RHSA-2009:1222 errata Updated kernel packages that fix two security issues and a bug are now available for Red Hat Enterprise Linux 5.
Page 144 Chapter 1. Package Updates • Pointer and signed arithmetic overflow wrapping has not previously been defined in the Linux kernel. This could cause GCC (GNU C Compiler) to assume that wrapping does not occur and attempt to optimize the arithmetic that the kernel may require for overflow testing. This update adds the - fwrapv variable to GCC CFLAGS in order to define wrapping behavior.(BZ#491266 •...
Page 145 RHSA-2009:1243 • Functionality has been added to sysrq-t to display backtrace information about running processes. This will assist in debugging hung systems. (BZ#456588 1.110.9.2. Debugging Updates specifically related to debugging tasks. • Independent software vendors and developers often use hugepage to avoid unnecessary memory reclaim.
Page 146 Chapter 1. Package Updates • Support for the FIEMAP file extent mapping system has been included in this kernel update. (BZ#296951 • The ext4 file system code (included in Red Hat Enterprise Linux as a Technology Preview) was rebased for this release. (BZ#485315 •...
Page 147 RHSA-2009:1243 • ACPI Performance and Throttling state (P- and T-state) change notifications were not being handled correctly by the OSPM (Operating System-directed Power Management) driver. This affected the Intel® Node Manager's ability to monitor and manage CPU power usage. The kernel's processor_core code has been update to correct this issue.
Page 148 Chapter 1. Package Updates • An optimization error was found in linux-2.6-misc-utrace-update.patch. When running 32-bit processes on a 64-bit machine systems didn't return ENOSYS errors on missing (out of table range) system calls. This kernel release includes a patch to correct this. (BZ#481682 •...
Page 149 RHSA-2009:1243 • Per stack component: current values of relevant measurements as throughput, utilization and other applicable measurements. • Statistical aggregations (minimum, maximum, averages and histogram) of data associated with I/ O requests including size, latency per component and totals. • Support has been added to the kernel to issue EMC Symmetrix Control I/O. This update provides the ability to manage EMC Symmetrix storage arrays with Red Hat Enterprise Linux on the IBM System z platform.
Page 150 Chapter 1. Package Updates the cxgb3, iw_nes NES iWARP, mthca and qlgc_vnic drivers, the rdma headers and SDP and SRP protocols to the OpenFabrics Enterprise Distribution (OFED) 1.4.1 versions. (BZ#476301 • Support has been added for Mellanox ConnectX based 10GigE Ethernet cards. This support required updates of the mlx4, mlx4_ib and mlx4_core drivers as well as the inclusion of the BZ#456525 hybrid mlx4_en driver.
Page 151 RHSA-2009:1243 • Two new drivers (cnic and bnx2i) have been added to the kernel to introduce iSCSI support for Broadcom® BNX2 and BNX2x Network Interface Cards (NICs). (BZ#441979 • A new device driver igbvf) for SR/IOV enabled Intel® NICs has been added to this kernel release. This driver provides a significant performance improvement for virtualization using SR/IOV cards.
Page 152 Chapter 1. Package Updates • The tg3 driver has been updated to version 3.96. This update corrects problems with sluggish performance (on systems with BCM5704 NICs) and adds full support for Broadcom® 5785 NICs. BZ#469772 (BZ#481715 1.110.9.10. Storage Driver Updates Driver updates for Storage devices •...
Page 153 RHSA-2009:1243 • The rdac_dev_list structure now includes md3000 and md3000i entries. This allows users to benefit from the advantages provided by the iscsi_dh_rdac module. (BZ#487293 • This release includes the new mpt2sas driver. This driver supports the SAS-2 family of adapters from LSI Logic.
Page 154 Chapter 1. Package Updates • All vports are now alerted of any asynchronous events. • A bug that caused kernel panics with the QLogic 2472 card is now fixed. • The stop_firmware command is no longer retried if the first attempt results in a times out. •...
Page 155 RHSA-2009:1243 • 0004-hugetlb-new-sysfs-interface.patch • 0005-hugetlb-abstract-numa-round-robin-selection.patch • 0006-mm-introduce-non-panic-alloc_bootmem.patch • 0007-mm-export-prep_compound_page-to-mm.patch • 0008-hugetlb-support-larger-than-MAX_ORDER.patch • 0009-hugetlb-support-boot-allocate-different-sizes.patch • 0010-hugetlb-printk-cleanup.patch • 0011-hugetlb-introduce-pud_huge.patch • 0012-x86-support-GB-hugepages-on-64-bit.patch • 0013-x86-add-hugepagesz-option-on-64-bit.patch • 0014-hugetlb-override-default-huge-page-size.patch • DCA (Direct Cache Access) is a method for warming the cache in the CPU. As part of Intel®'s I/ OAT technology, it minimizes performance-limiting bottlenecks.
Page 156 Chapter 1. Package Updates • In previous kernels the tuntap device send path did not have any packet accounting. This meant that the user-space sender could pin down arbitrary amounts of kernel memory by continuing to send data to an end-point that was congested. This update adds packet accounting to the tun driver so that virtio-net gets congestion feedback which is necessary to prevent packet loss for 1025 protocols lacking congestion control (such as UDP) when used in a guest.
Page 157 RHSA-2009:1243 • This update adds support for the connlimit module to limit to the number of TCP connections accepted by specific ports. This feature reduces the risk of incidental DoS scenarios. 1036 (BZ#483588 • This update modifies the DASDFMT (Direct Access Storage Device ForMaT) command to operate in the same way as similar IBM tools (such as CPFMTXA for zLinux/VM and ICKDSF for MVS)..
Page 158 Chapter 1. Package Updates • A bug that initiated a system reboot after a kernel panic despite /proc/sys/kernel/panic being 1050 set to -1 (which should prevent a reboot) has been fixed in this update. (BZ#446120 • Previous kernels were found to contain a bug that saw the E1000 driver enable TSOv6 functionality for hardware that doesn't support it.
Page 159: Kexec-Tools
kexec-tools • A problem returning "Operation not supported" messages when setting an ACL from an NFSv4 1063 system has been resolved. (BZ#403021 • Fixes have been included in this release that prevent a kernel panic encountered when kprobes 1064 attempted boosting on exception addresses in x86_32 kernels. (BZ#493088 •...
Page 160: Rhba-2009:0048: Bug Fix Update
Chapter 1. Package Updates kexec-tools provides /sbin/kexec binary that allows a new kernel to boot using the kernel's kexec feature either on a normal or panic reboot. This package also contains the ancillary utilities that together form the user-space component of the kernel's kexec feature. This updated kexec-tools package fixes the following bug: •...
Page 161: Krb5
krb5 1081 • a fix to handle network config files that are lacking an ending newline. (BZ#476063 1082 1083 BZ#490818 • improved the ability to detect md arrays. (BZ#479211 1084 • fixed some bad status messages when using the ssh dump target. (BZ#466450 1085 •...
Page 162: Rhba-2009:1378: Bug Fix And Enhancement Update
(BZ#479071 All users of the krb5 workstation utilities and services are advised to update to these packages which address these issues and add this enhancement. 1100 https://www.redhat.com/security/data/cve/CVE-2009-0846.html 1101 https://www.redhat.com/security/data/cve/CVE-2009-0844.html 1102 https://www.redhat.com/security/data/cve/CVE-2009-0845.html...
Page 163: Ksh
1.113. ksh 1.113.1. RHBA-2009:1165: bug fix update Note This update has already been released (prior to the GA of this release) as errata 1110 RHBA-2009:1165 An updated ksh package that fixes a bug is now available. KSH-93 is the most recent version of the KornShell by David Korn of AT&T Bell Laboratories. KornShell is a shell programming language which is also compatible with "sh", the original Bourne Shell.
Page 164: Lcms
Chapter 1. Package Updates • the ksh package now includes 'alternatives' which allows ksh switching with PDKSH. This feature allows users to switch between the ksh-93 and ksh-88 shells and to port ksh-88 scripts to ksh-93. 1116 (BZ#488798 • ksh sometimes returned wrong OPTIND values after returning from a subshell when it executed a function within backquotes (backticks).
Page 165: Less
All users of less are advised to upgrade to this updated package, which resolves this issue. 1.116. lftp 1.116.1. RHSA-2009:1278: Low security and bug fix update An updated lftp package that fixes one security issue and various bugs is now available for Red Hat Enterprise Linux 5. 1125 https://www.redhat.com/security/data/cve/CVE-2009-0723.html 1126 https://www.redhat.com/security/data/cve/CVE-2009-0733.html 1127 https://www.redhat.com/security/data/cve/CVE-2009-0581.html...
Page 166 The updated package defines a default editor (vi) in the absence of a system-defined EDITOR. The edit alias now also supports tab-completion and handles 1136 file names containing spaces correctly for both downloading and uploading. (BZ#504594 1129 https://www.redhat.com/security/data/cve/CVE-2007-2348.html...
Page 167: Libx11
libX11 Note This update upgrades LFTP from version 3.7.3 to upstream version 3.7.11, which incorporates a number of further bug fixes to those noted above. For details regarding these fixes, refer to the "/usr/share/doc/lftp-3.7.11/NEWS" file after installing this update. 1137 (BZ#308721 All LFTP users are advised to upgrade to this updated package, which resolves these issues.
Page 168: Libgcrypt
Chapter 1. Package Updates Libdhcp now activates the interface when a static configuration is specified, even when no DHCP 1140 server is present so that network-based installations are possible. (BZ#233066 • previously, the method used by libdhcp to build a list of network interfaces available on a system could accommodate a maximum of 86 interfaces.
Page 169: Libsemanage
API for the manipulation of SELinux binary policies. It is used by checkpolicy (the policy compiler) and similar tools, and programs such as load_policy, which must perform specific transformations on binary policies (for example, customizing policy boolean settings). 1145 https://www.redhat.com/security/data/cve/CVE-2009-0040.html 1146 https://www.redhat.com/security/data/cve/CVE-2008-1382.html...
Page 170: Libsoup
(such as Evolution configured to connect to the GroupWise back-end) must be restarted for the update to take effect. 1.124. libspe2 1.124.1. RHBA-2009:1263: bug fix and enhancement update An updated libspe2 package (re-based to upstream version 2.3.0-135) is now available. 1151 https://www.redhat.com/security/data/cve/CVE-2009-0585.html...
Page 171: Libtiff
All libtiff users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, all applications linked with the libtiff library (such as Konqueror) must be restarted for the update to take effect. 1152 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=475619 1153 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=475637 1155 https://www.redhat.com/security/data/cve/CVE-2009-2347.html...
Page 172: Libunwind
Chapter 1. Package Updates 1.126. libunwind 1.126.1. RHBA-2009:0464: bug fix update Note This update has already been released (prior to the GA of this release) as FASTRACK 1157 RHBA-2009:0464 errata An updated libunwind package that removes the possibility of a crash when using unwinding capabilities is now available.
Page 173: Rhea-2009:1269: Bug Fix And Enhancement Update
Remote error : socket closed unexpectedly error: Failed to create domain from create_guest.xml This has been fixed in these updated packages so that creating guests on an iSCSI volume pool 1164 succeeds as expected. (BZ#483310 1160 https://www.redhat.com/security/data/cve/CVE-2008-5086.html 1161 https://www.redhat.com/security/data/cve/CVE-2009-0036.html 1162 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=475821...
Page 174: Libvirt-Cim
Chapter 1. Package Updates • the "virsh" and "xm" commands passed incorrectly passed the option "type=vbd" when either attaching or detaching TAP devices, which caused the command to fail. With this update, the correct 1165 type, "type=tap", is passed when TAP devices are attached or detached. (BZ#483835 •...
Page 175: Libvorbis
(CVE-2009-2663 Users of libvorbis should upgrade to these updated packages, which contain a backported patch to correct this issue. The desktop must be restarted (log out, then log back in) for this update to take effect. 1179 https://www.redhat.com/security/data/cve/CVE-2009-2663.html...
Page 176: Libwmf
Updated libxml and libxml2 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 1181 https://www.redhat.com/security/data/cve/CVE-2009-1364.html...
Page 177: Linuxwacom
Wacom tablet users who wish to use these features should upgrade to these new packages, which add the required support. 1.133. lksctp-tools 1.133.1. RHBA-2009:0412: bug fix update Note This update has already been released (prior to the GA of this release) as FASTRACK 1187 RHBA-2009:0412 errata 1183 https://www.redhat.com/security/data/cve/CVE-2009-2414.html 1184 https://www.redhat.com/security/data/cve/CVE-2009-2416.html...
Page 178: Ltrace
Chapter 1. Package Updates Updated lksctp-tools packages that resolve several issues are now available. These packages are intended to supplement the Stream Control Transmission Protocol (SCTP) reference implementation, which has been a part of the kernel since kernel version 2.5.36. For more information on LKSCTP see the section titled "LKSCTP - Linux Kernel SCTP"...
Page 179: Lvm2
lvm2 • a bug in which ltrace would become unresponsive (i.e. "hang") while tracing a child process with the '-f' option, which traces child processes as they are created by currently traced processes as a result of the fork or clone system calls. To correct for this, ltrace now tests for the situation in which it fails to attach to a newly-forked process, thus resolving the issue.
Page 180 Chapter 1. Package Updates • Fixes lvresize size conversion for fsadm when block size is not 1K. • Fixes cached volume group metadata to cope with duplicate volume group names. • Fixes pvs segfault when pv mda attributes requested for not available PV. •...
Page 181: Lvm2-Cluster
lvm2-cluster • Adds "--refresh" functionality to vgchange and vgmknodes. • Adds lvs origin_size, dev_size, pv_mda_size and vg_mda_size to reports. Users of lvm2 are advised to upgrade to these updated packages, which resolve these issues and add these enhancements. 1.136. lvm2-cluster 1.136.1.
