Bugfixes & vulnerability patches
Here is the link for obtaining the updates:
http://distro.conectiva.com.br/atualizacoes/index.php Thorn |
Conectiva Linux 10 Update 1 Final - Release Notes
Apologies for the long post but interested parties should not have to D/L an iso just to see what has been fixed in this release. This patch enables SELinux support in the kernel. (Yeah now my favorite distro has secure computing options!) 1. Contents 1. Contents 2. Introduction 3. Kernel Fixes and Enhancements 4. Installer Fixes 5. Official Updates 6. Original CL 10 Release Notes 2. Introduction Welcome to Conectiva Linux 10 Update 1. This CD includes: * official updates * installer with fixes * kernel 2.6.10 final plus extra patches * new mozilla version 1.7.3 * new nvidia driver 6629 * new mozilla version 1.7.3 * drbd 0.7.5 * alsa-lib 1.0.7 * alsa-oss 1.0.7 This CD can be used basically in two ways: * To update an already installed system with Conectiva Linux 10, doing: - apt-cdrom add - apt-get dist-upgrade * To fresh install Conectiva Linux 10: - simply boot this update CD and follow the normal installation procedures. The installer will use the updated packages and will ask for the other CL 10 CDs accordly to the installation profile. Due to installer architecture, you can also make a minimal install with only this update CD. Please report any problem with this CD in our bugzilla: http://bugzilla.conectiva.com.br 3. Kernel Fixes and Enhancements * updated to 2.6.10 final plus extra patches * support for adaptec "hostraid" controllers * fixed kernel to be able to use new version 6629 of nvidia driver. * fixed VIA audio interrupt. * added support for Siemens x65 series of mobiles. * enabled SELinux kernel support. * fixed bug with cdrom model LTN486S (DMA). * removed support orinoco rfmon dragorn. * ACPI fixes. * Various security fixes. * added drbd module and updated userlevel utilities 4. Installer Fixes * some Compaq CCISS based controllers are now correctly detected (bugzilla tickets #12752, #13042, #13058, #13171); * rewritten gtk fe user cfg screen. Fixed tab order bug (bugzilla ticket #12127); * added 'splash=silent' into bootsplash KERNEL_PARAMETER option on kernel-postinstall.conf file. * fixed binfmt-310 modprobe.conf alias; * setted root name to 'System Administrator' into /etc/passwd; * fixed scsi alias on modprobe.conf (bugzilla ticket #12367); * added mount option into fstab for jfs partitions (bugzilla ticket #13029); * some others fixes into jfs management; * disabled get_CPU_type resource function to allow the user to overwrite the cpu type value. The cpu_type can be setted by passing 'cpu_type=i{4,5,6}86' on bootloader cmd line. This option sets synaptic to force the architecture package on installation; * fixing wrong cmdline path when reading the proc command line to get some informations. This fix is usefull when the user need to pass some kernel options in the GRUB command line. * fixed problem when user tries to create some partition that ends with ..lib, ..sbin, etc. (bugzilla ticket #12850); * added support for detection of sata_sis and sata_nv kernel module; * fixed problem with Dell Poweredge 1800 (bugzilla ticket #13378); * fixed problem with "noexec" option in fstab (bugzilla ticket #13384); 5. Known problems * Some sata devices (specially those based on sata_via used in VIA chipsets) have been renamed from /dev/hdX to /dev/sdX. In order to boot corretly, you need to change the "root=/dev/hdXn" to "root=/dev/sdXn" in /boot/grub/menu.lst and change /etc/fstab accordingly. * nvidia based VGA controllers are not working in some cases. There is no solution at this point other than to boot again with the old kernel and wait for a new NVidia release (or use the opensource "nv" driver) * slmodem and ltmodem modules are not working with kernel 2.6.10 6. Official updates 2005-01-26 13:41:00 squid Multiple vulnerabilities in squid 2005-01-25 13:50:00 xpdf Multiple vulnerabilities in xpdf 2005-01-20 12:13:00 libtiff3 Multiple vulnerabilities in libtiff 2005-01-13 11:56:00 krb5 Fix for buffer overflow in libkadm5srv 2005-01-13 11:40:00 php4 Multiple vulnerabilities in php4 2005-01-06 17:10:00 samba Multiple vulnerabilities in Samba 2005-01-06 16:53:00 sarg New sarg version 2004-12-21 10:59:00 linuxconf-cnc_rbc Fixes for remote boot 2004-12-01 18:21:00 cyrus-imapd Multiple vulnerabilities in cyrus-imapd 2004-12-01 15:50:00 bittorrent New bittorrent version 2004-12-01 13:28:00 abiword Fix for buffer overflow vulnerability 2004-12-01 13:22:00 clamav New