manualshive.com logo in svg

Red Hat ENTERPRISE 5.4 RELEASE NOTES, Manual

The "Red Hat Enterprise 5.4 Release Notes" provide essential information and updates regarding the operating system's latest version. This comprehensive manual offers detailed insights into the product's features, improvements, and known issues. Download the free Release Notes now from manualshive.com to enhance your Red Hat Enterprise experience.

Share
Download
background image

Chapter 1.  Package Updates

116

Updated kernel packages that fix several security issues and several bugs are now available for Red
Hat Enterprise Linux 5.

This update has been rated as having important security impact by the Red Hat Security Response
Team.

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security fixes:

• the possibility of a timeout value overflow was found in the Linux kernel high-resolution timers

functionality, hrtimers. This could allow a local, unprivileged user to execute arbitrary code, or cause
a denial of service (kernel panic). (

CVE-2007-5966

773

, Important)

• a flaw was found in the Intel PRO/1000 network driver in the Linux kernel. Frames with sizes near

the MTU of an interface may be split across multiple hardware receive descriptors. Receipt of such
a frame could leak through a validation check, leading to a corruption of the length check. A remote
attacker could use this flaw to send a specially-crafted packet that would cause a denial of service
or code execution. (

CVE-2009-1385

774

, Important)

• Michael Tokarev reported a flaw in the Realtek r8169 Ethernet driver in the Linux kernel. This driver

allowed interfaces using this driver to receive frames larger than could be handled, which could lead
to a remote denial of service or code execution. (

CVE-2009-1389

775

, Important)

• the ADDR_COMPAT_LAYOUT and MMAP_PAGE_ZERO flags were not cleared when a setuid

or setgid program was executed. A local, unprivileged user could use this flaw to bypass the
mmap_min_addr protection mechanism and perform a NULL pointer dereference attack, or bypass
the Address Space Layout Randomization (ASLR) security feature. (

CVE-2009-1895

776

, Important)

• Ramon de Carvalho Valle reported two flaws in the Linux kernel eCryptfs implementation. A local

attacker with permissions to perform an eCryptfs mount could modify the metadata of the files in
that eCrypfts mount to cause a buffer overflow, leading to a denial of service or privilege escalation.
(

CVE-2009-2406

777

CVE-2009-2407

778

, Important)

• Konstantin Khlebnikov discovered a race condition in the ptrace implementation in the Linux kernel.

This race condition can occur when the process tracing and the process being traced participate in
a core dump. A local, unprivileged user could use this flaw to trigger a deadlock, resulting in a partial
denial of service. (

CVE-2009-1388

779

, Moderate)

Bug fixes:

• possible host (dom0) crash when installing a Xen para-virtualized guest while another para-

virtualized guest was rebooting. (

BZ#497812

780

)

• no audit record for a directory removal if the directory and its subtree were recursively watched by

an audit rule. (

BZ#507561

781

)

• page caches in memory can be freed up using the Linux kernel's drop_caches feature. If

drop_pagecache_sb()

 and 

prune_icache()

 ran concurrently, however, a missing test in drop-

pagecache_sb() could cause a kernel panic. For example, running 

echo 1 > /proc/sys/vm/

drop_caches

 or 

sysctl .w vm.drop_caches=1

 on systems under high memory load could

cause a kernel panic or system hang. With this update, the missing test has been added and the
drop_cache feature frees up page caches properly. Consequently these system failures no longer
occur, even under high memory load. (

BZ#503692

782

)

Summary of Contents for ENTERPRISE 5.4 RELEASE NOTES

Page 1: ...Red Hat Enterprise Linux 5 4 Technical Notes Every Change to Every Package ...

Page 2: ...4d of CC BY SA to the fullest extent permitted by applicable law Red Hat Red Hat Enterprise Linux the Shadowman logo JBoss MetaMatrix Fedora the Infinity Logo and RHCE are trademarks of Red Hat Inc registered in the United States and other countries Linux is the registered trademark of Linus Torvalds in the United States and other countries All other trademarks are the property of their respective...

Page 3: ...util 10 1 9 1 RHSA 2009 1107 Moderate security update 10 1 10 aspell 11 1 10 1 RHBA 2009 1070 bug fix update 11 1 11 audit 12 1 11 1 RHBA 2009 0475 bug fix and enhancement update 12 1 11 2 RHBA 2009 0443 bug fix update 12 1 11 3 RHEA 2009 1303 enhancement 13 1 12 authconfig 14 1 12 1 RHBA 2009 0482 bug fix update 14 1 13 authd 15 1 13 1 RHBA 2009 0442 bug fix update 15 1 14 autofs 15 1 14 1 RHBA 2...

Page 4: ... 2 RHSA 2009 1082 Important security update 34 1 29 3 RHSA 2009 0429 Important security update 34 1 30 curl 36 1 30 1 RHSA 2009 1209 Moderate security update 36 1 30 2 RHSA 2009 0341 Moderate security update 36 1 31 cvs 37 1 31 1 RHBA 2009 1370 bug fix update 37 1 32 cyrus imapd 37 1 32 1 RHSA 2009 1116 Important security update 37 1 32 2 RHBA 2009 1120 bug fix update 38 1 33 cyrus sasl 38 1 33 1 ...

Page 5: ...1 bug fix update 54 1 53 evolution data server 55 1 53 1 RHSA 2009 0354 Moderate security update 55 1 53 2 RHBA 2009 1259 bug fix update 55 1 54 file 57 1 54 1 RHBA 2009 0456 bug fix update 57 1 55 findutils 57 1 55 1 RHEA 2009 1410 enhancement update 57 1 56 fipscheck 57 1 56 1 RHEA 2009 1266 enhancement update 57 1 57 firefox 58 1 57 1 RHSA 2009 1162 Critical security update 58 1 57 2 RHSA 2009 ...

Page 6: ... 70 glib2 76 1 70 1 RHSA 2009 0336 Moderate security update 76 1 71 glibc 77 1 71 1 RHBA 2009 1415 bug fix and enhancement update 77 1 71 2 RHBA 2009 1202 bug fix update 80 1 72 gnome python2 desktop 80 1 72 1 RHBA 2009 0405 bug fix update 80 1 73 gnome session 81 1 73 1 RHBA 2009 1079 bug fix update 81 1 74 grep 81 1 74 1 RHBA 2009 0481 bug fix update 81 1 75 grub 82 1 75 1 RHBA 2009 1388 bug fix...

Page 7: ...97 1 94 1 RHBA 2009 1099 bug fix update 97 1 94 2 RHBA 2009 1368 bug fix update 97 1 95 isdn4k utils 98 1 95 1 RHBA 2009 1112 bug fix update 98 1 96 iwl3945 firmware 99 1 96 1 RHEA 2009 1253 enhancement update 99 1 97 iwl4965 firmware 99 1 97 1 RHEA 2009 1252 enhancement update 99 1 98 jadetex 100 1 98 1 RHBA 2009 0378 bug fix update 100 1 99 java 1 4 2 ibm 100 1 99 1 RHSA 2009 0445 Critical secur...