Page 182: Man-Pages-Ja
Chapter 1. Package Updates • closing a file object returned by m2urllib2 did not immediately close the underlying network connection. This could cause a process to run out of file handles. Closing a file object now closes 1189 the sockets associated with it and avoids leaking file descriptors. (BZ#460692 •...
Page 183: Mcelog
mcelog 1.139. mcelog 1.139.1. RHBA-2009:1374: bug fix and enhancement update An updated mcelog package that adds support for newer Intel hardware and fixes two bugs is now available. mcelog is a utility that allows the root user to decode machine check errors (MCE). This update addresses the following two bugs: •...
Page 184: Microcode_Ctl
This microcode corrects the behavior of various Intel processors, as described in processor 1211 specification updates issued by Intel for those processors. (BZ#463445 Users are advised to upgrade to this updated microcode_ctl package, which adds this enhancements. 1211 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=463445...
Page 185: Mkinitrd
mkinitrd 1.142. mkinitrd 1.142.1. RHBA-2009:1088: bug fix update Note This update has already been released (prior to the GA of this release) as errata 1212 RHBA-2009:1088 Updated mkinitrd packages that resolve an issue are now available. The mkinitrd utility creates file system images for use as initial ramdisk (initrd) images. These updated mkinitrd packages fix the following bug: •...
Page 186: Mod_Auth_Mysql
All mod_auth_mysql users are advised to upgrade to the updated package, which contains a backported patch to resolve this issue. After installing the update, the httpd daemon must be restarted for the fix to take effect. 1214 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=221547 1216 https://www.redhat.com/security/data/cve/CVE-2008-2384.html...
Page 187: Mod_Authz_Ldap
mod_authz_ldap 1.145. mod_authz_ldap 1.145.1. RHBA-2009:0305: bug fix update Note This update has already been released (prior to the GA of this release) as FASTRACK 1217 RHBA-2009:0305 errata An updated mod_authz_ldap package that fixes a bug is now available. mod_authz_ldap is a module for the Apache HTTP Server which provides support for authenticating users against an LDAP database.
Page 188: Module-Init-Tools
Chapter 1. Package Updates This update addresses a proxy handling bug in mod_nss. mod_nss was not handling blocked reads properly. Rather than attempting the read again, it failed with an "End of File" message. When used with mod_proxy in a reverse proxy configuration, this would sometimes result in returning only part of the remote content.
Page 189: Mysql
• an error in the mysqld init script caused the MySQL service to not wait correctly if the socket file specified in /etc/my.cnf was anything other than the default. This caused MySQL to return an 1224 https://www.redhat.com/security/data/cve/CVE-2008-2079.html 1225 https://www.redhat.com/security/data/cve/CVE-2008-3963.html 1226 https://www.redhat.com/security/data/cve/CVE-2008-4456.html...
Page 190 Chapter 1. Package Updates erroneous "[FAILED]" message. With this update, /etc/init.d/mysqld has been corrected, MySQL 1229 waits correctly and the erroneous error message no longer presents. (BZ#435494 • when slave DBs rotated relay logs, the file was deleted and the relay log index file was then edited. If the slave shut down before the index file was edited, said file contained a reference to a now non- existent relay log.
Page 191: Mysql-Connector-Odbc
• this rebase adds the ability to send to Bluetooth devices, provides better Pidgin integration, and makes a number of user interface fixes. See the ChangeLog, installed to /usr/share/doc/nautilus- 12451244 BZ#250403 sendto-1.0.1/ for details regarding these and other changes. ( 1240 http://dev.mysql.com/doc/refman/5.0/en/news-5-0-77.html 1241 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=460293...
Page 192: Net-Snmp
Chapter 1. Package Updates All Nautilus-sendto users are advised to upgrade to this updated package, which resolves these issues and adds these enhancements. 1.151. net-snmp 1.151.1. RHBA-2009:1215: bug fix update Note This update has already been released (prior to the GA of this release) as errata 1246 RHBA-2009:1215 Updated net-snmp packages that resolve an issue are now available.
Page 193: Rhba-2009:1372: Enhancement And Bug Fix Update
RHBA-2009:1372: enhancement and bug fix update have been plugged in these updated packages, and snmpd no longer leaks memory over time. 1249 (BZ#497810 All users of net-snmp are advised to upgrade to these updated packages, which resolve this issue. 1.151.3. RHBA-2009:1372: enhancement and bug fix update Updated net-snmp packages that fix various bugs and add enhancements are now available.
Page 194: Netpbm
These updated netpbm packages upgrade netpbm to version 10.35.58, which provides many bug fixes and enhancements over the previous version. Notably, a few new utilities are included in this upgraded version, including: jbigtopnm, pcdovtoppm and pnmtojbig. In addition, the following bugs have been fixed in this netpbm update: 1261 https://www.redhat.com/security/data/cve/CVE-2007-2721.html 1262 https://www.redhat.com/security/data/cve/CVE-2008-3520.html...
Page 195: Nfs-Utils
NFS version 3 and 4. The new nhfsstone "-2", "-3", and "-4" options are used to select 1268 an NFS version (similar to nfsstat(8)). (BZ#465933 • the exportfs(8) manual page contained a spelling mistake, "djando", in the EXAMPLES section. 1269 (BZ#474848 1263 https://www.redhat.com/security/data/cve/CVE-2008-4552.html...
Page 196: Nfs-Utils-Lib
Chapter 1. Package Updates • in some situations the NFS server incorrectly refused mounts to hosts that had a host alias in a NIS 1270 netgroup. (BZ#478952 • in some situations the NFS client used its cache, rather than using the latest version of a file or directory from a given export.
Page 197: Nspr And Nss
If an attacker is able to get a carefully-crafted certificate signed by a Certificate Authority trusted by Firefox, the attacker could use the certificate during a man-in-the-middle attack and 1276 potentially confuse Firefox into accepting it by mistake. (CVE-2009-2408 1275 https://www.redhat.com/security/data/cve/CVE-2009-2404.html 1276 https://www.redhat.com/security/data/cve/CVE-2009-2408.html...
Page 198: Rhba-2009:1161: Bug Fix And Enhancement Update
OCSP queries are seen in the OCSP responder. Also, similar OCSP status verification happens for 1279 SSL server certificates used in Apache upon instance start or restart. (BZ#499052 1277 https://www.redhat.com/security/data/cve/CVE-2009-2409.html 1279 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=499052...
Page 199: Nss_Ldap
With these updated packages, calling "id [user_name]" when "nss_connect_policy" is set to "oneshot" works as expected and no longer triggers the failed 1285 assertion. (BZ#488857 All users of nss_ldap are advised to upgrade to this updated package, which resolves these issues. 1280 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=223279 1281 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=502201...
Page 200: Ntp
Updated ntp packages to correct a security issue are now available for Red Hat Enterprise Linux 4 and This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Network Time Protocol (NTP) is used to synchronize a computer's time with a referenced time source. 1287 https://www.redhat.com/security/data/cve/CVE-2009-1252.html 1288 https://www.redhat.com/security/data/cve/CVE-2009-0159.html...
Page 201: Numactl
Users are advised to upgrade to this updated numactl package which resolves this issue. 1.160. openais 1.160.1. RHBA-2009:1191: bug-fix update Note This update has already been released (prior to the GA of this release) as errata 1293 RHBA-2009:1191 Updated openais packages that fix a bug are now available. 1290 https://www.redhat.com/security/data/cve/CVE-2009-0021.html...
Page 202: Rhba-2009:1104: Bug-Fix Update
Chapter 1. Package Updates The openais packages provide the core infrastructure used by Red Hat Cluster Suite and GFS. This update fixes the following bug: • When a node is sending heavy transmissions, and it is killed and restarted, it can sometimes lead to complete cluster failure by not allowing new communication to occur from that node.
Page 203: Rhba-2009:1366: Bug-Fix And Enhancement Update
RHBA-2009:1366: bug-fix and enhancement update This update applies the following bug fixes: • Fix defect that results in aisexec core dumping under IPC load. • Fix defect where cpg flow control doesn't work properly. • Fix defect where, in many cases, certain message types can be ignored in the ckpt or cpg services. •...
Page 204: Openhpi
Chapter 1. Package Updates • The totem free queue was calculated improperly resulting in aborts under heavy cpg load. 1306 (BZ#488095 • Under certain conditions, a race condition resulted in a double list delete in the cpg service causing 1307 segfault.
Page 205 RHEA-2009:1279: enhancement update • HP c-Class plugin: add underpinnings for additional management functions. • Add entries for HP c-Class plugin pdf documents in Makefile.am. 1317 • Make use of common SSL code HP c-Class Plugin.(BZ#474176 • Important enhancements and many bug fixes to the HP c-Class plugin •...
Page 206: Openib
(rds-tools) that was not previously supported in Red Hat Enterprise Linux. Support for this 1324 package has been added, enabling RDS administration. (BZ#486978 • the rds-tools-debuginfo package was empty, which prevented debugging. The package has been 1325 updated with debug information. (BZ#500627 1318 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=459652...
Page 207: Openoffice.org
These updated openoffice.org packages fixes the following bugs: Math would attempt to load an icon that was not a 24-bit image. This would result in a `pBitmap- >mnBitCount == 24' warning message. OpenOffice.org now converts icons into 24-bit bitmaps, and 1337 launches successfully. (BZ#456845 1337 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=456845...
Page 208 Chapter 1. Package Updates • Red Hat Enterprise Linux 5.0 did not support the '-headless' switch when launching OpenOffice.org. Partly as a consequence, OpenOffice.org was not configured for the Gnome desktop environment: launching would fail with a 'Can't open display' error. OpenOffice.org has now been updated to use 1338 GTK, and 'ooffice -headless' launches as expected.
Page 209: Openssh
1356 BZ#492363 All OpenSSH users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues and add these enhancements. After installing this update, the OpenSSH server daemon (sshd) will be restarted automatically. 1352 https://www.redhat.com/security/data/cve/CVE-2008-5161.html...
Page 210: Openssl
32-bits can be generated in this mode. Note: In FIPS mode, pairwise tests are still called and keys generated in this mode must still be 1024-bits or 1364 larger. (BZ#479817 As well, these updated packages add the following enhancements: 1357 https://www.redhat.com/security/data/cve/CVE-2009-1377.html 1358 https://www.redhat.com/security/data/cve/CVE-2009-1378.html 1359 https://www.redhat.com/security/data/cve/CVE-2009-1379.html 1360 https://www.redhat.com/security/data/cve/CVE-2009-1386.html 1361 https://www.redhat.com/security/data/cve/CVE-2009-1387.html...
Page 211: Openswan
(CVE-2009-2185 All users of openswan are advised to upgrade to these updated packages, which contain a backported patch to correct these issues. After installing this update, the ipsec service will be restarted automatically. 1371 https://www.redhat.com/security/data/cve/CVE-2009-2185.html...
Page 212: Rhsa-2009:0402: Important Security Update
This package contains the daemons and userland tools for setting up Openswan. It optionally also builds the Openswan KLIPS IPsec stack that is an alternative for the NETKEY/XFRM IPsec stack that exists in the default Linux kernel. 1373 https://www.redhat.com/security/data/cve/CVE-2009-0790.html 1374 https://www.redhat.com/security/data/cve/CVE-2008-4190.html...
Page 213 RHEA-2009:1350: bug fix update Openswan 2.6.x also supports IKEv2 (RFC 4309) Bugs fixed in these updated packages include: • Openswan would not allow IPsec connections between a physical IP on one system and a virtual IP on another system if the physical IP on the first system was already connected to the physical IP on the second system that was associated with that virtual IP.
Page 214: Oprofile
Chapter 1. Package Updates • previously, the package description included a reference to a "freeswan enabled kernel". This reference could have mislead users into thinking that Openswan required some special kernel, when no such kernel exists. The reference has therefore been removed, eliminating the potential for 1381 confusion.
Page 215 RHBA-2009:1358: bug fix and enhancement update has been changed so that it does not attempt to resolve the origins of entries in access.conf which 1385 do not contain an IP address or an IP addresses and a netmask value. (BZ#459057 •...
Page 216: Pango
Changes have been made to ensure that the bitsream-vera-fonts package is now a dependency of Pango. With the font present, applications reliant upon Pango can load and render 1397 text correctly. (BZ#251928 User should upgrade to the updated package, which resolves this issue. 1396 https://www.redhat.com/security/data/cve/CVE-2009-1194.html...
Page 217: Pciutils
pciutils 1.170. pciutils 1.170.1. RHBA-2009:1110: bug fix update Note This update has already been released (prior to the GA of this release) as FASTRACK 1398 RHBA-2009:1110 errata An updated pciutils package that fixes a bug is now available. The pciutils package contains various utilities for inspecting and manipulating devices connected to the PCI bus.
Page 218: Perl-Dbd-Pg
Chapter 1. Package Updates Perl is a high-level programming language with roots in C, sed, awk and shell scripting. Perl is good at handling processes and files, and is especially good at handling text. These updated perl packages provide fixes for the following bugs: •...
Page 219: Php
A buffer overflow flaw was found in PHP's imageloadfont function. If a PHP script allowed a remote attacker to load a carefully crafted font file, it could cause the PHP interpreter to crash or, possibly, 1412 execute arbitrary code. (CVE-2008-3658 1407 https://www.redhat.com/security/data/cve/CVE-2009-0663.html 1408 https://www.redhat.com/security/data/cve/CVE-2009-1341.html 1410 https://www.redhat.com/security/data/cve/CVE-2008-5557.html 1411 https://www.redhat.com/security/data/cve/CVE-2009-0754.html...