upstream for clamav 2004-11-26 18:31:00 sun-jre Java plugin vulnerability 2004-11-25 13:03:00 samba Fix for Samba's denial of service vulnerability 2004-11-25 11:38:00 dhcpcd Fix for an incorrect dhcpcd behavior 2004-11-25 11:16:00 smbldap-tool smbldap-tools new version 2004-11-23 13:43:00 bugzilla Fix for remote vulnerability 2004-11-23 11:12:00 shadow-utils Fix for shadow-utils authentication bypass vulnerability 2004-11-23 11:09:00 setup Fixes for incorrect handling of white spaces in main group names 2004-11-22 10:01:00 chkrootkit Fixes for missing dependencies 2004-11-18 11:48:00 MySQL Fixes for several mysql vulnerabilities 2004-11-18 11:42:00 linuxconf Better support for kernel 2.6 2004-11-18 09:20:00 libxml2 Fixes for libxml2 buffer overflow vulnerabilities 2004-11-11 15:16:00 sasl2 Fix for buffer overflow vulnerability 2004-11-08 11:19:00 libtiff3 Fixes for libtiff vulnerabilities 2004-11-08 11:13:00 xpdf Fixes for xpdf vulnerabilities 2004-11-08 11:05:00 rsync Backward compatibility for rsync 2004-11-04 12:51:00 gaim Fixes for gaim's vulnerabilities 2004-11-04 12:47:00 apache Fix for mod_ssl vulnerability 2004-11-04 12:39:00 subversion Fixes for subverion's vulnerabilities 2004-11-03 10:48:00 squid Fixes for squid vulnerabilities 2004-11-01 12:20:00 rsync Fix for path sanitation vulnerabilities 2004-10-27 14:36:00 foomatic-filters Fix for foomatic vulnerability 2004-10-26 18:05:00 kernel Fixes for kernel vulnerabilities 2004-10-25 15:45:00 zlib Fix for denial of service vulnerab. 2004-10-22 16:18:00 mozilla New upstream for mozilla 2004-10-20 14:14:00 apt Fix for invalid version comparison 2004-10-18 14:01:00 gtk+ Fixes for image loading vulnerabilities 2004-10-14 14:15:00 glibc Daylight saving time for Brazil 2004-10-14 11:44:00 samba Fix for samba vulnerabilities 2004-10-14 11:12:00 cups Fix for CUPS denial of service vulner. 2004-10-05 12:15:00 amanda Fixes for the amanda package 2004-09-28 11:37:00 imlib Fix for a buffer overflow in imlib and imlib2 2004-09-23 12:10:00 apache Several vulnerabilities in apache, mod_ssl and mod_dav 2004-09-22 11:02:00 spamassassin Fix for denial of service vulnerab. in SpamAssassin 2004-09-22 10:55:00 qt3 Fixes for image loader vulnerabilities 2004-09-13 12:11:00 zlib Fix for denial of service vulnerab. 2004-09-13 11:35:00 kde Fix for multiple security vulnerab. 2004-09-10 17:35:00 wv Fix for buffer overflow vulnerability 2004-09-09 20:53:00 krb5 Multiple vulnerabilities in Kerberos 5 2004-08-31 10:48:00 cups Added support for Okidata B4300/B4350 printers 2004-08-06 09:53:00 libpng Several vulnerabilities in libpng 2004-07-30 16:39:00 sox Buffer overflow vulnerability 2004-07-28 12:39:00 kernel Fixes for kernel vulnerabilities 2004-07-22 13:01:00 samba Multiple potential buffer overruns 2004-07-22 11:53:00 kdenetwork Updates for kopete's ICQ and Yahoo! protocol handlers 2004-07-22 11:22:00 php4 Fixes mail() function support 2004-07-16 19:06:00 webmin Vulnerability in Webmin's ACL 2004-07-16 11:56:00 php4 Remote arbitrary code execution vulnerabilities and other 7. Original CL 10 Release Notes 7.1. Contents 6.1. Contents 6.2. Introduction 6.3. System installation 6.4. System environment 6.5. Kernel 6.6. Hardware support 6.7. Package upgrade issues 6.8. New packages 6.9. Other important package changes 7.2. Introduction Welcome to Conectiva Linux 10. This file describes some of the new features and known system upgrade issues. Please read the "Package upgrade issues" section below before upgrading from a previous version of Conectiva Linux. 7.3. System installation Conectiva Linux 10 may be installed on a new system or upgrade a previously installed Conectiva Linux 9. The system administrator may upgrade the distribution using APT from a running system or booting the CL10 installation CD (in such case the installer needs 200Mb under /tmp to store transient data). To upgrade using APT, remove CL9 entries from your /etc/apt/source.list file, add CL10 entries running "apt-cdrom add" for each CD, install apt-static with apt-get install apt-static and run /bin/update-to-cl10. Notice that better upgrading results are achieved by using the set of 3 CDs. Other installation notes: * Press F2 to open an X terminal if you run the installer in expert mode * The standard installation requires only the first CD * A "media check" option is available in the bootloader menu. Use this option to check media integrity should you run into installation problems. * Sound cards: at the first boot after the installation, a script will attempt to detect and configure PCI sound cards. * Extra packages (not included in the CDs) are available for download at Conectiva's APT server and mirrors. * DAC960 owners may need to choose LILO instead of GRUB as the system bootloader. * Check http://moin.conectiva.com.br/InstallerTricks for further documentation on advanced options, tricks to work around problems or to learn how to build custom installation disks. 