Page 8: ... fix update 122 1 110 7 RHSA 2009 0264 Important security update 123 1 110 8 RHSA 2009 1222 Important security and bug fix update 125 1 110 9 RHSA 2009 1243 125 1 111 kexec tools 141 1 111 1 RHBA 2009 0467 bug fix update 141 1 111 2 RHBA 2009 0048 bug fix update 142 1 111 3 RHBA 2009 1258 bug fix and enhancement update 142 1 112 krb5 143 1 112 1 RHSA 2009 0408 Important security update 143 1 112 2...

Page 9: ...te 159 1 133 lksctp tools 159 1 133 1 RHBA 2009 0412 bug fix update 159 1 134 ltrace 160 1 134 1 RHBA 2009 0380 bug fix update 160 1 135 lvm2 161 1 135 1 RHBA 2009 1393 bug fix and enhancement update 161 1 136 lvm2 cluster 163 1 136 1 RHBA 2009 1394 bug fix and enhancement update 163 1 137 m2crypto 163 1 137 1 RHBA 2009 1351 bug fix update 163 1 138 man pages ja 164 1 138 1 RHBA 2009 0483 bug fix ...

Page 10: ...1186 Critical security bug fix and enhancement update 179 1 156 2 RHBA 2009 1161 bug fix and enhancement update 180 1 157 nss_ldap 181 1 157 1 RHBA 2009 1379 bug fix update 181 1 158 ntp 182 1 158 1 RHSA 2009 1039 Important security update 182 1 158 2 RHSA 2009 0046 Moderate security update 182 1 159 numactl 183 1 159 1 RHBA 2009 0389 bug fix update 183 1 160 openais 183 1 160 1 RHBA 2009 1191 bug...

Page 11: ...204 1 176 piranha 205 1 176 1 RHBA 2009 1396 bug fix update 205 1 177 policycoreutils 206 1 177 1 RHBA 2009 1292 bug fix update 206 1 178 poppler 206 1 178 1 RHSA 2009 0480 Important security update 206 1 179 ppc64 utils 207 1 179 1 RHEA 2009 1247 enhancement update 207 1 180 psmisc 208 1 180 1 RHBA 2009 0439 bug fix update 208 1 181 pykickstart 208 1 181 1 RHBA 2009 1387 bug fix update 208 1 182 ...

Page 12: ...e 221 1 200 s390utils 222 1 200 1 RHBA 2009 1311 bug fix and enhancement update 222 1 201 samba 223 1 201 1 RHBA 2009 1150 bug fix update 223 1 201 2 RHBA 2009 1416 bug fix update 223 1 202 sblim 224 1 202 1 RHBA 2009 1267 bug fix update 224 1 203 scim bridge 225 1 203 1 RHBA 2009 0426 bug fix update 225 1 204 selinux policy 225 1 204 1 RHBA 2009 1242 225 1 205 setroubleshoot 227 1 205 1 RHBA 2009...

Page 13: ...22 1 RHBA 2009 1118 bug fix update 244 1 223 tftp 245 1 223 1 RHEA 2009 1274 enhancement update 245 1 224 thunderbird 245 1 224 1 RHSA 2009 1126 Moderate security update 245 1 224 2 RHSA 2009 0258 Moderate security update 246 1 225 tog pegasus 247 1 225 1 RHBA 2009 1286 bug fix and enhancement update 247 1 226 tomcat 248 1 226 1 RHSA 2009 1164 Important security update 248 1 227 totem 249 1 227 1 ...

Page 14: ...1 drv ati 264 1 244 1 RHBA 2009 1343 bug fix and enhancement update 264 1 245 xorg x11 drv i810 265 1 245 1 RHBA 2009 1391 bug fix and enhancement update 265 1 246 xorg x11 drv mga 266 1 246 1 RHBA 2009 1390 bug fix update 266 1 247 xorg x11 drv nv 267 1 247 1 RHEA 2009 1342 enhancement update 267 1 248 xorg x11 proto devel 267 1 248 1 RHEA 2009 1411 enhancement update 267 1 249 xorg x11 server 26...

Page 15: ... 1294 pth 280 2 21 RHEA 2009 1309 qcairo 281 2 22 RHBA 2009 1323 qffmpeg 281 2 23 RHEA 2009 1305 qpixman 281 2 24 RHEA 2009 1334 qspice 282 2 25 RHEA 2009 1399 samba3x 282 2 26 RHEA 2009 1308 xorg x11 drv qxl 282 2 27 RHEA 2009 1406 xorg x11 xdm 282 3 Technology Previews 283 4 Known Issues 289 4 1 anaconda 289 4 2 cmirror 291 4 3 compiz 291 4 4 device mapper multipath 291 4 5 dmraid 292 4 6 dogtai...

Page 16: ... policy 310 4 30 systemtap 311 4 31 udev 312 4 32 virt manager 312 4 33 virtio win 312 4 34 xen 312 4 35 xorg x11 drv i810 313 4 36 xorg x11 drv nv 313 4 37 xorg x11 drv vesa 314 A Package Manifest 315 A 1 Added Packages 315 A 2 Dropped Packages 319 A 3 Updated Packages 319 B Revision History 447 ...

Page 17: ...al Notes provide a single organized record of the bugs fixed in features added to and Technology Previews included with this new release of Red Hat Enterprise Linux For auditors and compliance officers the Red Hat Enterprise Linux 5 4 Technical Notes provide a single organized source for change tracking and compliance testing For every user the Red Hat Enterprise Linux 5 4 Technical Notes provide ...

Page 18: ...xviii ...

Page 19: ... network connection from functioning properly CVE 2009 0578 3 Red Hat would like to thank Ludwig Nussel for reporting these flaws responsibly Users of NetworkManager should upgrade to these updated packages which contain backported patches to correct these issues 1 1 2 RHBA 2009 1389 bug fix update Updated NetworkManager packages that fix several bugs are now available NetworkManager is a network ...

Page 20: ...l text of the passphrase and displays the original passphrase instead of a hexadecimal string when the user selects the Show password option BZ 466509 8 NetworkManager has its own internal method of starting loopback devices and does not use the configuration settings stored in etc sysconfig network scripts ifcfg lo Previously NetworkManager would produce an error alerting users that the configura...

Page 21: ... contained unnecessary RPATH values which have not been compiled in to these updated packages BZ 466119 17 the OpenIPMI devel packages contained manual pages which were already provided by the OpenIPMI packages and have therefore been removed from the OpenIPMI devel packages BZ 466487 18 the ipmievd daemon listens for events sent by the BMC to the SEL and logs those events to syslog Previously the...