Page 220: Php-Pear
This issue has been resolved by adding a dependency on the php-devel package to the php-pear package, with the result that installing components with pecl should now complete as 1418 expected, and without having to chase any further dependencies. (BZ#482974 1413 https://www.redhat.com/security/data/cve/CVE-2008-3660.html 1414 https://www.redhat.com/security/data/cve/CVE-2008-5498.html 1415 https://www.redhat.com/security/data/cve/CVE-2008-5814.html...
Page 221: Pidgin
This update has already been released (prior to the GA of this release) as the security 1422 RHSA-2009:1139 errata Updated pidgin packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 4 and 5. 1421 https://www.redhat.com/security/data/cve/CVE-2009-2694.html...
Page 222: Rhba-2009:0407: Bug Fix Update
1425 included with this update, uses the newer ICQ protocol, which resolves this issue. (BZ#490104 1426 BZ#490094 Note Pidgin 2.5.5 Pidgin 2.5.5 also addresses several other minor bugs. See the 1427 ChangeLog, for details regarding these other changes. 1423 https://www.redhat.com/security/data/cve/CVE-2009-1889.html...
Page 223: Piranha
• Nanny does not default to webservice query string when no query/expect string specified. • Piranha-gui removes slashes from monitoring script send commands. • Adding real port in piranha-gui caused pulse to error. Users of piranha are advised to upgrade to these updated packages, which resolve these issues. 1428 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=490536 1429 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=490539...
Page 224: Policycoreutils
Chapter 1. Package Updates 1.177. policycoreutils 1.177.1. RHBA-2009:1292: bug fix update Updated policycoreutils packages that fix several bugs are now available. policycoreutils contains the policy core utilities that are required for the basic operation of a Security- Enhanced Linux (SELinux) system. These utilities include load_policy to load policies, setfiles to label file systems, newrole to switch roles, and run_init to run "/etc/init.d/"...
Page 225: Ppc64-Utils
Users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. 1.179. ppc64-utils 1.179.1. RHEA-2009:1247: enhancement update Enhanced ppc64-utils packages that add support for virtual Fibre Channel devices to the ofpathname script are now available. 1438 https://www.redhat.com/security/data/cve/CVE-2009-0147.html 1439 https://www.redhat.com/security/data/cve/CVE-2009-1179.html 1440 https://www.redhat.com/security/data/cve/CVE-2009-1187.html 1441 https://www.redhat.com/security/data/cve/CVE-2009-1188.html 1442 https://www.redhat.com/security/data/cve/CVE-2009-0146.html...
Page 226: Psmisc
Chapter 1. Package Updates ppc64-utils is a collection of utilities for Linux running on 64-bit PowerPC platforms. These updated ppc64-utils packages add the following enhancement: • previously, the ofpathname script was not able to translate logical device names to Open Firmware device path names for virtual Fibre Channel devices.
Page 227: Pyorbit
The missing check for negative size values meant the Python memory allocator could allocate less memory than expected. This could result in 1455 arbitrary code execution with the Python interpreter's privileges. (CVE-2008-1887 1455 https://www.redhat.com/security/data/cve/CVE-2008-1887.html...
Page 228: Rhba-2009:1402: Bug Fix Update
These updated packages apply fixes for the following bugs: • processes were cleaned and their IDs recycled regardless of whether the processes had an active reference. This meant that child processes had their IDs recycled before their parent called for a 1456 https://www.redhat.com/security/data/cve/CVE-2008-3142.html 1457 https://www.redhat.com/security/data/cve/CVE-2008-5031.html 1458 https://www.redhat.com/security/data/cve/CVE-2007-4965.html...
Page 229: Python-Pyblock
python-pyblock value, which resulted in an OS Error (No child processes). The parent now checks whether a child 1465 process has returned before cleaning its ID, and the error no longer presents. (BZ#498979 1466 BZ#498978 • a child process would attempt to import variables that had already been imported by a parent process.
Page 230: Resktop
Chapter 1. Package Updates specified timelimit. Aborting." Since the installation itself is not affected, "Aborting" has been edited 1471 to the clearer "Exiting application". (BZ#476717 As well, this updated package includes the following enhancements: • when creating a new guest, the default sound hardware was previously es1370 with the user able to select pcspk and sb16 as alternatives.
Page 231: Readline
All Readline users should upgrade to this updated package, which resolves this issue. 1.188. redhat-release 1.188.1. RHEA-2009:1400: bug fix and enhancement update A new redhat-release package is now available for Red Hat Enterprise Linux 5.4. The redhat-release package contains licensing information regarding, and identifies the installed version of, Red Hat Enterprise Linux.
Page 232: Redhat-Release-Notes
1.189.1. RHEA-2009:1385: enhancement update An enhanced redhat-release-notes package is now available. An updated version of the redhat-release-notes package is now available as part of ongoing support and maintenance of Red Hat Enterprise Linux 5. This package contains the release notes for Red Hat Enterprise Linux 5.4 1.190.
Page 233: Rhba-2009:0415: Bug Fix Update
RHBA-2009:0415: bug fix update Updated rgmanager packages that fix a bug are now available. The rgmanager packages contain the Red Hat Resource Group Manager, which provides the ability to create and manage high-availability server applications in the event of system downtime. This update applies the following bug fix: •...
Page 234 • a startup_wait option has been added to the MySQL resource agent. • services can now be prioritized. • rgmanager now checks to see if it has been killed by the OOM killer and if so, reboots the node. 1486 https://www.redhat.com/security/data/cve/CVE-2008-6552.html...
Page 235: Rhn-Client-Tools
rhn-client-tools Users of rgmanager are advised to upgrade to this updated package, which resolves these issues and adds these enhancements. 1.192. rhn-client-tools 1.192.1. RHBA-2009:1354: bug fix and enhancement update Updated rhn-client-tools packages that fix several bugs and add enhancements are now available. Red Hat Network Client Tools provide programs and libraries that allow your system to receive software updates from the Red Hat Network (RHN).
Page 236: Rhnlib
Chapter 1. Package Updates • registration should not look for cert when using the insecure http protocol. The certificate should only 1501 matter when using the secure, https, protocol. (BZ#494928 • rhn_register should now be able to identify kvm guests by sending the uuid and virt type to the server through smbios data.
Page 237: Rhnsd
rhnsd 1.194. rhnsd 1.194.1. RHBA-2009:1356: bug fix update An updated rhnsd package that fixes several bugs is now available. rhnsd runs periodically to access a Red Hat Network server for software updates. This updated package applies fixes for the following bugs: •...
Page 238: Rsh
Chapter 1. Package Updates An opt-in mechanism to enable a stricter mode of patching on a per-spec basis has been introduced 1515 to help packagers notice these cases early in the package-building process. (BZ#471005 • on 64-bit multilib systems, RPM permitted installation of packages for incompatible architectures. 1516 RPM now validates package architecture compatibility on all platforms.
Page 239: Rt61Pci-Firmware
This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. 1522 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=488286...
Page 240: S390Utils
Customers are now able to specify the defaultmenu option, which displays the menu specified in the menu configuration file and disables 1532 the automenu. (BZ#486444 1524 https://www.redhat.com/security/data/cve/CVE-2007-1558.html 1525 https://www.redhat.com/security/data/cve/CVE-2009-0642.html 1526 https://www.redhat.com/security/data/cve/CVE-2009-1904.html...
Page 241: Samba
samba • with this release, s390utils has been re-based from version 1.8.0 to upstream version 1.8.1. This re-base adds a range of new features, including the iucvterm tool and the zipl tool. Version 1.8.1 15341533 BZ#506966 also addresses numerous bugs, including .
Page 242: Sblim
Chapter 1. Package Updates the owner of a file saved by Excel could have ended up losing access to that file. These updated packages include an adjusted fix for this problem which fixes the ACL inheritance so that saving an 1539 Excel file does not cause the owner to change.
Page 243: Scim-Bridge
scim-bridge versions of the GCC would therefore fail. The spec file is now updated so that it works with current 1546 versions of the GCC. (BZ#496999 • the sblim packages now include new CIM-based instrumentation to configure DHCP servers. This 1547 instrumentation is packaged in sblim-wbemsmt-dhcp.
Page 244 Chapter 1. Package Updates 1556 • system signals are now permitted to be sent properly to the automount daemon.(BZ#481706) • the samba_enable_home_dirs Boolean now allows access to hidden files in home 1557 directories.(BZ#484146) 1558 • the default context for files related to the sysstat package have been corrected.(BZ#485078) 1559 •...
Page 245: Setroubleshoot
Updated setroubleshoot packages that resolve an issue are now available. The setroubleshoot packages provide tools to help diagnose SELinux problems. When AVC messages occur, an alert is generated that gives information about the problem, and how to create a resolution. 1593 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=477123...
Page 246: Setup
Chapter 1. Package Updates These updated setroubleshoot packages fix the following bug: • shutting down the system caused setroubleshoot to report that the connection had failed. This was caused by an inoptimal ordering in the system shutdown scripts wherein the D-Bus system message bus was shut down before setroubleshoot, which resulted in connection failure messages.
Page 247: Sg3_Utils
sg3_utils by other packages and administrators. The "pkiuser" user and group IDs are used in subsystems associated with the Red Hat Certificate System. • this updated setup package reserves the new "vdsm" user ID and "kvm" group ID, and the userid (UID) and groupid (GID) numbers (36:36), which should prevent accidental usage of that UID/GID pair by other packages and administrators.
Page 248: Sos
Chapter 1. Package Updates In addition, these updated sg3_utils packages provide fixes for the following bugs: • the "sg_map26" command was unable to correctly map the device names for greater than 32 tape drives on a single system. This has been fixed so that it can correctly map 32 or more tape drives. 1600 (BZ#468040 •...
Page 249: Rhba-2009:1418: Bugfix And Enhancement Update
* Previously, faulty logic in rh-upload-core prevented it from uploading a core if the quiet flag were not set. Additionally, the destination directory was incorrectly specified as dropbox.redhat.com. Now, rh-upload-core can upload a core regardless of the status of the quiet flag, and correctly sends the 1616 core to dropbox.redhat.com/incoming.
Page 250 The new plugins allow sos to gather information about: 1627 • kvm (BZ#497206 1628 • Directory Server (BZ#461799 1629 • dovecot (BZ#464208 1630 • netdump (BZ#466819 1619 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=460788 1620 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=462824 1621 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=480786 1622 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=497840 1623 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=498474 1624 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=501842 1625 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=464207 1626...
Page 251 RHBA-2009:1418: bugfix and enhancement update 1631 • IPA (BZ#466947 1632 • anaconda (BZ#472108 1633 • Smartcard-related details (BZ#497206 1634 • sar (BZ#469626 1635 • snmp configuration (BZ#472857 1636 • kdump configuration (BZ#4728558 1637 • nscd (BZ#487116 1638 • tftp-related details (BZ#487119 1639 •...
Page 252: Sqlite
Chapter 1. Package Updates 1659 • logrotate details (BZ#487434 1660 • the results of lspci -t (BZ#238778 1661 • state information of fibre channel devices (BZ#444839 1662 • the contents of custom.conf (BZ#450997 1663 • dmesg output (BZ#460140 1664 • the contents of /var/log/acpid (BZ#487113 •...
Page 253: Strace
With this update, strace selects threads to trace in a smarter manner, thus ensuring that no threads are left overlong in a waiting state, and therefore resolving the issue. 1668 https://www.redhat.com/security/data/cve/CVE-2009-1579.html 1669 https://www.redhat.com/security/data/cve/CVE-2009-1578.html 1670...
Page 254: Rhba-2009:0017: Bug Fix Update
Chapter 1. Package Updates All users of strace are advised to upgrade to this updated package, which resolves this issue. 1.211.2. RHBA-2009:0017: bug fix update Note This update has already been released (prior to the GA of this release) as errata 1672 RHBA-2009:0017 Updated strace packages that fix one bug are now available.
Page 255: Subversion
This update has been rated as having moderate security impact by the Red Hat Security Response Team. The sudo (superuser do) utility allows system administrators to give certain users the ability to run commands as root with logging. 1677 https://www.redhat.com/security/data/cve/CVE-2009-2411.html...
Page 256: Rhba-2009:0438: Bug Fix Update
• An issue with name fields in the LVM, Tomcat5 and PostGres resource agents has been fixed. • A missing CMAN attribute is now included in the schema checker, thereby avoiding an error message. Also, this update adds the following enhancements: • Support for configuring subnet suffixes in the IP resource agent. 1679 https://www.redhat.com/security/data/cve/CVE-2009-0034.html...
Page 257: System-Config-Date
system-config-date • An nfslock checkbox has been added to service management. • Support for extended configuration settings is now available for SAP DB as well as SAP Instance. Users should upgrade to this updated package, which resolves these issues and adds these enhancements.
Page 258: System-Config-Network
Chapter 1. Package Updates properly. With this update the locale-list's Romanian keymap defaults to Lat2-Terminus16, allowing 1683 for the correct display of these characters. (BZ#386741 All users should upgrade to this updated package, which resolves this issue. 1.217. system-config-network 1.217.1. RHBA-2009:1352: bug fix and enhancement update An updated system-config-network package that fixes two bugs and adds an enhancement is now available.
Page 259: Systemtap
Note: This issue was only exploitable if another SystemTap kernel module was placed in the "systemtap/" module directory for the currently running kernel. Red Hat would like to thank Erik Sjölund for reporting this issue. SystemTap users should upgrade to these updated packages, which contain a backported patch to correct this issue. 1692 https://www.redhat.com/security/data/cve/CVE-2009-0784.html...