7.4. System environment * Webmin replaced Linuxconf as the default administration tool. * Supermount is enabled by default for removable media (CD-ROM, floppies, usb-storage, etc.) * SCSI emulation is no longer needed to use CD recorders. * POSIX ACLs: the option to use POSIX ACLs is now available, just add "acl" to the mount options. Samba can also take advantage of this to emulate NT-type ACLs. * Conectiva Linux is not generating core dumps anymore by default. If you need to inspect core dumps, just change the value passed to ulimit -c at /etc/profile. See man bash for more information about ulimit. Note that this is not changed if /etc/profile was modified. * When printing with any application that is not CUPS-aware, a second printing dialog will be shown, giving the user the possibility to choose printer destination, printer quality, page size and more. If you don't like it, you may safely disable it at /etc/cups/lpd.conf and /etc/cups/lpq.conf. Applications that know CUPS doesn't need that window and so it is not shown. 7.5. Kernel Conectiva Linux 10 ships with the Linux kernel 2.6.5. * Building third-party modules: to build an external kernel module, such as VMware modules, just copy the configuration file from /usr/src/linux/configs/ to /usr/src/linux/.config, and run the command make prepare-all. * Kernel post-install: kernel upgrades are now somewhat automatic, meaning that apt/synaptic installs the new kernel and a post-install script kicks in in order to insert the new kernel configuration in the grub bootloader (/boot/grub/menu.lst) and to create the necessary initrd image. The new kernel is not loaded by default, but it's there in the grub menu. If you are satisfied with it, just change the default to the new kernel in /boot/grub/menu.lst afterwards. NOTE: boot parameters from the previous kernel, including bootsplash parameters, are NOT copied automatically to the new kernel entry. The system administrator must review and copy these parameters manually. 7.6. Hardware support A number of hardware devices that require drivers supplied by the device manufacturer are now configured at system installation time. * NVIDIA 3D drivers: Conectiva Linux 10 ships with the NVIDIA display drivers (kernel module, glx library and xfree86 additional modules). NVIDIA cards should work in accelerated 3D mode out of the box. * Softmodems: CL10 includes drivers for some softmodem models * Printers: the CUPS driver includes support for over a thousand printer models and can be configured from the command line, GNOME, KDE or its own configuration interface. By installing any package in the format task-printer-<manufacturer> you will be able to print to almost any printer from that manufacturer. 7.7. Package upgrade issues Please read this section carefully to avoid problems arising from system upgrade. * OpenLDAP: When upgrading from OpenLDAP-2.1.17 or earlier (in the 2.1 series) to openldap 2.1.18 or higher, the indexes need to be rebuild with the slapindex command. OpenLDAP now uses the DB 4.2.x backend instead of DB 4.1.x in CL9. This requires a db4.1_recover to be run prior to upgrade, and db4.2_recover after the upgrade. The log file format has changed. * cyrus-imap: Cyrus-imap has been updated to the 2.2.x branch. The upgrade process is automated, but backups should be made just in case. One of the new features of this release is support for virtual domains. * Linuxconf: Linuxconf tools and utils will be obsoleted in CL11. Some modules were removed in CL10 due to not being in sync with the tools they used to manage. These modules are: linuxconf-tools, linuxconf-drbdconf, linuxconf-heartbeatconf, linuxconf-printer and linuxconf-wineconf. * Mailman: The following directories have been moved from /usr/lib/mailman to /var/lib/mailman: qfiles, spam, lists, locks, data and archives. It's up to the system administrator to copy/move the previous data from /usr/lib. Administrators must take special precautions when upgrading: turn off your incoming mail daemon (for example, postfix) and temporarily disable web access to Mailman. The update script is run automatically by the rpm package. * Postgresql: a database dump is required before upgrading postgresql to the version available in CL10. After the upgrade, the dumped database can be reloaded. If this step is not performed, the database will not be accessible any more in the new database environment. * mplayer: the directory for win32 codecs was moved from /usr/lib/mplayer/win32 to /usr/lib/win32 to be compatible with other players (like xine). The RPM package will attempt to move the codecs from the old directory to the new one if it detects the old installation. 