Page 22: ... the Red Hat Security Response Team acpid is a daemon that dispatches ACPI Advanced Configuration and Power Interface events to user space programs Anthony de Almeida Lopes of Outpost24 AB reported a denial of service flaw in the acpid daemon s error handling If an attacker could exhaust the sockets open to acpid the daemon would enter an infinite loop consuming most CPU resources and preventing a...

Page 23: ...0889 37 CVE 2009 1855 38 CVE 2009 1856 39 CVE 2009 1857 40 CVE 2009 1858 41 CVE 2009 1859 42 CVE 2009 1861 43 CVE 2009 2028 44 All Adobe Reader users should install these updated packages They contain Adobe Reader version 8 1 6 which is not vulnerable to these issues All running instances of Adobe Reader must be restarted for the update to take effect 29 https bugzilla redhat com bugzilla show_bug...

Page 24: ...security errata RHSA 2009 0376 48 Updated acroread packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3 Extras Red Hat Enterprise Linux 4 Extras and Red Hat Enterprise Linux 5 Supplementary This update has been rated as having critical security impact by the Red Hat Security Response Team Adobe Reader allows users to view and print documents in Portable Docum...

Page 25: ...1 6 amanda 1 6 1 RHBA 2009 1300 bug fix update Updated amanda packages that fix two bugs are now available Amanda is a network capable tape backup solution These updated amanda packages resolve the following issues the amtapetype command had a bug in memory management an invalid pointer was passed to the free function In some circumstances this caused amrecover to fail with a Extractor child exite...

Page 26: ... now installs multipath packages so that multipath devices work as expected following first reboot BZ 466614 63 Anaconda prompted for the time zone even when the time zone was correctly specified in the Kickstart file BZ 481617 64 on Itanium systems the time stamps of installed files and directories were in the future BZ 485200 65 the iSCSI Boot Firmware Table iBFT now works with Challenge Handsha...

Page 27: ...e support BZ 498511 80 the Mellanox ConnectX mt26448 10Gb E driver is now supported BZ 514971 81 the mpt2sas driver is now supported BZ 475671 82 the Emulex Tiger Shark converged network adatper is now supported BZ 496875 83 the Marvell RAID bus controller MV64460 64461 64462 and Emulex OneConnect 10GbE NIC devices are now supported BZ 493179 84 the IGB Virtual Function driver is now supported BZ ...

Page 28: ...e these flaws to issue a specially crafted request for memory allocation which would lead to a denial of service application crash or potentially execute arbitrary code with the privileges of an application using the APR libraries CVE 2009 2412 92 All apr and apr util users should upgrade to these updated packages which contain backported patches to correct these issues Applications using the APR ...

Page 29: ...rafted search keyword that would overwrite arbitrary heap memory locations when processed by the pattern preparation engine CVE 2009 0023 96 All apr util users should upgrade to these updated packages which contain backported patches to correct these issues Applications using the Apache Portable Runtime library such as httpd must be restarted for this update to take effect 1 10 aspell 1 10 1 RHBA ...

Page 30: ...option This is a new report that was recently added to audit in order to aid in the review of TTY audit events BZ 497518 103102 Users are advised to upgrade to these updated audit packages which resolve this issue and add this enhancement 1 11 2 RHBA 2009 0443 bug fix update Note This update has already been released prior to the GA of this release as errata RHBA 2009 0443 104 Updated audit packag...

Page 31: ...y option for the audisp remote plugin did not work as described in the manual page When executed with this option the plugin would display the error Value any should only be numbers and terminate With the error corrected the plugin works as documented BZ 474466 107 previously audisp would read not only its configuration file in etc audisp plugins d but any files with names simlar to its configurat...

Page 32: ...ect event logging Users of audit are advised to upgrade to these updated packages which add these enhancements and bug fixes 1 12 authconfig 1 12 1 RHBA 2009 0482 bug fix update Note This update has already been released prior to the GA of this release as FASTRACK errata RHBA 2009 0482 112 Updated authconfig packages that fix a bug are now available The authconfig packages contain a program with b...

Page 33: ...ication resulted in error messages similar to the following in Postgresql s pg_log where user is the username of the user attempting to connect CESTLOG invalidly formatted response from Ident server 49795 5432 ERROR user This authd error has been corrected so that users are now able to log in successfully thus resolving the issue previously installing the authd package resulted in the creation of ...

Page 34: ...ice node for routing ioctl commands to these mount points has been implemented in the autofs4 kernel module and a library added to autofs This provides the ability to re construct a mount tree from existing mounts and then re connect them BZ 452122 118 Previously the version of autofs shipped with Red Hat Enterprise Linux 5 used the hosts method as its default way to handle net mounts Using this m...

Page 35: ... future BZ 487656 126 Previously the additive hashing algorithm used by autofs to generate hash values would result in a clustering of values that favoured a small range of hash indexes and led to reduced performance in large maps Autofs now uses a one at a time hash function which gives a better distribution of hash values in large hash tables Use of the one at a time hash function safeguards loo...

Page 36: ...ad locking was missing from the st_remove_tasks function which meant in turn that its calling function could not get the locks that it required This could result in a segmentation fault and a crash of autofs Now with the thread locking properly in place the segmentation fault is avoided BZ 494319 135 Previously when autofs looked up a host name where when one NFS server name was associated with mu...

Page 37: ...e now available for Red Hat Enterprise Linux 5 This update has been rated as having important security impact by the Red Hat Security Response Team Updated 29th July 2009 The packages in this erratum have been updated to also correct this issue in the bind sdb package The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols BIND includes a DNS server name...

Page 38: ...kages which resolve this issue 1 16 3 RHBA 2009 1420 bug fix and enhancement update Updated bind packages that fix several bugs and add various enhancements are now available for Red Hat Enterprise Linux 5 The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols BIND includes a DNS server named a resolver library routines for applications to use when inte...

Page 39: ... to non authoritative data such as cached data and root hints is now supported BZ 483708 151 the sample etc named conf configuration file provided with these packages has been improved BZ 485393 152 Users are advised to upgrade to these updated bind packages which resolve these issues and add these enhancements 1 17 binutils 1 17 1 RHBA 2009 0465 bug fix update Note This update has already been re...

Page 40: ...x packages provide fixes for the following bugs busybox provides a diff utility that is used extensively during installation When this diff utility was called using the q option which reports only whether the files differ and not the details of how they differ it always exited with an exit status of 0 indicating success With this busybox update the command diff q correctly returns an exit status t...

Page 41: ...ade to these updated packages which resolve these issues 1 19 2 RHBA 2009 1103 bug fix update Note This update has already been released prior to the GA of this release as errata RHBA 2009 1103 164 Updated cman packages that fix various bugs are now available The Cluster Manager cman utility provides user level services for managing a Linux cluster This update applies the following bug fixes group...

Page 42: ... the output of the utilities via a symbolic link attack CVE 2008 4579 166 CVE 2008 6552 167 Bug fixes a buffer could overflow if cluster conf had more than 52 entries per block inside the cman block The limit is now 1024 the output of the group_tool dump subcommands were NULL padded using device instead of label no longer causes qdiskd to incorrectly exit the IPMI fencing agent has been modified t...