Page 260: Rhba-2009:1313: Bug Fix And Enhancement Update
Chapter 1. Package Updates 1.219.2. RHBA-2009:1313: bug fix and enhancement update Updated systemtap packages that fix various bugs, enhance user-space probing, improve support for debuginfo-less operations and apply several other enhancements are now available. SystemTap provides an instrumentation infrastructure for systems running the Linux 2.6 kernel. It allows users to write scripts that probe and trace system events for monitoring and profiling purposes.
Page 261: Tcl
• The systemtap-testsuite package contained test cases (systemtap.base/bz10078.stp, buildko/two.stp, and buildok/thirty.stp) that were incorrectly configured as "executable". Any test runs involving these cases failed unexpectedly. This release fixes the permissions for all 1703 test cases provided by the systemtap-testsuite package. (BZ#499657 •...
Page 262: Tcp_Wrappers
Chapter 1. Package Updates These updated tcl packages fix a bug which resulted in "wrong ELF class: ELFCLASS32" error messages when attempting to run tcl scripts on a 64-bit multilib system where both the 32-bit and 64- bit packages dependent on tcl were installed. All users of tcl are advised to upgrade to these updated packages, which resolve this issue.
Page 263: Tftp
tftp • Universal symbols are now provided that allow users to install a particular TeX component regardless of the current TeX distribution. • These updated teTeX packages no longer display warnings on verification. • lamstex fonts are now included, which are needed for proper functionality of other TeX components. Users are advised to upgrade to these updated packages, which resolve these issues.
Page 264: Rhsa-2009:0258: Moderate Security Update
Thunderbird to crash or, potentially, execute arbitrary code 1725 1726 1727 CVE-2009-0353 CVE-2009-0772 as the user running Thunderbird. (CVE-2009-0352 1728 1729 CVE-2009-0774 CVE-2009-0775 1714 https://www.redhat.com/security/data/cve/CVE-2009-1392.html 1715 https://www.redhat.com/security/data/cve/CVE-2009-1303.html 1716 https://www.redhat.com/security/data/cve/CVE-2009-1305.html 1717 https://www.redhat.com/security/data/cve/CVE-2009-1833.html 1718 https://www.redhat.com/security/data/cve/CVE-2009-1838.html 1719 https://www.redhat.com/security/data/cve/CVE-2009-1306.html 1720 https://www.redhat.com/security/data/cve/CVE-2009-1307.html 1721 https://www.redhat.com/security/data/cve/CVE-2009-1308.html...
Page 265: Tog-Pegasus
• the upstream documentation about using SSL with OpenPegasus shipped in the previous package was inaccurate and out-of-date. This updated package contains additional documentation in the file README.RedHat.SSL that describes how to configure and how to use SSL with OpenPegasus. 1733 (BZ#479038 •...
Page 266: Tomcat
1740 parameter. (CVE-2009-0781 It was discovered that web applications containing their own XML parsers could replace the XML parser Tomcat uses to parse configuration files. A malicious web application running on a Tomcat 1736 https://www.redhat.com/security/data/cve/CVE-2007-5333.html 1737 https://www.redhat.com/security/data/cve/CVE-2008-5515.html 1738 https://www.redhat.com/security/data/cve/CVE-2009-0033.html 1739 https://www.redhat.com/security/data/cve/CVE-2009-0580.html...
Page 267: Totem
The tzdata package contains data files with rules for various time zones around the world. This updated package addresses the following change to Daylight Saving Time (DST) observations: 1746 1747 1748 BZ#517011 BZ#517012 • Egypt starts winter time on August 21. (BZ#517009 1741 https://www.redhat.com/security/data/cve/CVE-2009-0783.html...
Page 268: Rhea-2009:1105: Enhancement Update
Chapter 1. Package Updates All users, especially those in locales affected by these time changes and users interacting with people or systems in the affected locales, are advised to upgrade to this updated package, which adds these enhancements. 1.228.2. RHEA-2009:1105: enhancement update Note This update has already been released (prior to the GA of this release) as errata 1749...
Page 269: Udev
• leftover queue files from the udev instance of the initrd, caused a stall in the udev started from rc.sysinit. In this update the files are removed before starting the daemon in rc.sysinit. 1756 (BZ#487858 These updated packages add the following enhancement: 1755 https://www.redhat.com/security/data/cve/CVE-2009-1185.html...
Page 270: Unix2Dos
(BZ#501870 • The man page for raw(8) incorrectly stated that raw device support was deprecated. This update 1760 reinstates the raw device support information. (BZ#509334 Users of util-linux should upgrade to these updated packages, which resolve these issues. 1759 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=501870...
Page 271: Vim
Red Hat Enterprise Linux. However, if the user wanted to remove these autocommands, it was not easy to cleanly do so. With this update, the Red Hat-bundled autocommands are grouped into the "redhat" augroup, which allows the set of 1762 commands to be more easily manipulated or removed.
Page 272: Virt-Manager
Chapter 1. Package Updates • in the previous vino package, there were no visual indicators when someone was connected to your desktop. In this updated package, a status icon appears whenever someone is connected. 1766 (BZ#426256 Users of vino are advised to upgrade to this updated package, which adds this enhancement. 1.234.
Page 273: Virt-Viewer
virt-viewer • the updated virt-manager package includes a storage management interface. Access the storage management interface by selecting the Edit->Host Details->Storage menu. The storage management interface manages local and networked storage devices. • Graphical guest consoles support resizing and scaling. •...
Page 274: Vnc
This updated vsftpd package fixes the following bug: • previously, the length of vsftpd usernames was limited to 32 characters in length. With this updated package, the maximum length of vsftpd usernames has been increased to 128 characters. 1785 (BZ#496846 1783 https://www.redhat.com/security/data/cve/CVE-2008-4770.html...
Page 275: Rhba-2009:1282: Bug Fix Update
RHBA-2009:1282: bug fix update All users of vsftpd are advised to upgrade to this updated package, which resolves this issue. 1.237.2. RHBA-2009:1282: bug fix update A vsftpd update that increases the maximum username length and fixes several bugs is now available. The vsftpd package deploys the Very Secure File Transfer Protocol daemon.
Page 276: Watchdog
• when starting the wdaemon service, the startup script printed an extraneous line giving the version of the program. This has been corrected in this updated package so that the wdaemon startup script 1797 is silent and thus conforms to the behavior of other daemon initialization scripts. (BZ#489050 1795 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=446123...
Page 277: Wget
wget All users of wdaemon are advised to upgrade to this updated package, which resolves this issue. 1.240. wget 1.240.1. RHBA-2009:1280: bug fix update An updated wget package that fixes several bugs is now available. GNU Wget is a file retrieval utility that can use either the HTTP or FTP protocols. This package rebases Wget from version 1.10.2 to version 1.11.4 and fixes several bugs: 1798 •...
Page 278: Rhsa-2009:0313: Moderate Security Update
CVE-2009-0600 Users of wireshark should upgrade to these updated packages, which contain Wireshark version 1.0.6, and resolve these issues. All running instances of Wireshark must be restarted for the update to take effect. 1804 https://www.redhat.com/security/data/cve/CVE-2009-1210.html 1805 https://www.redhat.com/security/data/cve/CVE-2009-1268.html 1806 https://www.redhat.com/security/data/cve/CVE-2009-1269.html 1807 https://www.redhat.com/security/data/cve/CVE-2009-1829.html...
Page 279: Xen
1.242. xen 1.242.1. RHBA-2009:1092: bug fix update Note This update has already been released (prior to the GA of this release) as errata 1818 RHBA-2009:1092 Updated xen packages that resolve an issue are now available. Xen is a high performance and secure open source virtualization framework. Virtualization allows users to run guest operating systems in virtual machines on top of a host operating system.
Page 280: Rhba-2009:1328: Bug Fix And Enhancement Update
Chapter 1. Package Updates Users of Xen are advised to upgrade to these updated packages, which fix these bugs. 1.242.3. RHBA-2009:1328: bug fix and enhancement update Updated xen packages that fix several bugs and add enhancements are now available. The xen packages contain tools for managing the virtual machine monitor in Red Hat Enterprise Linux Virtualization.
Page 281 RHBA-2009:1328: bug fix and enhancement update • flush Xen SCSI driver buffer to disk before returning from scsi_write_data() function 1843 (BZ#481782 1844 • correctly handle device detach attempts for devices mounted in guest (BZ#484110 1845 • "xm dump-core" didn't truncate existing files (BZ#484346 1846 •...
Page 282: Xkeyboard-Config
This has been corrected and specifying NoDRI in xorg.conf disables direct rendering 1874 on Red Hat Enterprise Linux 5.4. (BZ#465142 • on Altix systems the FireMV card's second VGA output did not correctly detect a monitor plugged in. 1875 This has been corrected. (BZ#477679 1873 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=432556...
Page 283: Xorg-X11-Drv-I810
xorg-x11-drv-i810 • graphical installation failed on ATI FireMV 2400 cards, although text-mode installations did work. With this update the r500 driver is now installed by default for FireMV 2400 cards and graphical 1876 installation now work as expected. (BZ#483165 • on r600-based ATI cards (eg the Radeon 3100, the Radeon HD 3600 XT and Radeon Mobility HD 2600 Series cards) the mouse pointer could become corrupted.
Page 284: Xorg-X11-Drv-Mga
Chapter 1. Package Updates • Lenovo Thinkpad notebooks have a "Fn" key that can be combined with the numbered function keys to access a variety of features, typically including volume, screen brightness, sleep, and switching to an external monitor. Previously, these key combinations would not produce the desired outcomes on X61 Thinkpad notebooks.
Page 285: Xorg-X11-Drv-Nv
(BZ#511913 All users of xorg-x11-proto-devel are advised to install this updated package, which provides this enhancement. 1.249. xorg-x11-server 1.249.1. RHBA-2009:1373: bug fix and enhancement update Updated xorg-x11-server packages that fix bugs and add enhancements are now available. 1895 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=511913...
Page 286: Yaboot
Chapter 1. Package Updates X.org X11 is an open source implementation of the X Window System. It provides the basic low level functionality upon which full fledged graphical user interfaces such as GNOME and KDE are designed. These updated packages address the following bugs: •...
Page 287: Ypbind
ypbind 1.251. ypbind 1.251.1. RHBA-2009:0462: bug fix update Note This update has already been released (prior to the GA of this release) as FASTRACK 1898 RHBA-2009:0462 errata An updated ypbind package that fixes a bug is now available. This package provides the ypbind daemon. The ypbind daemon binds NIS clients to a NIS domain. Systems running NIS client programs must have ypbind running.
Page 288 Chapter 1. Package Updates Yum is a utility that can check for or automatically download and install updated RPM packages. Dependencies are obtained and downloaded automatically prompting the user as necessary. 1902 1903 • Several typos in yum manual pages have been corrected. BZ#510012 (BZ#447588 •...
Page 289 RHBA-2009:1419: bug fix update package already on the system as being installed and not available. This warning was nonsensical and misleading because it implied that every package already on the system was available in a repository that yum could access. The code that produced this warning has been removed from yum.
Page 290: Yum-Metadata-Parser
Chapter 1. Package Updates regardless of user preferences. With the error corrected, users can now use yum in monochrome. 1920 (BZ#507883 • Under certain, unusual circumstances, yum could encounter an infinite recursion while executing the package-cleanup --dupes command. Yum would crash and the recursion would eventually terminate with the error maximum recursion depth exceeded while calling a Python object.
Page 291: Yum-Rhn-Plugin
yum-rhn-plugin • in certain circumstances, yum-metadata-parser corrupted yum's sqlite database, which could have led to problems such as dependency resolution failures when attempting to upgrade packages. With this update, yum regenerates the sqlite database file following each repository metadata download, which solves possible database corruption issues.
Page 292: Zsh
Chapter 1. Package Updates architectures. Yum-rhn-plugin now pays attention to the architecture of the package that is to be 1935 removed, and removes the package for only that architecture. (BZ#476899 • yum-rhn-plugin did not account for missing dependencies while processing scheduled package actions from RHN hosted or satellite servers.
Page 293: New Packages
Technology Previews. Advisories will be provided for high-severity security issues in Technology Preview features. All users requiring CTDB should install these newly released packages, which add this enhancement. 2.4. RHEA-2009:1276: etherboot Etherboot, a new package that enables PXE-booting, is now available. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=499241...
Page 294: Rhea-2009:1318: Fcoe-Utils
FUSE userspace tool to mount FUSE file systems. Note FUSE has no relationship with the ZX Spectrum emulator also known as Fuse. Anyone looking to mount FUSE file systems or otherwise use FUSE should install this new package. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=488612 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=481914 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=500894 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=494555...
Page 295: Rhea-2009:1297: Gnupg2
(virt-manager and virsh). The KVM hypervisor cannot run at the same time as the Xen hypervisor. Both hypervisors, Xen and KVM, can be installed on the same system, however, only one hypervisor can be used at a time. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=445420 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=467500 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=491724...
Page 296: Rhea-2009:1296: Libassuan
This library can retrieve adapter information with the assistance of libpciaaccess. This libhbalinux package is new to Red Hat Enterprise Linux 5. (BZ#494550 All users requiring libhbalinux should install this newly-released package, which adds this enhancement. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=484192 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=494548 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=494550...
Page 297: Rhea-2009:1295: Libksba
Important: the pdksh package can be installed alongside the ksh package on the same system, thus providing both ksh-88 and ksh-93 Korn shell implementations. The alternatives utility can be used to https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=484191 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=496211...
Page 298: Rhea-2009:1302: Perl-Sys-Virt
2.20. RHEA-2009:1294: pth A new package, pth, is now available for Red Hat Enterprise Linux 5. Pth is a very portable POSIX/ANSI-C based library for Unix platforms which provides non- preemptive priority-based scheduling for multiple threads of execution ("multi-threading") inside server https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=484188...