7.8. New packages Several new packages have been added in this release, a few of them are highlighted below: * Macromedia Flash 7 plugin. * Anti-virus: Conectiva Linux 10 ships with clamav and amavisd-new. Samba is also being shipped with several VFS anti-virus modules. * Ximian connector: Ximian connector is included as a plugin for the Evolution mail client. This plugin allows Evolution users to access the groupware features on Exchange 2000 or 2003 server, as well as email. * Personal firewall: starting with CL10, we now ship a personal firewall script (cnc-personal-firewall) and its graphical configuration utility, myfirewallcontrol. This firewall is aimed for desktop users, not servers, with a simple enough configuration that should be sufficient for most users. 7.9. Other important package changes * APT: Lua scripting interface has been added to the Advanced Packaging Tool. Apt now has a log of transactions in /var/log/apt.log, and default installation of apt has AutoClean on, to auto remove obsoleted packages of local cache. This allows a cache to be maintained over a long period without it growing out of control. * CVS: The cvs package went through some changes at this new release that focused on security. Updating from previous Conectiva Linux releases shouldn't be a problem, since the main package only got a default xinetd config file. The server now runs under a chroot environment and uses remote access based on ssh. cvs-chroot maintenance tools include: cvs_mkrepos (creates a new repository), cvs_useradd (add a new user) and cvs_userdel (remove an user). * Bind: there is no option now for running bind in or out a chrooted environment. For security reasons, bind's main package will automatically install bind into a chroot jail and run it in there. Upgrading from old packages should be clean. * Default DB_CONFIG configuration file: Both OpenLDAP and cyrus-imapd are now shipped with default DB_CONFIG files which raise some default values to more appropriate levels, such as caching and buffering. The default values are too low. Performance should increase on a default installation, but further tuning in this file could increase performance even more. * Samba: The default configuration file has been rewritten and an option to automatically create machine accounts has been added, as well as an option to automatically download printer drivers. Samba log files have also been changed from the "log.%m" format to "%m.log" to make it easier on the logrotate script which can now use just "*.log" for the file specification. Previously it was using "log.*", which also included already rotated (and compressed) log files. * Mozilla and Galeon: Galeon has been obsoleted in favor of epiphany, the GNOME 2 official browser. Mozilla (and other browsers based on it, such as epiphany) now also has support for NTLM authentication. |
How-to install the Conectiva updated kernal via Floppies.
Burn the Update iso to CD Then on the CD goto the dosutils folder and find rawwrite.exe Get 3 freashly formatted floppies open rawwrite and navigate to the floppies folder. First select boot.img and write it to the first disk. Then select floppy.img and write it to the 2nd disk. (The third disk is optional in my opinion.) then select floppy-drivers.img and write it to the 3rd disk. (Why is this useful you may ask? Because the CD-Rom in my machine will not boot!) The boot sequence will be: 1. Boot.img 2. Floppy.img Then if the updated cd-rom is in the drive the installer will begin to read the rest of the install info from the disk. Conectiva did not document this proceedure well so I had to "discover" it and translate it from the original Portuguese. So a fresh Conectiva 10 install should be installed using the Update disk then select your install profile, then install the required files from the initial release disks. I hope this helps the Conectiva faithful out there. Thorn |
All times are GMT -5. The time now is 10:51 PM. |