Page 43: ...are now allowed from unprivileged CPG clients with the user and group of ais groupd no longer allows the default fence domain to be 0 which previously caused rgmanager to hang Now rgmanager no longer hangs the RSA fence agent now supports SSH enabled RSA II devices the DRAC fence agent now works with the Integrated Dell Remote Access Controller iDRAC on Dell PowerEdge M600 blade servers fixed a me...

Page 44: ... was fixed the segfault was caused by mirrors being suspended too quickly after being started The large number of dm log clustered timeouts generated by a pvmove no longer causes a cluster deadlock Remnants of a moved device no longer remain in a volume group Device mapper userspace logs now have a local unique identifier to prevent issues when two logs have the same UUID Users of cmirror are advi...

Page 45: ...caused some operations to fail when accessing Conga via Microsoft Internet Explorer was fixed A bug that caused quorum disk heuristics to be lost after changing quorum disk main properties was fixed A bug that made it impossible to set failover domains for virtual machine services was fixed A bug that required that a fence device password be provided when a password script has been defined was fix...

Page 46: ...nts under it did not cause autofs to mount those directories which resulted in df not factoring in the disk usage of those automount directories With this update invoking the df command does trigger automount which in turn results in a correct disk usage count BZ 497830 172 several other utilities in the coreutils package possessed undocumented options which could have led to user confusion Those ...

Page 47: ...ists ACLs are now preserved when copying or moving files with cp or mv to or from NFSv4 mounted file systems BZ 454072 180 All coreutils users are advised to upgrade to this updated package which resolves these issues 1 24 cpio 1 24 1 RHBA 2009 0379 bug fix update Note This update has already been released prior to the GA of this release as FASTRACK errata RHBA 2009 0379 181 An updated cpio packag...

Page 48: ...mpted to make cpuspeed run reliably on Xen kernels by only allowing cpuspeed to start on Xen kernels if the number of virtual CPUs in dom0 equalled the number of physical CPUs in the system However this condition can never be true until xend starts and xend starts after cpuspeed Therefore cpuspeed would only run properly on Xen kernels if cpuspeed were restarted after the system completed the boot...

Page 49: ... The bt o option and setting it to run by default with bt O would fail with the vmlinux specific error message bt invalid structure size desc_struct with a stack trace leading to read_idt_table Now it will display the generic error message bt o option not supported or applicable on this architecture or kernel The bt e or bt E will also display the same error message as opposed to the command usage...

Page 50: ...tack led to a segmentation fault BZ 478904 198 The upstream changelog referenced below details additional bug fixes and enhancements provided by the rebase of this package All users of crash are advised to upgrade to these updated packages which resolve these issues 1 27 cryptsetup luks 1 27 1 RHBA 2009 1349 bug fix update Updated cryptsetup luks packages that fix various bugs are now available Th...

Page 51: ... updates This update will also cause local modifications to those files to be lost but will prevent the same situation occurring with future updates BZ 474769 the compression job option was encoded with the wrong IPP tag preventing the document format job option from overriding automatic MIME type detection of compressed job files BZ 474814 the mailto CUPS notifier used the wrong line ending when ...

Page 52: ...ted as having important security impact by the Red Hat Security Response Team The Common UNIX Printing System CUPS provides a portable printing layer for UNIX operating systems The Internet Printing Protocol IPP allows users to print and manage printing related tasks over a network A NULL pointer dereference flaw was found in the CUPS IPP routine used for processing incoming IPP requests for the C...

Page 53: ...low was discovered in the Tagged Image File Format TIFF decoding routines used by the CUPS image converting filters imagetops and imagetoraster An attacker could create a malicious TIFF file that could potentially execute arbitrary code as the lp user if the file was printed CVE 2009 0163 215 Multiple denial of service flaws were found in the CUPS JBIG2 decoder An attacker could create a malicious...

Page 54: ...ich contain a backported patch to correct these issues All running applications using libcurl must be restarted for the update to take effect 1 30 2 RHSA 2009 0341 Moderate security update Important This update has already been released prior to the GA of this release as the security errata RHSA 2009 0341 221 Updated curl packages that fix a security issue are now available for Red Hat Enterprise ...

Page 55: ...nected server so that host mismatch does not occur BZ 473245 223 attempting to process large numbers of files with long names caused problems with some scripts due to lengthy command line arguments This problem has been resolved by adding the possibility of passing arguments through standard input BZ 462062 224 All users of cvs are advised to upgrade to this updated package which resolves these is...

Page 56: ...ttempting to connect to the update server failed and resulted in the following error messages being logged to var log maillog connect 192 168 11 110 failed Invalid argument couldn t connect to MUPDATE server IP address no connection to server FATAL error connecting with MUPDATE server These updated packages correct this problem so that connecting to the update server now works as expected BZ 32651...

Page 57: ... into it The pluginviewer command is now linked dynamically so it can display any cyrus sasl plugins which are installed on the system BZ 473197 234 the ldap authentication method had very long timeout for network failure detection The saslauthd now sets a network failure timeout based on the ldap_timeout configuration option BZ 475726 235 All Cyrus users are advised to install this updated packag...

Page 58: ...nclude these enhancements 1 36 device mapper multipath 1 36 1 RHBA 2009 0432 bug fix update Note This update has already been released prior to the GA of this release as errata RHBA 2009 0432 237 Updated device mapper multipath packages that resolve an issue are now available The device mapper multipath packages provide tools to manage multipath devices by issuing instructions to the device mapper...

Page 59: ...incorrect permissions on the socket used to communicate with command line clients An unprivileged local user could use this flaw to send commands to multipathd resulting in access disruptions to storage devices accessible via multiple paths and possibly file system corruption on these devices CVE 2009 0115 239 Users of device mapper multipath are advised to upgrade to these updated packages which ...

Page 60: ...d device mapper multipath packages which resolve this issue 1 36 4 RHEA 2009 1377 bug fix and enhancement update Updated device mapper multipath packages that fix several bugs and add various enhancements are now available The device mapper multipath packages provide tools to manage multipath devices using the device mapper multipath kernel module This update applies the following bug fixes Occasi...

Page 61: ... update contains an added process that properly checks the validity of interface names which resolves this issue BZ 441524 241 This update corrects a bug in the way the dhclient script file processed the localClockFudge variable In previous releases this bug caused the NTPD daemon to restart unexpectedly at times BZ 450301 242 dhclient now retains relay agent options when it enters the INIT and RE...

Page 62: ...s issue 1 39 dmidecode 1 39 1 RHBA 2009 1324 enhancement update An updated dmidecode package that fixes a bug and adds enhancements is now available The dmidecode package provides utilities for extracting x86 and ia64 hardware information from the system BIOS or EFI according to the SMBIOS DMI standard This information typically includes system manufacturer model name serial number BIOS version as...