Page 299: Rhea-2009:1309: Qcairo
Red Hat Enterprise Linux 5. qpixman is a pixel manipulation library for X and cairo required for SPICE protocol support. (BZ#488592 Users of Red Hat Enterprise Linux 5 should install qpixman for use with SPICE-enabled virtualization products. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=484189 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=488604 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=488606 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=488592...
Page 300: Rhea-2009:1334: Qspice
Chapter 2. New Packages 2.24. RHEA-2009:1334: qspice A new qspice package is now available. The Simple Protocol for Independent Computing Environments (SPICE) is a remote display protocol designed for virtual environments. SPICE users can view a virtualized desktop or server from the local system or any system with network access to the server.
Page 301: Technology Previews
Chapter 3. Technology Previews Technology Preview features are currently not supported under Red Hat Enterprise Linux subscription services, may not be functionally complete, and are generally not suitable for production use. However, these features are included as a customer convenience and to provide the feature with wider exposure.
Page 302 Technology Preview. http:// Red Hat recommends that those interested in testing stateless code read the HOWTO at fedoraproject.org/wiki/StatelessLinux/HOWTO stateless-list@redhat.com and join The enabling infrastructure pieces for Stateless Linux were originally introduced in Red Hat Enterprise Linux 5.
Page 303 • An updated Mesa package that adds new protocol support. By installing these components, you can have GL-accelerated effects on your desktop with very few changes, as well as the ability to enable and disable them at will without replacing your X server.
Page 304 Red Hat There is also a known issue relating to connection timeouts in some situations. Refer to Bugzilla #470627 for more information on this issue. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=470627...
Page 305 To enable the per-thread memory pools the environment variable MALLOC_PER_THREAD needs to be set in the environment. This environment variable will become obsolete when this new malloc behaviour becomes default in future releases. Users experiencing contention for the malloc resources could try enabling this option. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=470627...
Page 307: Known Issues
Chapter 4. Known Issues 4.1. anaconda The anaconda package contains the program which was used to install your system. The following are the Known Issues that apply to the anaconda package in Red Hat Enterprise Linux • When installing to an ext3 or ext4 file system, anaconda disables periodic filesystem checking. Unlike ext2, these filesystems are journaled, removing the need for a periodic filesystem check.
Page 308 Chapter 4. Known Issues • When upgrading to Red Hat Enterprise Linux 5.1 or later from Red Hat Enterprise Linux 4.6, gcc4 may cause the upgrade to fail. As such, you should manually remove the gcc4 package before (BZ#432773) upgrading. •...
Page 309: Cmirror
cmirror The following note applies to the ia64 Architecture: • If your system only has 512MB of RAM, attempting to install Red Hat Enterprise Linux 5.4 may fail. To prevent this, perform a base installation first and install all other packages after the installation (BZ#435271) finishes.
Page 310: Dmraid
Chapter 4. Known Issues To work around this, delete all device and mpath link entries in /etc/lvm/.cache specific to the stale LUN. To find out what these entries are, run the following command: ls -l /dev/mpath | grep [stale LUN] For example, if [stale LUN] is 3600d0230003414f30000203a7bc41a00, the following results may appear: lrwxrwxrwx 1 root root 7 Aug...
Page 311 dmraid action functions until the volume and partition names are changed. In these cases, the system may not boot, and the user is given an option to reboot system and start the rebuild procedure in OROM. OROM changes the name of RAID volume (as seen by dmraid) and dmraid cannot recognize the array identified by previous name stored in initscript.
Page 312: Dogtail
Chapter 4. Known Issues dmraid -an 4.6. dogtail dogtail is a GUI test tool and automation framework that uses assistive technologies to communicate with desktop applications. • Attempting to run sniff may result in an error. This is because some required packages are not (BZ#435702) installed with dogtail.
Page 313: Gnome-Volume-Manager
gnome-volume-manager /dev/VolGroup00/LogVol00 / gfs2 defaults 1 1 /dev/VolGroup00/LogVol00 / gfs2 defaults 1 0 4. Reboot the system. 4.9. gnome-volume-manager The GNOME Volume Manager monitors volume-related events and responds with user-specified policy. The GNOME Volume Manager can automount hot-plugged drives, automount inserted removable media, autorun programs, automatically play audio CDs and video DVDs, and automatically import photos from a digital camera.
Page 314: Kernel-Xen
Chapter 4. Known Issues To work around this limitation, booting or installation can be done using the default behavior. After the iscsi and iscsid services start, the iscsi service can log into the target using iSCSI iface binding. This however, will leave an extra session using the default behavior, and it has to be manually logged out using the following command: iscsiadm -m node -T target -p ip -I default -u (BZ#500273)
Page 315 kernel-xen • Fully virtualized guests cannot correct for time lost due to the domain being paused and unpaused. Being able to correctly track the time across pause and unpause events is one of the advantages of paravirtualized kernels. This issue is being addressed upstream with replaceable timers, so fully virtualized guests will have paravirtualized timers.
Page 316: Kernel
Chapter 4. Known Issues 4.13. kernel The Kernel • Under some circumstances, the sky2 driver may hang, returning the following error message: sky2 eth<N>: receiver hang detected Currently, the only work around to make the device online again is to reboot the system. This (BZ#509891 bug will be repaired in an upcoming update to Red Hat Enterprise Linux 5.4.
Page 317 kernel Stopping tasks: ====================================================================== stopping tasks timed out after 20 seconds (1 tasks remaining): cciss_scan00 Restarting tasks...<6> Strange, cciss_scan00 not stopped done (BZ#513472) • The kernel is unable to properly detect whether there is media present in a CD-ROM drive during kickstart installs.
Page 318 Chapter 4. Known Issues • The QLogic iSCSI Expansion Card for the IBM Bladecenter provides both ethernet and iSCSI functions. Some parts on the card are shared by both functions. However, the current qla3xxx and qla4xxx drivers support ethernet and iSCSI functions individually. Both drivers do not support the use of ethernet and iSCSI functions simultaneously.
Page 319 kernel radeontool light on chvt 7 (BZ#227496) • If the edac module is loaded, BIOS memory reporting will not work. This is because the edac module clears the register that the BIOS uses for reporting memory errors. The current Red Hat Enterprise Linux Driver Update Model instructs the kernel to load all available modules (including the edac module) by default.
Page 320: Kexec-Tools
Chapter 4. Known Issues 3. Boot into System Managment Services (SMS) with the command: 0> dev /packages/gui obe (BZ#462663) 4.14. kexec-tools kexec-tools provides the /sbin/kexec binary that facilitates a new kernel to boot using the kernel's kexec feature either on a normal or a panic reboot. This package contains the /sbin/kexec binary and ancillary utilities that together form the userspace component of the kernel's kexec feature •...
Page 321: Krb5
krb5 While purgatory console output can be useful in diagnosing problems, it is not needed for kdump to properly function. As such, if your Itanium system resets during a kdump operation, disable console output in purgatory by adding --noio to the KEXEC_ARGS variable in /etc/ (BZ#436426) sysconfig/kdump.
Page 322 Chapter 4. Known Issues Alternatively, if you're having trouble installing the OS on the virtual machine because of the rtl8139 NIC (for example, because you're installing the OS over the network), you can create a virtual machine from scratch with an e1000 NIC. This method requires you to have at least one virtual machine already created (possibly installed from CD or DVD) to use as a template.
Page 323 • Devices using the qlge driver cannot be assigned to a KVM guest using KVM's PCI Device Driver (BZ#507689) assignment. • the use of the qcow2 disk image format with KVM is considered a Technology Preview. (BZ#517880) • Hotplugging emulated devices after migration may result in the virtual machine crashing after a (BZ#507191) reboot or the devices no longer being visible.
Page 324: Less
Chapter 4. Known Issues • scsi emulation • "isapc" machine type • nested KVM guests • usb mass storage device emulation • usb wacom tablet emulation • usb serial emulation • usb network emulation • usb bluetooth emulation • device emulation for vmware drivers •...
Page 325: Libvirt
libvirt 4.19. libvirt Problem Description: The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remotely managing virtualized systems. • Volumes created using the libvirt storage API may not have an SELinux label that allows access by virtual machines.
Page 326: Openib
Chapter 4. Known Issues insmod: error inserting '/lib/aes_generic.ko': -1 File exists (BZ#466296) This message can safely be ignored. • Installation using a Multiple Device (MD) RAID on top of multipath will result in a machine that cannot boot. Multipath to Storage Area Network (SAN) devices which provide RAID internally are (BZ#467469) not affected.
Page 327: Pdksh
pdksh As such, you need to manually remove older versions of openmpi and lam in order to install their latest versions. To do so, use the following rpm command: rpm -qa | grep '^openmpi-\|^lam-' | xargs rpm -e --noscripts --allmatches (BZ#433841) 4.25.
Page 328: Sblim
Chapter 4. Known Issues • Currently, rsyslog is unable to handle a large number of clients; SGI's ICE clusters are known to (BZ#475217) cause overload resulting in messages being lost. 4.28. sblim SBLIM stands for Standards-Based Linux Instrumentation for Manageability. It consists of a set of standards-based, Web-Based Enterprise Management (WBEM) modules that use the Common Information Model (CIM) standard to gather and provide systems management information, events, and methods to local or networked consumers via a CIM object services broker using the CMPI...
Page 329: Systemtap
systemtap semanage fcontext -a -t textrel_shlib_t '/usr/lib/ooo-1.1(/.*)?' semanage fcontext -a -t textrel_shlib_t '/usr/lib64/ooo-1.1(/.*)?' restorecon -Rv /usr/lib/ooo-1.19 restorecon -Rv /usr/lib64/ooo-1.19 Alternatively, you can also upgrade your OpenOffice to a correct version compatible with SELinux in Red Hat Enterprise Linux 5. You can do this by subscribing to the "Productivity App" child channel in Red Hat Network and running the following command: yum install openoffice- {base,calc,draw,emailmerge,graphicfilter,headless,impress,javafilter,math,pyuno,wri...
Page 330: Udev
Chapter 4. Known Issues 4.31. udev udev provides a user-space API and implements a dynamic device directory, providing only the devices present on the system. udev replaces devfs in order to provide greater hot plug functionality. Netlink is a datagram oriented service, used to transfer information between kernel modules and user- space processes.
Page 331: Xorg-X11-Drv-I810
xorg-x11-drv-i810 • When setting up interface bonding on dom0, the default network-bridge script may cause bonded network interfaces to alternately switch between unavailable and available. This occurrence is commonly known as flapping. To prevent this, replace the standard network-script line in /etc/xen/xend-config.sxp with the following line: (network-script network-bridge-bonding netdev=bond0) Doing so will disable the netloop device, which prevents Address Resolution Protocol (ARP)
Page 332: Xorg-X11-Drv-Vesa
Chapter 4. Known Issues • Improvements have been made to the 'nv' driver, enhancing suspend and resume support on some systems equipped with nVidia GeForce 8000 and 9000 series devices. Due to technical limitations, (BZ#414971) this will not enable suspend/resume on all hardware. The following note applies to x86_64 Architectures: •...
Page 333: Package Manifest
Appendix A. Package Manifest This appendix is a list of all package changes since the release of Red Hat Enterprise Linux 5.3 A.1. Added Packages blktrace-1.0.0-6.el5 • Group: Development/System • Summary: Utilities for performing block layer IO tracing in the linux kernel •...
Page 334 Appendix A. Package Manifest • Summary: Preview of GCC version 4.4 • Description: The gcc44 package contains preview of the GNU Compiler Collection version 4.4. gnupg2-2.0.10-3.el5 • Group: Applications/System • Summary: Utility for secure communication and data storage • Description: GnuPG is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures.
Page 335 Added Packages • Description: This is the IPC library used by GnuPG 2, GPGME and a few other packages. libhbaapi-2.2-4.el5 • Group: System Environment/Libraries • Summary: SNIA HBAAPI library • Description: The SNIA HBA API library. C-level project to manage Fibre Channel Host Bus Adapters.
Page 336 Appendix A. Package Manifest • Summary: Perl bindings for the libvirt library • Description: The Sys::Virt module provides a Perl XS binding to the libvirt virtual machine management APIs. This allows machines running within arbitrary virtualization containers to be managed with a consistent API. pinentry-0.7.3-3.el5 •...
Page 337: Dropped Packages
Dropped Packages qspice-0.3.0-39.el5 • Group: User Interface/Desktops • Summary: An implementation of the Simple Protocol for Independent Computing Environments • Description: The Simple Protocol for Independent Computing Environments (SPICE) is a remote display system built for virtual environments which allows you to view a computing 'desktop' environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures.
Page 338 Appendix A. Package Manifest • No added dependencies • No removed dependencies • No added provides • No removed provides • No added conflicts • No removed conflicts • No added obsoletes • No removed obsoletes OpenIPMI-2.0.6-11.el5 - OpenIPMI-2.0.16-5.el5 • Group: System Environment/Base •...
Page 339 Updated Packages • No added provides • No removed provides • No added conflicts • No removed conflicts • No added obsoletes • No removed obsoletes aide-0.13.1-2.0.4.el5 - aide-0.13.1-4.el5 • Group: Applications/System • Summary: Intrusion detection environment • Description: AIDE (Advanced Intrusion Detection Environment) is a file integrity checker and intrusion detection program.
Page 340 Appendix A. Package Manifest • No removed provides • No added conflicts • No removed conflicts • No added obsoletes • No removed obsoletes anaconda-11.1.2.168-1 - anaconda-11.1.2.195-1 • Group: Applications/System • Summary: Graphical system installer • Description: The anaconda package contains the program which was used to install your system.