Page 63: ...eed to complete the following manual procedure 1 Ensure the new dmraid events logwatch package is installed 2 Un comment the functional portion of the etc cron d dmeventd logwatch crontab file The sgpio and dmevent_tool applications get installed with the dmraid package now The drive order for isw RAID01 sets is now identical with the OROM order Various issues with wrong LED rebuild and metadata s...

Page 64: ...de for the new file to be the same as the mode of the old file filtered through the user s umask Users of dos2unix should upgrade to this updated package which resolves these issues 1 42 dump 1 42 1 RHBA 2009 0425 bug fix update Note This update has already been released prior to the GA of this release as FASTRACK errata RHBA 2009 0425 252 Updated dump packages that resolve several issues are now ...

Page 65: ...tools 1 43 1 RHBA 2009 1072 bug fix update Note This update has already been released prior to the GA of this release as FASTRACK errata RHBA 2009 1072 253 An updated dvd rw tools package that addresses a bug and corrects a typo is now available for Red Hat Enterprise Linux 5 The dvd rw tools package is a collection of tools to master DVD RW R media on some systems with manually operated DVD drive...

Page 66: ...BZ 488960 258 the e2fsck method pass3 would use a pointer regardless of whether it contained a null value This would result in a segfault The method has been corrected and the problem no longer presents BZ 505110 261260259 the ismounted method was set to use two arguments when it required three This has been corrected and the method now works as expected BZ 505110 264263262 the debugfs method logd...

Page 67: ...s packages that fix a security issue various bugs and add enhancements are now available for Red Hat Enterprise Linux 5 This update has been rated as having low security impact by the Red Hat Security Response Team eCryptfs is a stacked cryptographic file system transparent to the underlying file system and provides per file granularity eCryptfs is released as a Technology Preview for Red Hat Ente...

Page 68: ... helper to encrypt the entire key When this situation occurred the mount helper did not display an error message alerting the user to the fact that the key size was too small possibly leading to corrupted files The eCryptfs mount helper now refuses RSA keys which are to small to encrypt the eCryptfs key BZ 499175 274 when standard input was redirected from dev null or was unavailable attempting to...

Page 69: ...website access This updated package fixes the following bugs If a smart card were inserted when the esc daemon was already running then there could be odd behaviors when the ESC GUI was opened For example if the smart card was blank then the Phone Home configuration dialog would not open When the smart card was removed then esc could crash BZ 496410 279 If a user attempted to re enroll a formatted...

Page 70: ...O is enabled for supported ethernet adapters This updated ethtool provides a command line interface ethtool k for setting and querying that flag BZ 509398 281 All ethtool users should upgrade to this updated package which adds this capability 1 50 evince 1 50 1 RHBA 2009 1404 bug fix update An updated evince package that fixes a printing bug is now available evince is a GNOME based document viewer...

Page 71: ...had to manually alter the memo s date afterward BZ 217541 290 searching an address book using the any field option when no results were found caused Evolution to display all contacts instead of none This behavior is now more intuitive no contacts are displayed when none are found BZ 217714 291 while in Mail view deselecting a previously selected group of messages by clicking on one of those select...

Page 72: ...teract with a Microsoft Exchange Server This updated evolution connector package includes fixes for the following bugs when adding a new Exchange account a Mailbox name separate from the user name can now be specified BZ 205787 304 a memory leak related to using Exchange accounts has been plugged BZ 393761 305 dragging and dropping messages into the Personal Folders caused those messages to be irr...

Page 73: ...an application using Evolution Data Server to disclose portions of its memory or crash during user authentication CVE 2009 0582 312 Multiple integer overflow flaws which could cause heap based buffer overflows were found in the Base64 encoding routines used by Evolution Data Server This could cause an application using Evolution Data Server to crash or possibly execute an arbitrary code when large...

Page 74: ...ult that disabling a mail account no longer causes Evolution to crash BZ 437758 317 Evolution Data Server could segmentation fault when provided a malformed CalDAV calendar URL With these updated packages Evolution performs better error checking on calendar URLs which prevents this issue from occurring BZ 440232 318 the Exchange connector for Evolution Data Server contained several memory leaks wh...

Page 75: ...s The find utility searches for files matching a certain set of criteria The xargs utility builds and executes command lines from standard input arguments This updated findutils package adds the following enhancement when using the find utility to search a directory hierarchy which contained autofs mounts it dutifully triggered the aufofs mounts so that they could be searched even when find had be...

Page 76: ...Important This update has already been released prior to the GA of this release as the security errata RHSA 2009 1162 330 Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5 This update has been rated as having critical security impact by the Red Hat Security Response Team Mozilla Firefox is an open source Web browser XULRunner provides ...

Page 77: ...itrary code as the user running Firefox CVE 2009 1392 341 CVE 2009 1832 342 CVE 2009 1833 343 CVE 2009 1837 344 CVE 2009 1838 345 CVE 2009 1841 346 Multiple flaws were found in the processing of malformed local file content If a user loaded malicious local content via the file URL it was possible for that content to access other local data CVE 2009 1835 347 CVE 2009 1839 348 A script privilege ele...

Page 78: ...update has been rated as having critical security impact by the Red Hat Security Response Team Mozilla Firefox is an open source Web browser XULRunner provides the XUL Runtime environment for Mozilla Firefox A flaw was found in the processing of malformed web content A web page containing malicious content could cause Firefox to crash or potentially execute arbitrary code as the user running Firef...

Page 79: ... can find a link to the Mozilla advisories in the References section of this errata All Firefox users should upgrade to these updated packages which contain Firefox version 3 0 9 which corrects these issues After installing the update Firefox must be restarted for the changes to take effect 1 57 5 RHSA 2009 0397 Critical security update Important This update has already been released prior to the ...

Page 80: ... This update has been rated as having critical security impact by the Red Hat Security Response Team Mozilla Firefox is an open source Web browser Several flaws were found in the processing of malformed web content A web page containing malicious content could cause Firefox to crash or potentially execute arbitrary code as the user running Firefox CVE 2009 0040 371 CVE 2009 0771 372 CVE 2009 0772 ...

Page 81: ...ering sensitive information CVE 2009 0354 383 CVE 2009 0355 384 A flaw was found in the way Firefox treated HTTPOnly cookies An attacker able to execute arbitrary JavaScript on a target site using HTTPOnly cookies may be able to use this flaw to steal the cookie CVE 2009 0357 385 A flaw was found in the way Firefox treated certain HTTP page caching directives A local attacker could steal the conte...

Page 82: ...ed SWF file could trick a user into unintentionally or mistakenly clicking a link or a dialog CVE 2009 1867 395 A flaw was found in the Flash Player local sandbox A specially crafted SWF file could cause information disclosure when it was saved to the hard drive CVE 2009 1870 396 All users of Adobe Flash Player should install this updated package which upgrades Flash Player to version 10 0 32 18 1...

Page 83: ...PDQ from the database As well foomatic makes it possible to read PJL options out of PJL capable laser printers and take them into account when driver description files are generated The package also includes spooler independent command line interfaces to manipulate queues foomatic configure and to print files and manipulate print jobs foomatic printjob This updated package addresses the following ...

Page 84: ...se issues The X server must be restarted log out then log back in for this update to take effect 1 61 gcc 1 61 1 RHBA 2009 1376 bug fix update A gcc update that resolves several GFortran compiler bugs along with several other bugs is now available The gcc packages include C C Java Fortran Objective C and Ada 95 GNU compilers along with related support libraries This update applies the following bu...

Page 85: ...469 410 Users are advised to upgrade to this gcc update which applies these fixes 1 62 gcc44 1 62 1 RHBA 2009 1375 bug fix and enhancement update The GNU Compiler Collection GCC version 4 4 0 is now available as Technology Preview The gcc44 packages provide the GNU Compiler Collection GCC which includes GNU compilers and related support libraries for C C and Fortran programming languages These pac...

Page 86: ...les always have the same debugging information for each possible constructor destructor implementation kind which allows the compiler to keep their DIE debugging information entry only in the single abstract instance of the constructor However GDB did not automatically inherit whole DIEs from the abstract instances to the concrete instances As such the static variables in C constructors were not v...

Page 87: ...ess do not unexpectedly resume BZ 498595 428 This update also implements various parts of Fortran language support With this implementation gfortran44 not gfortran is now used to compile Fortran programs The gfortran44 compiler is provided by the gcc44 update included in this release as a Technology Preview GDB users are advised to apply this update 1 64 gdm 1 64 1 RHSA 2009 1364 Low security and ...

Page 88: ..._error_trap_pop and gdk_error_trap_push functions which resolves this bug This ensures that the X server can start properly even when devices defined in etc X11 xorg conf are not plugged in BZ 474588 435 All users should upgrade to these updated packages which resolve these issues GDM must be restarted for this update to take effect Rebooting achieves this but changing the runlevel from 5 to 3 and...

Page 89: ...ckages apply the following bug fixes An issue was fixed which caused gfs_fsck to attempt to fix the wrong bitmap gfs_fsck s ability to fix damaged resource groups has been improved A human readable option has been added to to gfs_tool df Fixed an issue which could potentially cause gfs_fsck to remove everything in a corrupt filesystem gfs_grow performance has been improved on 1k block size filesys...

Page 90: ...stem could cause corruption this bug has been fixed All users of gfs2 utils should upgrade to these updated packages which resolve these issues 1 67 3 RHBA 2009 0280 bug fix update Note This update has already been released prior to the GA of this release as errata RHBA 2009 0280 439 Updated gfs2 utils packages that fix various bugs are now available The gfs2 utils packages provide the user space ...

Page 91: ...put mounting GFS2 file systems with the noatime or noquota option now works properly new capabilities have been added to the gfs2_edit tool to help in testing and debugging GFS and GFS2 issues the gfs2_tool df command no longer segfaults on file systems with a block size other than 4k the gfs2_grow manual page no longer references the r option which has been removed the gfs2_tool unfreeze command ...

Page 92: ...ges that could cause Ghostscript to crash or potentially execute arbitrary code when opened CVE 2009 0792 442 A buffer overflow flaw and multiple missing boundary checks were found in Ghostscript An attacker could create a specially crafted PostScript or PDF file that could cause Ghostscript to crash or potentially execute arbitrary code when opened CVE 2008 6679 443 CVE 2007 6725 444 CVE 2009 019...

Page 93: ...printers This update applies the following fixes an incorrect offset computation that occurred when handling subglyphs made it possible for ghostscript to read uninitialized data When this occurred ghostscript would crash with a segmentation fault This update corrects the offset computation preventing ghostscript from reading uninitialized data BZ 450717 449 the way that the Ghostscript source cod...

Page 94: ...e way giflib decodes GIF images An attacker could create a carefully crafted GIF image that could cause an application using giflib to crash or possibly execute arbitrary code when opened by a victim CVE 2005 2974 456 CVE 2005 3350 457 All users of giflib are advised to upgrade to these updated packages which contain backported patches to resolve these issues All running applications using giflib ...

Page 95: ...ault SIGSEGV to occur in multi threaded applications This was caused by an improper free call which freed _nl_global_locale __names category around the same time strcmp tried to access it As such it was possible for strcmp to access _nl_global_locale __names category after it was freed i e no longer available resulting in a segmentation fault To fix this this update adds a return call to make _nl_...

Page 96: ...unning getent networks now only displays network map entries using spaces or tabs as delimiters BZ 484082 467 This update now includes the RUSAGE_THREAD definition in the glibc headers This allows the getrusage function call to retrieve information about the resource usage of a thread BZ 484214 468 The inet6_opt_init function incorrectly counted the first octet when computing the length of extensi...

Page 97: ...irectory entries for both 32 bit and 64 bit platforms Red Hat Enterprise Linux 4 used getdents64 for 64 bit platforms Because of this the opendir function did not allocate more memory for directory reads on 64 bit platforms resulting in much slower reads on Red Hat Enterprise Linux 5 To resolve this opendir now has an increased default buffer size if memory allocation fails as it would on 32 bit a...

Page 98: ...ed packages the malloc code has been revised to ensure better thread safety as well as to adhere to C standards BZ 502901 485 All users of glibc are advised to upgrade to these updated packages which resolve this issue 1 72 gnome python2 desktop 1 72 1 RHBA 2009 0405 bug fix update Note This update has already been released prior to the GA of this release as FASTRACK errata RHBA 2009 0405 486 An u...

Page 99: ... the previous session thus resolving the problem BZ 484431 489 All users of gnome session are advised to upgrade to this updated package which resolves this issue 1 74 grep 1 74 1 RHBA 2009 0481 bug fix update Note This update has already been released prior to the GA of this release as FASTRACK errata RHBA 2009 0481 490 An updated grep package that fixes various bugs is now available Grep searche...

Page 100: ...r as the boot disk this could cause the grub shell to segfault and crash With this update grub no longer assumes constant strings in the XFS file system driver are writable obviating the error BZ 496949 495 And adds the following enhancement previously grub install did not support installing on virtio_blk devices When attempted it printed the error message device path does not have any correspondi...

Page 101: ...g media framework based on graphs of filters which operate on media data GStreamer Good Plug ins is a collection of well supported good quality GStreamer plug ins Multiple integer overflow flaws that could lead to a buffer overflow were found in the GStreamer Good Plug ins PNG decoding handler An attacker could create a specially crafted PNG file that would cause an application using the GStreamer...

Page 102: ... widget for GTK It is built using co routines allowing it to be completely asynchronous while remaining single threaded This update addresses the following issues the handling of the virtual mouse pointer could result in the pointer getting stuck against an invisible wall unable to move into some areas of the virtual machine display area BZ 487560 505 handling of non US layout keyboards had flaws ...