Page 341 Updated Packages • No added provides • No removed provides • No added conflicts • No removed conflicts • No added obsoletes • No removed obsoletes apr-util-1.2.7-7.el5 - apr-util-1.2.7-7.el5_3.2 • Group: System Environment/Libraries • Summary: Apache Portable Runtime Utility library •...
Page 342 Appendix A. Package Manifest • No removed obsoletes audit-1.7.7-6.el5 - audit-1.7.13-2.el5 • Group: System Environment/Daemons • Summary: User space tools for 2.6 kernel auditing • Description: The audit package contains the user space utilities for storing and searching the audit records generate by the audit subsystem in the Linux 2.6 kernel. •...
Page 343 Updated Packages • Description: authd is a small and fast RFC 1413 ident protocol daemon with both xinetd server and interactive modes that supports IPv6 and IPv4 as well as the more popular features of pidentd. • No added dependencies •...
Page 344 Appendix A. Package Manifest • No added dependencies • No removed dependencies • No added provides • No removed provides • No added conflicts • No removed conflicts • No added obsoletes • No removed obsoletes bind-9.3.4-10.P1.el5 - bind-9.3.6-4.P1.el5 • Group: System Environment/Daemons •...
Page 345 Updated Packages • No added dependencies • No removed dependencies • No added provides • No removed provides • No added conflicts • No removed conflicts • No added obsoletes • No removed obsoletes busybox-1.2.0-4.el5 - busybox-1.2.0-7.el5 • Group: System Environment/Shells •...
Page 346 Appendix A. Package Manifest • No removed conflicts • No added obsoletes • No removed obsoletes cmirror-1.1.36-1.el5 - cmirror-1.1.39-2.el5 • Group: System Environment/Base • Summary: cmirror - The Cluster Mirror Package • Description: cmirror - Cluster Mirroring • No added dependencies •...
Page 347 Updated Packages • No removed obsoletes conga-0.12.1-7.el5 - conga-0.12.2-6.el5 • Group: System Environment/Base • Summary: Remote Management System • Description: Conga is a project developing management system for remote stations. It consists of luci, https frontend, and ricci, secure daemon that dispatches incoming messages to underlying management modules.
Page 348 Appendix A. Package Manifest • Description: GNU cpio copies files into or out of a cpio or tar archive. Archives are files which contain a collection of other files plus information about them, such as their file name, owner, timestamps, and access permissions. The archive can be another file on the disk, a magnetic tape, or a pipe.
Page 349 Updated Packages crash-4.0-7.2.3 - crash-4.0-8.9.1.el5 • Group: Development/Debuggers • Summary: crash utility for live systems; netdump, diskdump, kdump, LKCD or mcore dumpfiles • Description: The core analysis suite is a self-contained tool that can be used to investigate either live systems, kernel core dumps created from the netdump, diskdump and kdump packages from Red Hat Linux, the mcore kernel patch offered by Mission Critical Linux, or the LKCD kernel patch.
Page 350 Appendix A. Package Manifest • Description: cscope is a mature, ncurses based, C source code tree browsing tool. It allows users to search large source code bases for variables, functions, macros, etc, as well as perform general regex and plain text searches. Results are returned in lists, from which the user can select individual matches for use in file editing.
Page 351 Updated Packages • No added dependencies • No removed dependencies • No added provides • No removed provides • No added conflicts • No removed conflicts • No added obsoletes • No removed obsoletes cvs-1.11.22-5.el5 - cvs-1.11.22-7.el5 • Group: Development/Tools •...
Page 352 Appendix A. Package Manifest are not normally permitted to log in and have no system account on the server. The mailbox database is stored in parts of the filesystem that are private to the Cyrus IMAP server. All user access to mail is through software using the IMAP, POP3 or KPOP protocols. It also includes support for virtual domains, NNTP, mailbox annotations, and much more.
Page 353 Updated Packages dapl-2.0.13-4.el5 - dapl-2.0.19-2.el5 • Group: System Environment/Libraries • Summary: Library providing access to the DAT 1.2 and 2.0 APIs • Description: libdat and libdapl provide a userspace implementation of the DAT 1.2 and 2.0 API that is built to natively support InfiniBand/iWARP network technology. •...
Page 354 Appendix A. Package Manifest • No removed obsoletes device-mapper-1.02.28-2.el5 - device-mapper-1.02.32-1.el5 • Group: System Environment/Base • Summary: device mapper library • Description: This package contains the supporting userspace files (libdevmapper and dmsetup) for the device-mapper. • No added dependencies • No removed dependencies •...
Page 355 Updated Packages • Description: DHCP (Dynamic Host Configuration Protocol) is a protocol which allows individual devices on an IP network to get their own network configuration information (IP address, subnetmask, broadcast address, etc.) from a DHCP server. The overall purpose of DHCP is to make it easier to administer a large network.
Page 356 Appendix A. Package Manifest • Description: dmidecode reports information about x86 hardware as described in the system BIOS according to the SMBIOS/DMI standard. This information typically includes system manufacturer, model name, serial number, BIOS version, asset tag as well as a lot of other details of varying level of interest and reliability depending on the manufacturer.
Page 357 Updated Packages • Summary: Text file format converter • Description: Dos2unix converts DOS or MAC text files to UNIX format. • No added dependencies • No removed dependencies • No added provides • No removed provides • No added conflicts •...
Page 358 Appendix A. Package Manifest • No added dependencies • No removed dependencies • No added provides • No removed provides • No added conflicts • No removed conflicts • No added obsoletes • No removed obsoletes e2fsprogs-1.39-20.el5 - e2fsprogs-1.39-23.el5 • Group: System Environment/Base •...
Page 359 Updated Packages or to create test cases for e4fsck), tune4fs (used to modify filesystem parameters), and most of the other core ext4fs filesystem utilities. Please note that "e4fsprogs" simply contains renamed static binaries from the equivalent upstream e2fsprogs release; it is packaged this way for Red Hat Enterprise Linux 5 to ensure that the many changes included for ext4 do not destabilize the core e2fsprogs in RHEL5.
Page 360 Appendix A. Package Manifest efax-0.9-27.2.1 - efax-0.9-28.el5 • Group: Applications/Communications • Summary: A program for faxing using a Class 1, 2 or 2.0 fax modem. • Description: Efax is a small ANSI C/POSIX program that sends and receives faxes using any Class 1, 2 or 2.0 fax modem.
Page 361 Updated Packages • No added dependencies • No removed dependencies • No added provides • No removed provides • No added conflicts • No removed conflicts • No added obsoletes • No removed obsoletes evince-0.6.0-8.el5 - evince-0.6.0-9.el5 • Group: Applications/Publishing •...
Page 362 Appendix A. Package Manifest • No removed provides • No added conflicts • No removed conflicts • No added obsoletes • No removed obsoletes file-4.17-15 - file-4.17-15.el5_3.1 • Group: Applications/File • Summary: A utility for determining file types. • Description: The file command is used to identify a particular file according to the type of data contained by the file.
Page 363 Updated Packages • No added conflicts • No removed conflicts • No added obsoletes • No removed obsoletes fipscheck-1.0.3-1.el5 - fipscheck-1.2.0-1.el5 • Group: System Environment/Libraries • Summary: A library for integrity verification of FIPS validated modules • Description: FIPSCheck is a library for integrity verification of FIPS validated modules. The package also provides helper binaries for creation and verification of the HMAC-SHA256 checksum files.
Page 364 Appendix A. Package Manifest • No added conflicts • No removed conflicts • No added obsoletes • No removed obsoletes foomatic-3.0.2-38.1.el5 - foomatic-3.0.2-38.3.el5 • Group: System Environment/Libraries • Summary: Foomatic printer database. • Description: Foomatic is a comprehensive, spooler-independent database of printers, printer drivers, and driver descriptions.
Page 365 Updated Packages • No removed conflicts • No added obsoletes • No removed obsoletes gcc-4.1.2-44.el5 - gcc-4.1.2-46.el5 • Group: Development/Languages • Summary: Various compilers (C, C++, Objective-C, Java, ...) • Description: The gcc package contains the GNU Compiler Collection version 4.1. You'll need this package in order to compile C code.
Page 366 Appendix A. Package Manifest • Summary: The GNOME Display Manager. • Description: Gdm (the GNOME Display Manager) is a highly configurable reimplementation of xdm, the X Display Manager. Gdm allows you to log into your system with the X Window System running and supports running several different X sessions on your local machine at the same time.
Page 367 Updated Packages gfs-utils-0.1.18-1.el5 - gfs-utils-0.1.20-1.el5 • Group: System Environment/Kernel • Summary: Utilities for managing the global filesystem (GFS) • Description: The gfs-utils package contains a number of utilities for creating, checking, modifying, and correcting any inconsistencies in GFS filesystems. • No added dependencies •...
Page 368 Appendix A. Package Manifest translates PostScript code into many common, bitmapped formats, like those understood by your printer or screen. Ghostscript is normally used to display PostScript files and to print PostScript files to non-PostScript printers. If you need to display PostScript files or print them to non-PostScript printers, you should install ghostscript.
Page 369 Updated Packages such runtime functionality as an event loop, threads, dynamic loading, and an object system. This package provides version 2 of GLib. • No added dependencies • No removed dependencies • No added provides • No removed provides • No added conflicts •...
Page 370 Appendix A. Package Manifest • No removed dependencies • No added provides • No removed provides • No added conflicts • No removed conflicts • No added obsoletes • No removed obsoletes gnome-session-2.16.0-6.el5 - gnome-session-2.16.0-7.el5 • Group: User Interface/Desktops • Summary: GNOME session manager •...
Page 371 Updated Packages • No removed conflicts • No added obsoletes • No removed obsoletes grub-0.97-13.2 - grub-0.97-13.5 • Group: System Environment/Base • Summary: GRUB - the Grand Unified Boot Loader. • Description: GRUB (Grand Unified Boot Loader) is an experimental boot loader capable of booting into most free operating systems - Linux, FreeBSD, NetBSD, GNU Mach, and others as well as most commercial operating systems.
Page 372 Appendix A. Package Manifest gstreamer-plugins-good-0.10.9-1.el5 - gstreamer-plugins-good-0.10.9-1.el5_3.2 • Group: Applications/Multimedia • Summary: GStreamer plug-ins with good code and licensing • Description: GStreamer is a streaming media framework, based on graphs of filters which operate on media data. Applications using this library can do anything from real-time sound processing to playing videos, and just about anything else media-related.
Page 373 Updated Packages • Description: HAL is daemon for collection and maintaining information from several sources about the hardware on the system. It provides a live device list through D-BUS. • No added dependencies • No removed dependencies • No added provides •...
Page 374 Appendix A. Package Manifest • No added dependencies • No removed dependencies • No added provides • No removed provides • No added conflicts • No removed conflicts • No added obsoletes • No removed obsoletes hwbrowser-0.30-2.el5 - hwbrowser-0.30-3.el5 • Group: Applications/System •...
Page 375 Updated Packages • No removed conflicts • No added obsoletes • No removed obsoletes ibsim-0.4-3.el5 - ibsim-0.5-1.el5 • Group: System Environment/Libraries • Summary: InfiniBand fabric simulator for management • Description: ibsim provides simulation of infiniband fabric for using with OFA OpenSM, diagnostic and management tools.
Page 376 Appendix A. Package Manifest • Description: The International Components for Unicode (ICU) libraries provide robust and full-featured Unicode services on a wide variety of platforms. ICU supports the most current version of the Unicode standard, and they provide support for supplementary Unicode characters (needed for GB 18030 repertoire support).
Page 377 Updated Packages • No added dependencies • No removed dependencies • No added provides • No removed provides • No added conflicts • No removed conflicts • No added obsoletes • No removed obsoletes iproute-2.6.18-9.el5 - iproute-2.6.18-10.el5 • Group: Applications/System •...
Page 378 Appendix A. Package Manifest • No removed conflicts • No added obsoletes • No removed obsoletes ipsec-tools-0.6.5-13.el5 - ipsec-tools-0.6.5-13.el5_3.1 • Group: System Environment/Base • Summary: Tools for configuring and using IPSEC • Description: This is the IPsec-Tools package. You need this package in order to really use the IPsec functionality in the linux-2.5+ kernels.
Page 379 Updated Packages iputils-20020927-45.el5 - iputils-20020927-46.el5 • Group: System Environment/Daemons • Summary: Network monitoring tools including ping. • Description: The iputils package contains basic utilities for monitoring a network, including ping. The ping command sends a series of ICMP protocol ECHO_REQUEST packets to a specified network host to discover whether the target machine is alive and receiving network traffic.
Page 380 Appendix A. Package Manifest • No added dependencies • No removed dependencies • No added provides • No removed provides • No added conflicts • No removed conflicts • No added obsoletes • No removed obsoletes iscsi-initiator-utils-6.2.0.868-0.18.el5 - iscsi-initiator-utils-6.2.0.871-0.10.el5 • Group: System Environment/Daemons •...
Page 381 Updated Packages • No added provides • No removed provides • No added conflicts • No removed conflicts • No added obsoletes • No removed obsoletes jadetex-3.12-13.1.1 - jadetex-3.12-15.el5 • Group: Applications/Publishing • Summary: TeX macros used by Jade TeX output. •...
Page 382 Appendix A. Package Manifest • No removed obsoletes kdebase-3.5.4-19.el5 - kdebase-3.5.4-20.el5 • Group: User Interface/Desktops • Summary: K Desktop Environment - core files • Description: Core applications for the K Desktop Environment. Included are: kdm (replacement for xdm), kwin (window manager), konqueror (filemanager, web browser, ftp client, ...), konsole (xterm replacement), kpanel (application starter and desktop pager), kaudio (audio server), kdehelp (viewer for kde help files, info and man pages), kthememgr (system for managing alternate theme packages) plus other KDE components (kcheckpass, kikbd, kscreensaver,...