Page 103: ...ollowing enhancements new man pages for the installed binaries BZ 217644 517 the child timeout can now be set for machines with a large number of devices BZ 463128 518 1 80 htdig 1 80 1 RHBA 2009 0291 bug fix update Note This update has already been released prior to the GA of this release as FASTRACK errata RHBA 2009 0291 519 Updated htdig packages that resolve several issues are now available Th...

Page 104: ...ase as the security errata RHSA 2009 1148 520 Updated httpd packages that fix two security issues are now available for Red Hat Enterprise Linux 5 This update has been rated as having important security impact by the Red Hat Security Response Team The Apache HTTP Server is a popular Web server A denial of service flaw was found in the Apache mod_proxy module when it was used as a reverse proxy A r...

Page 105: ...9 1195 525 All httpd users should upgrade to these updated packages which contain backported patches to resolve these issues Users must restart httpd for this update to take effect 1 81 3 RHBA 2009 1380 bug fix update Updated httpd packages that fix various bugs are now available The Apache HTTP Server is a popular and freely available Web server These updated httpd packages provide fixes for the ...

Page 106: ...d invocations could affect other httpd processes running on the system BZ 491135 533 during a graceful restart a spurious Bad file descriptor error message was sometimes logged The error though harmless occurred because the socket on which the server called the accept function was immediately closed in child processes upon receipt of the graceful restart signal This error message is no longer logg...

Page 107: ...hould upgrade to this updated package which resolves this issue 1 83 hwdata 1 83 1 RHEA 2009 1348 enhancement update An updated hwdata package that adds enhancements is now available The hwdata package contains tools for accessing and displaying hardware identification and configuration data This updated package includes the following additional entries to the Red Hat Enterprise Linux 5 4 pci ids ...

Page 108: ...pt to warn the user if any of these boolean requirements are not met at runtime BZ 474152 550 this update also fixes a bug that caused the fcntl system call to fail whenever the flock structure was filled with values exceeding 2GB BZ 494004 551 With this update the IA 32 Execution Layer is now at version V7 this adds support for the latest system calls and SSE4 2 instructions In addition this upda...

Page 109: ... to bypass certain content protection mechanisms or display information in a manner misleading to the user CVE 2008 1036 556 All users of icu should upgrade to these updated packages which contain backported patches to resolve these issues 1 86 initscripts 1 86 1 RHBA 2009 1344 bug fix update The initscripts package contains system scripts to boot your system change runlevels activate and deactiva...

Page 110: ...t incorrectly handled the clean up of sub directories in var run libvirt Consequently rc sysinit could not remove the var run libvirt network and var run libvirt qemu directories With this update rc sysinit now correctly removes these directories BZ 505600 565 previously the etc init d network script initialized ipsec tunnels before vlan interfaces Consequently route handling traffic was not creat...

Page 111: ...for the Linux kernel now enable this functionality Note along with this iptables update the kernel update for Red Hat Enterprise Linux 5 4 must be installed and the system must be rebooted in order to enable Differentiated Services Code Point DSCP match target functionality for IPv6 BZ 480371 574 In addition these updated iptables packages provide fixes for the following bugs the init scripts for ...

Page 112: ...ment update An iprutils update that fixes a buffer alignment bug and improves the performance of supported SSDs is now available The iprutils package provides a suite of utilities to manage and configure SCSI devices supported by the ipr SCSI storage device driver This update addresses the following bug and adds the following enhancement a buffer alignment problem prevented iprconfig from updating...

Page 113: ...mote attacker is able to make multiple connection attempts to the racoon daemon it was possible to cause the racoon daemon to consume all available memory CVE 2009 1632 586 Users of ipsec tools should upgrade to this updated package which contains backported patches to correct these issues Users must restart the racoon daemon for this update to take effect 1 91 iputils 1 91 1 RHBA 2009 1090 bug fi...

Page 114: ...425 590 previously you could install the debuginfo packages but because the makefile stripped the symbol table they contained no data The ipvsadm makefile no longer strips the symbol table and installing the debuginfo packages adds ipvsadm debug and the debugging source as expected BZ 500601 591 Users of ipvsadm are advised to upgrade to these updated packages which resolve these issues 1 93 irqba...

Page 115: ...dcom iSCSI cards is now available The iscsi package provides the server daemon for the iSCSI protocol as well as the utility programs used to manage it iSCSI is a protocol for distributed disk access using SCSI commands sent over Internet Protocol networks Bugs fixed and enhancements added in this updated package include iscsi initiator utils now includes support for Broadcom bnx2 and bnx2x networ...

Page 116: ...ation about the boot environment from the iSCSI boot firmware table IBFT However this information does not include the target portal group tag TPGT associated with the boot target Iscsiadm would assume that the relevant TPGT should be 1 In cases where this was correct the boot process would continue as intended In all other cases iscsiadm would be unable to find the target necessary for the boot t...

Page 117: ...5 wireless driver with the firmware it requires in order to function correctly with iwl3945 hardware This updated iwl3945 firmware package adds the following enhancement The iwl3945 driver and the iwl3945 firmware work together to provide proper wireless functionality It is best to pair equivalent versions of these components in order to provide maximum compatibility between them which this update...

Page 118: ... issue All users of jadetex are advised to upgrade to this updated package which resolves this issue 1 99 java 1 4 2 ibm 1 99 1 RHSA 2009 0445 Critical security update Important This update has already been released prior to the GA of this release as the security errata RHSA 2009 0445 611 Updated java 1 4 2 ibm packages that fix several security issues are now available for Red Hat Enterprise Linu...

Page 119: ...es and supporting files and includes a Web browser plug in for running Java applets It is the runtime section of the Java 5 SDK but without the development tools such as compilers and debuggers The Java 5 Software Development Kit SDK is a development environment for building applications applets and components that can be deployed on the Java platform The Java 5 SDK software includes tools useful ...

Page 120: ...2009 1098 634 CVE 2009 1099 635 CVE 2009 1100 636 CVE 2009 1101 637 CVE 2009 1103 638 CVE 2009 1104 639 CVE 2009 1105 640 CVE 2009 1106 641 CVE 2009 1107 642 All users of java 1 5 0 ibm are advised to upgrade to these updated packages containing the IBM 1 5 0 SR9 SSU Java release All running instances of IBM Java must be restarted for this update to take effect 629 https www redhat com security da...

Page 121: ... should upgrade to these updated packages which correct these issues All running instances of Sun Java must be restarted for the update to take effect 1 101 2 RHSA 2009 0394 Critical security update Important This update has already been released prior to the GA of this release as the security errata RHSA 2009 0394 653 Updated java 1 5 0 sun packages that correct several security issues are now av...