Page 383 Updated Packages kdenetwork-3.5.4-8.el5 - kdenetwork-3.5.4-9.el5 • Group: Applications/Internet • Summary: K Desktop Environment - Network Applications • Description: Networking applications for the K Desktop Environment. • No added dependencies • No removed dependencies • No added provides • No removed provides •...
Page 384 Appendix A. Package Manifest kexec binary and ancillary utilities that together form the userspace component of the kernel's kexec feature. • No added dependencies • No removed dependencies • No added provides • No removed provides • No added conflicts •...
Page 385 Updated Packages • No removed provides • No added conflicts • No removed conflicts • No added obsoletes • No removed obsoletes lcms-1.15-1.2.2 - lcms-1.18-0.1.beta1.el5_3.2 • Group: Applications/Productivity • Summary: Color Management System • Description: LittleCMS intends to be a small-footprint, speed optimized color management engine in open source form.
Page 386 Appendix A. Package Manifest • No removed provides • No added conflicts • No removed conflicts • No added obsoletes • No removed obsoletes lftp-3.5.1-2.fc6 - lftp-3.7.11-4.el5 • Group: Applications/Internet • Summary: A sophisticated file transfer program • Description: LFTP is a sophisticated ftp/http file transfer program. Like bash, it has job control and uses the readline library for input.
Page 387 Updated Packages • No added obsoletes • No removed obsoletes libcxgb3-1.2.2-1.el5 - libcxgb3-1.2.3-1.el5 • Group: System Environment/Libraries • Summary: Chelsio T3 iWARP HCA Userspace Driver • Description: Userspace hardware driver for use with the libibverbs InfiniBand/iWARP verbs library. This driver enables Chelsio iWARP capable ethernet devices. •...
Page 388 Appendix A. Package Manifest libehca-1.2-2.el5 - libehca-1.2.1-3.el5 • Group: System Environment/Libraries • Summary: IBM InfiniBand HCA Userspace Driver • Description: IBM hardware driver for use with libibverbs user space verbs access library. • Added Dependencies: • libibverbs-devel >= 1.1.2-4 • Removed Dependencies: •...
Page 389 Updated Packages • No removed obsoletes libibcm-1.0.3-1.el5 - libibcm-1.0.4-3.el5 • Group: System Environment/Libraries • Summary: Userspace InfiniBand Communication Manager. • Description: libibcm provides a userspace InfiniBand Communication Managment library. • Added Dependencies: • libibverbs-devel >= 1.1.2-4.el5 • Removed Dependencies: • libibverbs-devel >= 1.1 •...
Page 390 Appendix A. Package Manifest • Description: libibmad provides low layer IB functions for use by the IB diagnostic and management programs. These include MAD, SA, SMP, and other basic IB functions. • Added Dependencies: • libibumad-devel >= 1.2.3 • Removed Dependencies: •...
Page 391 Updated Packages • Description: libibverbs is a library that allows userspace processes to use InfiniBand/iWARP "verbs" as described in the InfiniBand Architecture Specification. This includes direct hardware access for fast path operations. For this library to be useful, a device-specific plug-in module should also be installed.
Page 392 Appendix A. Package Manifest • Description: Mellanox hardware driver for use with libibverbs user space verbs access library. This driver supports Mellanox ConnectX architecture cards. • Added Dependencies: • libibverbs-devel >= 1.1.2-4.el5 • Removed Dependencies: • libibverbs-devel >= 1.1 • No added provides •...
Page 393 Updated Packages • Description: Userspace hardware driver for use with the libibverbs InfiniBand/iWARP verbs library. This driver enables NetEffect iWARP capable ethernet devices. • Added Dependencies: • libibverbs-devel >= 1.1.2-4.el5 • Removed Dependencies: • libibverbs-devel >= 1.1 • No added provides •...
Page 394 Appendix A. Package Manifest • Added Dependencies: • libibverbs-devel >= 1.1.2-4.el5 • Removed Dependencies: • libibverbs-devel >= 1.1 • No added provides • No removed provides • No added conflicts • No removed conflicts • No added obsoletes • No removed obsoletes libsdp-1.1.99-10.el5_2 - libsdp-1.1.99-11.el5 •...
Page 395 Updated Packages including those based on the concepts of Type Enforcement®, Role-based Access Control, and Multi-level Security. libselinux provides an API for SELinux applications to get and set process and file security contexts and to obtain security policy decisions. Required for any applications that use the SELinux API.
Page 396 Appendix A. Package Manifest • No added obsoletes • No removed obsoletes libsepol-1.15.2-1.el5 - libsepol-1.15.2-2.el5 • Group: System Environment/Libraries • Summary: SELinux binary policy manipulation library • Description: Security-enhanced Linux is a feature of the Linux® kernel and a number of utilities with enhanced security functionality designed to add mandatory access controls to Linux.
Page 397 Updated Packages • No added conflicts • No removed conflicts • No added obsoletes • No removed obsoletes libspe2-2.2.80.121-4.el5 - libspe2-2.3.0.135-3.el5 • Group: System Environment/Base • Summary: SPE Runtime Management Library • Description: SPE Runtime Management Library for the Cell Broadband Engine Architecture. •...
Page 398 Appendix A. Package Manifest libunwind-0.98.5-3 - libunwind-0.98.5-5.el5 • Group: Development/Debuggers • Summary: An unwinding library for ia64. • Description: Libunwind provides a C ABI to determine the call-chain of a program. This version of libunwind is targetted for the ia64 platform. •...
Page 399 Updated Packages • xhtml1-dtds • No removed dependencies • No added provides • No removed provides • No added conflicts • No removed conflicts • No added obsoletes • No removed obsoletes libvirt-cim-0.5.1-4.el5 - libvirt-cim-0.5.5-2.el5 • Group: Development/Libraries • Summary: A CIM provider for libvirt •...
Page 400 Appendix A. Package Manifest • No removed dependencies • No added provides • No removed provides • No added conflicts • No removed conflicts • No added obsoletes • No removed obsoletes libwmf-0.2.8.4-10.1 - libwmf-0.2.8.4-10.2 • Group: System Environment/Libraries • Summary: Windows Metafile Library •...
Page 401 Updated Packages • No added conflicts • No removed conflicts • No added obsoletes • No removed obsoletes linuxwacom-0.7.8.3-5.el5 - linuxwacom-0.7.8.3-6.el5 • Group: User Interface/X Hardware Support • Summary: Wacom Drivers from Linux Wacom Project • Description: The Linux Wacom Project manages the drivers, libraries, and documentation for configuring and running Wacom tablets under the Linux operating system.
Page 402 Appendix A. Package Manifest • No added obsoletes • No removed obsoletes ltrace-0.5-7.45svn.el5 - ltrace-0.5-13.45svn.el5 • Group: Development/Debuggers • Summary: Tracks runtime library calls from dynamically linked executables. • Description: Ltrace is a debugging program which runs a specified command until the command exits.
Page 403 Updated Packages • No removed conflicts • No added obsoletes • No removed obsoletes lvm2-cluster-2.02.40-7.el5 - lvm2-cluster-2.02.46-8.el5 • Group: System Environment/Base • Summary: Cluster extensions for userland logical volume management tools • Description: Extensions to LVM2 to support clusters. • Added Dependencies: •...
Page 404 Appendix A. Package Manifest man-pages-ja-20060815-9.el5 - man-pages-ja-20060815-11.el5 • Group: Documentation • Summary: Japanese man (manual) pages from the Japanese Manual Project • Description: Japanese Manual pages, translated by JM-Project (Japanese Manual Project). • No added dependencies • No removed dependencies •...
Page 405 Updated Packages • No added dependencies • No removed dependencies • No added provides • No removed provides • No added conflicts • No removed conflicts • No added obsoletes • No removed obsoletes microcode_ctl-1.17-1.47.el5 - microcode_ctl-1.17-1.48.el5 • Group: System Environment/Base •...
Page 406 Appendix A. Package Manifest • No removed dependencies • No added provides • No removed provides • No added conflicts • No removed conflicts • No added obsoletes • No removed obsoletes mlocate-0.15-1.el5.1 - mlocate-0.15-1.el5.2 • Group: Applications/System • Summary: An utility for finding files by name •...
Page 407 Updated Packages • No removed conflicts • No added obsoletes • No removed obsoletes mod_authz_ldap-0.26-8.el5 - mod_authz_ldap-0.26-9.el5 • Group: System Environment/Daemons • Summary: LDAP authorization module for the Apache HTTP Server • Description: The mod_authz_ldap package provides support for authenticating users of the Apache HTTP server against an LDAP database.
Page 408 Appendix A. Package Manifest module-init-tools-3.3-0.pre3.1.42.el5 - module-init-tools-3.3-0.pre3.1.54.el5 • Group: System Environment/Kernel • Summary: Kernel module management utilities. • Description: The modutils package includes various programs needed for automatic loading and unloading of modules under 2.6 and later kernels, as well as other module management programs.
Page 409 Updated Packages • Description: Set of popular MPI benchmarks: IMB-2.3 Presta-1.4.0 OSU benchmarks ver 2.2 • Added Dependencies: • mvapich >= 1.1.0-0.3355.2 • mvapich2 >= 1.2-0.p1.3 • openmpi >= 1.3.2-2 • Removed Dependencies: • libibcommon-devel • libibumad-devel • libibverbs-devel • mvapich •...
Page 410 Appendix A. Package Manifest • No removed obsoletes mvapich-1.1.0-0.2931.3.el5 - mvapich-1.1.0-0.3355.2.el5 • Group: Development/Libraries • Summary: MPI implementation over Infiniband RDMA-enabled interconnect • Description: This is high performance and scalable MPI-1 implementation over Infiniband and RDMA-enabled interconnects. This implementation is based on MPICH and MVICH. MVAPICH is pronounced as `em-vah-pich''.
Page 411 Updated Packages • No added obsoletes • No removed obsoletes mysql-5.0.45-7.el5 - mysql-5.0.77-3.el5 • Group: Applications/Databases • Summary: MySQL client programs and shared libraries • Description: MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/ server implementation consisting of a server daemon (mysqld) and many different client programs and libraries.
Page 412 Appendix A. Package Manifest • Description: SNMP (Simple Network Management Protocol) is a protocol used for network management. The NET-SNMP project includes various SNMP tools: an extensible agent, an SNMP library, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which uses SNMP, and a Tk/Perl mib browser.
Page 413 Updated Packages • Description: The nfs-utils package provides a daemon for the kernel NFS server and related tools, which provides a much higher level of performance than the traditional Linux NFS server used by most users. This package also contains the showmount program. Showmount queries the mount daemon on a remote host for information about the NFS (Network File System) server on the remote host.
Page 414 Appendix A. Package Manifest • No added provides • No removed provides • No added conflicts • No removed conflicts • No added obsoletes • No removed obsoletes nspr-4.7.3-2.el5 - nspr-4.7.4-1.el5_3.1 • Group: System Environment/Libraries • Summary: Netscape Portable Runtime •...
Page 415 Updated Packages • No removed conflicts • No added obsoletes • No removed obsoletes nss_ldap-253-17.el5 - nss_ldap-253-21.el5 • Group: System Environment/Base • Summary: NSS library and PAM module for LDAP. • Description: This package includes two LDAP access clients: nss_ldap and pam_ldap. Nss_ldap is a set of C library extensions that allow X.500 and LDAP directory servers to be used as a primary source of aliases, ethers, groups, hosts, networks, protocol, users, RPCs, services, and shadow passwords (instead of or in addition to using flat files or NIS).
Page 416 Appendix A. Package Manifest • No added conflicts • No removed conflicts • No added obsoletes • No removed obsoletes numactl-0.9.8-7.el5 - numactl-0.9.8-8.el5 • Group: System Environment/Base • Summary: library for tuning for Non Uniform Memory Access machines • Description: Simple NUMA policy support. It consists of a numactl program to run other programs with a specific NUMA policy and a libnuma to do allocations with NUMA policy in applications.
Page 417 Updated Packages openais-0.80.3-22.el5 - openais-0.80.6-8.el5 • Group: System Environment/Base • Summary: The openais Standards-Based Cluster Framework executive and APIs • Description: This package contains the openais executive, openais service handlers, default configuration files and init script. • No added dependencies •...
Page 418 Appendix A. Package Manifest • No removed obsoletes openib-1.3.2-0.20080728.0355.3.el5 - openib-1.4.1-3.el5 • Group: System Environment/Base • Summary: OpenIB Infiniband Driver Stack • Description: User space initialization scripts for the kernel InfiniBand drivers • No added dependencies • No removed dependencies •...
Page 419 Updated Packages • No added obsoletes • No removed obsoletes opensm-3.2.2-3.el5 - opensm-3.2.6-2.el5 • Group: System Environment/Daemons • Summary: OpenIB InfiniBand Subnet Manager and management utilities • Description: OpenSM is the OpenIB project's Subnet Manager for Infiniband networks. The subnet manager is run as a system daemon on one of the machines in the infiniband fabric to manage the fabric's routing state.
Page 420 Appendix A. Package Manifest • No removed provides • No added conflicts • No removed conflicts • No added obsoletes • No removed obsoletes openssl-0.9.8e-7.el5 - openssl-0.9.8e-12.el5 • Group: System Environment/Libraries • Summary: The OpenSSL toolkit • Description: The OpenSSL toolkit provides support for secure communications between machines.
Page 421 Updated Packages • fipscheck-devel >= 1.2.0-1 • nss-devel >= 3.12.3-2 • xmlto • No removed dependencies • No added provides • No removed provides • No added conflicts • No removed conflicts • No added obsoletes • No removed obsoletes oprofile-0.9.3-18.el5 - oprofile-0.9.4-11.el5 •...
Page 422 Appendix A. Package Manifest • Description: PAM (Pluggable Authentication Modules) is a system security tool that allows system administrators to set authentication policy without having to recompile programs that handle authentication. • No added dependencies • No removed dependencies • No added provides •...
Page 423 Updated Packages • No removed provides • No added conflicts • No removed conflicts • No added obsoletes • No removed obsoletes perftest-1.2-11.el5 - perftest-1.2-14.el5 • Group: Productivity/Networking/Diagnostic • Summary: IB Performance tests • Description: gen2 uverbs microbenchmarks • Added Dependencies: •...
Page 424 Appendix A. Package Manifest • gawk • grep • No added provides • No removed provides • No added conflicts • No removed conflicts • No added obsoletes • No removed obsoletes perl-DBD-Pg-1.49-2.el5 - perl-DBD-Pg-1.49-2.el5_3.1 • Group: Development/Libraries • Summary: A PostgresSQL interface for perl •...
Page 425 Updated Packages • No removed provides • No added conflicts • No removed conflicts • No added obsoletes • No removed obsoletes php-pear-1.4.9-4.el5.1 - php-pear-1.4.9-6.el5 • Group: System • Summary: PHP Extension and Application Repository framework • Description: PEAR is a framework and distribution system for reusable PHP components. This package contains the basic PEAR components.
Page 426 Appendix A. Package Manifest • No removed obsoletes policycoreutils-1.33.12-14.2.el5 - policycoreutils-1.33.12-14.6.el5 • Group: System Environment/Base • Summary: SELinux policy core utilities. • Description: Security-enhanced Linux is a feature of the Linux® kernel and a number of utilities with enhanced security functionality designed to add mandatory access controls to Linux. The Security-enhanced Linux kernel contains new architectural components originally developed to improve the security of the Flask operating system.
Page 427 Updated Packages • No removed conflicts • No added obsoletes • No removed obsoletes ppc64-utils-0.11-10.el5 - ppc64-utils-0.11-12.el5 • Group: System Environment/Base • Summary: Linux/PPC64 specific utilities • Description: A collection of utilities for Linux on PPC64 platforms. • No added dependencies •...
Page 428 Appendix A. Package Manifest pykickstart-0.43.3-1.el5 - pykickstart-0.43.5-1.el5 • Group: System Environment/Libraries • Summary: A python library for manipulating kickstart files • Description: The pykickstart package is a python library for manipulating kickstart files. • No added dependencies • No removed dependencies •...
Page 429 Updated Packages Programmers can write new built-in modules for Python in C or C++. Python can be used as an extension language for applications that need a programmable interface. This package contains most of the standard Python modules, as well as modules for interfacing to the Tix widget set for Tk and RPM.
Page 430 Appendix A. Package Manifest • No added provides • No removed provides • No added conflicts • No removed conflicts • No added obsoletes • No removed obsoletes qlvnictools-0.0.1-10.el5 - qlvnictools-0.0.1-11.el5 • Group: System Environment/Base • Summary: VNIC ULP service •...
Page 431 Updated Packages • No added conflicts • No removed conflicts • No added obsoletes • No removed obsoletes rdesktop-1.4.1-6 - rdesktop-1.6.0-3 • Group: User Interface/Desktops • Summary: X client for remote desktop into Windows Terminal Server • Description: rdesktop is an open source client for Windows NT Terminal Server and Windows 2000 &...
Page 432 Appendix A. Package Manifest • No added obsoletes • No removed obsoletes redhat-release-5Server-5.3.0.3 - redhat-release-5Server-5.4.0.3 • Group: System Environment/Base • Summary: Red Hat Enterprise Linux release file • Description: Red Hat Enterprise Linux release files • No added dependencies • No removed dependencies •...
Page 433 Updated Packages • No added dependencies • No removed dependencies • No added provides • No removed provides • No added conflicts • No removed conflicts • No added obsoletes • No removed obsoletes rgmanager-2.0.46-1.el5 - rgmanager-2.0.52-1.el5 • Group: System Environment/Base •...
Page 434 • Group: Development/Libraries • Summary: Python libraries for the RHN project • Description: rhnlib is a collection of python modules used by the Red Hat Network (http:// rhn.redhat.com) software. • No added dependencies • No removed dependencies • No added provides •...
Page 435 Updated Packages • Summary: The RPM package management system • Description: The RPM Package Manager (RPM) is a powerful command line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. Each software package consists of an archive of files along with information about the package like its version, a description, etc.
Page 436 Appendix A. Package Manifest • Description: Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks (as in Perl). It is simple, straight-forward, and extensible. •...
Page 437 Updated Packages • No removed provides • No added conflicts • No removed conflicts • No added obsoletes • No removed obsoletes samba-3.0.33-3.7.el5 - samba-3.0.33-3.14.el5 • Group: System Environment/Daemons • Summary: The Samba SMB server. • Description: Samba is the suite of programs by which a lot of PC-related machines share files, printers, and other information (such as lists of available files and printers).
Page 438 Appendix A. Package Manifest • No added provides • No removed provides • No added conflicts • No removed conflicts • No added obsoletes • No removed obsoletes scim-bridge-0.4.5-8.el5 - scim-bridge-0.4.5-9.el5 • Group: System Environment/Libraries • Summary: SCIM Bridge Gtk IM module •...
Page 439 Updated Packages • No added obsoletes • No removed obsoletes setroubleshoot-2.0.5-3.el5 - setroubleshoot-2.0.5-5.el5 • Group: Applications/System • Summary: Helps troubleshoot SELinux problems • Description: setroubleshoot gui. Application that allows you to view setroubleshoot-server messages. Provides tools to help diagnose SELinux problems. When AVC messages are generated an alert can be generated that will give information about the problem and help track its resolution.
Page 440 Appendix A. Package Manifest sg3_utils-1.25-1.el5 - sg3_utils-1.25-4.el5 • Group: Utilities/System • Summary: Utils for Linux's SCSI generic driver devices + raw devices • Description: Collection of Linux utilities for devices that use the SCSI command set. Includes utilities to copy data based on "dd" syntax and semantics (called sg_dd, sgp_dd and sgm_dd); check INQUIRY data and VPD pages (sg_inq);...
Page 441 Updated Packages • No removed obsoletes sqlite-3.3.6-2 - sqlite-3.3.6-5 • Group: Applications/Databases • Summary: Library that implements an embeddable SQL database engine • Description: SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use.
Page 442 Appendix A. Package Manifest • No removed obsoletes srptools-0.0.4-2.el5 - srptools-0.0.4-6.el5 • Group: System Environment/Base • Summary: Tools for using the InfiniBand SRP protocol devices • Description: In conjunction with the kernel ib_srp driver, srptools allows you to discover and use SCSI devices via the SCSI RDMA Protocol over InfiniBand.
Page 443 Updated Packages subversion-1.4.2-4.el5 - subversion-1.4.2-4.el5_3.1 • Group: Development/Tools • Summary: Modern Version Control System designed to replace CVS • Description: Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes.
Page 444 Appendix A. Package Manifest system-config-cluster-1.0.55-1.0 - system-config-cluster-1.0.57-1.5 • Group: Applications/System • Summary: system-config-cluster is a utility which allows you to manage cluster configuration in a graphical setting. • Description: system-config-cluster is a utility which allows you to manage cluster configuuration in a graphical setting.
Page 445 Updated Packages • Description: system-config-language is a graphical user interface that allows the user to change the default language of the system. • No added dependencies • No removed dependencies • No added provides • No removed provides • No added conflicts •...
Page 446 Appendix A. Package Manifest • No removed provides • No added conflicts • No removed conflicts • No added obsoletes • No removed obsoletes systemtap-0.7.2-2.el5 - systemtap-0.9.7-5.el5 • Group: Development/System • Summary: Instrumentation System • Description: SystemTap is an instrumentation system for systems running Linux 2.6. Developers can write instrumentation to collect data on the operation of the system.
Page 447 Updated Packages • No removed dependencies • No added provides • No removed provides • No added conflicts • No removed conflicts • No added obsoletes • No removed obsoletes tcp_wrappers-7.6-40.6.el5 - tcp_wrappers-7.6-40.7.el5 • Group: System Environment/Daemons • Summary: A security tool which acts as a wrapper for TCP daemons. •...
Page 448 Appendix A. Package Manifest • No removed dependencies • No added provides • No removed provides • No added conflicts • No removed conflicts • No added obsoletes • No removed obsoletes tftp-0.42-3.1 - tftp-0.49-2 • Group: Applications/Internet • Summary: The client for the Trivial File Transfer Protocol (TFTP). •...
Page 449 Updated Packages • No added conflicts • No removed conflicts • No added obsoletes • No removed obsoletes tomcat5-5.5.23-0jpp.7.el5_2.1 - tomcat5-5.5.23-0jpp.7.el5_3.2 • Group: Networking/Daemons • Summary: Apache Servlet/JSP Engine, RI for Servlet 2.4/JSP 2.0 API • Description: Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies.
Page 450 Appendix A. Package Manifest • No removed conflicts • No added obsoletes • No removed obsoletes tzdata-2008i-1.el5 - tzdata-2009k-1.el5 • Group: System Environment/Base • Summary: Timezone data • Description: This package contains data files with rules for various timezones around the world. •...
Page 451 Updated Packages • Description: A utility that converts plain text files in UNIX format to DOS format. • No added dependencies • No removed dependencies • No added provides • No removed provides • No added conflicts • No removed conflicts •...
Page 452 Appendix A. Package Manifest • No added provides • No removed provides • No added conflicts • No removed conflicts • No added obsoletes • No removed obsoletes vino-2.13.5-6.el5 - vino-2.13.5-7.el5 • Group: User Interface/Desktops • Summary: A remote desktop system for GNOME •...
Page 453 Updated Packages • atk-devel • cairo-devel • glib2-devel • intltool • pango-devel • pygobject2-devel • No removed dependencies • No added provides • No removed provides • No added conflicts • No removed conflicts • No added obsoletes • No removed obsoletes virt-viewer-0.0.2-2.el5 - virt-viewer-0.0.2-3.el5 •...
Page 454 Appendix A. Package Manifest • Description: Virtual Network Computing (VNC) is a remote display system which allows you to view a computing 'desktop' environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. This package contains a client which will allow you to connect to other desktops running a VNC server.
Page 455 Updated Packages timer expiration will trigger a machine reboot. When operating as a software watchdog, the ability to reboot will depend on the state of the machine and interrupts. When operating as a hardware watchdog, the machine will experience a hard reset (or whatever action was configured to be taken upon watchdog timer expiration) initiated by the BMC.
Page 456 Appendix A. Package Manifest • Added Dependencies: • zlib-devel • No removed dependencies • No added provides • No removed provides • No added conflicts • No removed conflicts • No added obsoletes • No removed obsoletes wireshark-1.0.3-4.el5_2 - wireshark-1.0.8-1.el5_3.1 •...
Page 457 Updated Packages • Added Dependencies: • pciutils-devel • No removed dependencies • No added provides • No removed provides • No added conflicts • No removed conflicts • No added obsoletes • No removed obsoletes xkeyboard-config-0.8-7.fc6 - xkeyboard-config-0.8-9.el5 • Group: User Interface/X •...
Page 458 Appendix A. Package Manifest • No added provides • No removed provides • No added conflicts • No removed conflicts • No added obsoletes • No removed obsoletes xorg-x11-drv-i810-1.6.5-9.21.el5 - xorg-x11-drv-i810-1.6.5-9.25.el5 • Group: User Interface/X Hardware Support • Summary: Xorg X11 i810 video driver(s) •...
Page 459 Updated Packages • No removed provides • No added conflicts • No removed conflicts • No added obsoletes • No removed obsoletes xorg-x11-drv-nv-2.1.12-3.el5 - xorg-x11-drv-nv-2.1.12-6.el5 • Group: User Interface/X Hardware Support • Summary: Xorg X11 nv video driver • Description: X.Org X11 nv video driver. •...
Page 460 Appendix A. Package Manifest • No added obsoletes • No removed obsoletes xorg-x11-server-1.1.1-48.52.el5 - xorg-x11-server-1.1.1-48.67.el5 • Group: User Interface/X • Summary: X.Org X11 X server • Description: X.Org X11 X server • Added Dependencies: • xorg-x11-proto-devel >= 7.1-13.el5 • Removed Dependencies: •...
Page 461 Updated Packages • Summary: Linux bootloader for Power Macintosh "New World" computers. • Description: yaboot is a bootloader for PowerPC machines which works on New World ROM machines (Rev. A iMac and newer) and runs directly from Open Firmware, eliminating the need for Mac OS.
Page 462 Appendix A. Package Manifest • Summary: RPM installer/updater • Description: Yum is a utility that can check for and automatically download and install updated RPM packages. Dependencies are obtained and downloaded automatically prompting the user as necessary. • No added dependencies •...
Page 463 Updated Packages • No added provides • No removed provides • No added conflicts • No removed conflicts • No added obsoletes • No removed obsoletes zsh-4.2.6-1 - zsh-4.2.6-3.el5 • Group: System Environment/Shells • Summary: A powerful interactive shell • Description: The zsh shell is a command interpreter usable as an interactive login shell and as a shell script command processor.
Page 465: Revision History
Appendix B. Revision History Revision 1.1 Thu Sep 03 2009 Ryan Lerch rlerch@redhat.com Added the Preface, Updated the Abstract, and corrected erroneous errata IDs Revision 1.0 Wed Sep 02 2009 Ryan Lerch rlerch@redhat.com Initial Release of the Technical Notes...