Page 122: ...2 Runtime Environment and the IBM Java 2 Software Development Kit These vulnerabilities are summarized on the IBM Security alerts page listed in the References section CVE 2009 1093 666 CVE 2009 1094 667 CVE 2009 1095 668 CVE 2009 1096 669 CVE 2009 1097 670 CVE 2009 1098 671 CVE 2009 1099 672 CVE 2009 1100 673 654 https www redhat com security data cve CVE 2006 2426 html 655 https www redhat com s...

Page 123: ...e IBM Security alerts page listed in the References section CVE 2008 5340 681 CVE 2008 5341 682 CVE 2008 5342 683 CVE 2008 5343 684 CVE 2008 5351 685 CVE 2008 5356 686 CVE 2008 5357 687 CVE 2008 5358 688 All users of java 1 6 0 ibm are advised to upgrade to these updated packages containing the IBM 1 6 0 SR4 Java release All running instances of IBM Java must be restarted for the update to take ef...

Page 124: ...ss access restrictions by acquiring references to privileged objects through finalizer resurrection CVE 2009 2476 692 A denial of service flaw was found in the way the JRE processes XML A remote attacker could use this flaw to supply crafted XML that would lead to a denial of service CVE 2009 2625 693 A flaw was found in the JRE audio system An untrusted applet or application could use this flaw t...

Page 125: ...the appletviewer application This update also fixes the following bug the EVR in the java 1 6 0 openjdk package as shipped with Red Hat Enterprise Linux allowed the java 1 6 0 openjdk package from the EPEL repository to take precedence appear newer Users using java 1 6 0 openjdk from EPEL would not have received security updates since October 2008 This update prevents the packages from EPEL from t...

Page 126: ...vironment unpack200 functionality An untrusted applet could extend its privileges allowing it to read and write local files as well as to execute local applications with the privileges of the user running the applet CVE 2009 1095 712 CVE 2009 1096 713 A flaw in the Java Runtime Environment Virtual Machine code generation functionality could allow untrusted applets to extend their privileges An unt...

Page 127: ...erabilities are summarized on the Advance notification of Security Updates for Java SE page from Sun Microsystems listed in the References section CVE 2009 0217 718 CVE 2009 2475 719 CVE 2009 2476 720 CVE 2009 2625 721 CVE 2009 2670 722 CVE 2009 2671 723 CVE 2009 2672 724 CVE 2009 2673 725 CVE 2009 2674 726 CVE 2009 2675 727 CVE 2009 2676 728 CVE 2009 2690 729 Users of java 1 6 0 sun should upgrad...

Page 128: ...ges that correct several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary This update has been rated as having critical security impact by the Red Hat Security Response Team The Sun 1 6 0 Java release includes the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit This update fixes several vulnerabilities in the Sun Java 6 Runtime ...

Page 129: ... java 1 6 0 sun are advised to upgrade to these updated packages which resolve these issues 1 105 kdebase 1 105 1 RHBA 2009 1277 bug fix update Updated kdebase packages that fix various bugs are now available The K Desktop Environment KDE is a graphical desktop environment for the X Window System The kdebase packages include core applications for the K Desktop Environment These updated packages fi...

Page 130: ...aving critical security impact by the Red Hat Security Response Team The kdegraphics packages contain applications for the K Desktop Environment KDE Scalable Vector Graphics SVG is an XML based language to describe vector images KSVG is a framework aimed at implementing the latest W3C SVG specifications A use after free flaw was found in the KDE KSVG animation element implementation A remote attac...

Page 131: ...to crash or potentially execute arbitrary code when opened CVE 2009 0166 760 CVE 2009 1180 761 Multiple input validation flaws were found in KPDF s JBIG2 decoder An attacker could create a malicious PDF file that would cause KPDF to crash or potentially execute arbitrary code when opened CVE 2009 0800 762 Multiple denial of service flaws were found in KPDF s JBIG2 decoder An attacker could create ...

Page 132: ...a specially crafted HTML page which once visited by an unsuspecting user could cause a denial of service Konqueror crash or potentially execute arbitrary code with the privileges of the user running Konqueror CVE 2009 1690 768 An integer overflow flaw leading to a heap based buffer overflow was found in the way the KDE JavaScript garbage collector handled memory allocation requests A remote attack...

Page 133: ...e This update has already been released prior to the GA of this release as FASTRACK errata RHBA 2009 1057 771 Updated kdepim packages that fix a bug are now available The K Desktop Environment KDE is a graphical desktop for the X Window System The KDE Personal Information Management kdepim suite helps you to organize your mail tasks appointments and contacts This update includes the following fix ...

Page 134: ...mmap_min_addr protection mechanism and perform a NULL pointer dereference attack or bypass the Address Space Layout Randomization ASLR security feature CVE 2009 1895 776 Important Ramon de Carvalho Valle reported two flaws in the Linux kernel eCryptfs implementation A local attacker with permissions to perform an eCryptfs mount could modify the metadata of the files in that eCrypfts mount to cause...

Page 135: ...ise Linux 5 2 and later to avoid this bug With this update the kernel automatically disables MSI on VIA VT3364 chipsets during boot The pci nomsi boot option is no longer required to install or boot Red Hat Enterprise Linux successfully BZ 507529 790 shutting down destroying or migrating Xen guests with large amounts of memory could cause other guests to be temporarily unresponsive BZ 512311 791 U...

Page 136: ...ditions that were the cause of BZ 48692 796 With this update the parent pte is not set to writable if the src pte is unmapped by the VM preventing the race condition from occurring BZ 507297 797 the copy_hugetlb_page_range function assumed it was safe to drop the source mm page_table_lock before calling hugetlb_cow As a consequence a kernel panic occurred when a particular multi threaded applicati...

Page 137: ...alloc_pages functions did not zero out the memory pages they allocate which may later be available to user space processes This flaw could possibly lead to an information leak CVE 2009 1192 805 Low Bug fixes a race in the NFS client between destroying cached access rights and unmounting an NFS file system could have caused a system crash Busy inodes messages may have been logged BZ 498653 806 nano...

Page 138: ... logic error was found in the do_setlk function of the Linux kernel Network File System NFS implementation If a signal interrupted a lock request the local POSIX lock was incorrectly created This could cause a denial of service on the NFS server if a file descriptor was closed before its corresponding lock request returned CVE 2008 4307 821 Important a deficiency was found in the Linux kernel syst...

Page 139: ...2 on the Itanium architecture nanosleep caused commands which used it such as sleep and usleep to sleep for one second more than expected BZ 490434 833 a panic and corruption of slab cache data structures occurred on 64 bit PowerPC systems when clvmd was running BZ 491677 834 the NONSTOP_TSC feature did not perform correctly on the Intel microarchitecture Nehalem when running in 32 bit mode BZ 493...

Page 140: ...ror CVE 2009 0269 844 Moderate a deficiency was found in the Remote BIOS Update RBU driver for Dell systems This could allow a local unprivileged user to cause a denial of service by reading zero bytes from the image_type or packet_size files in sys devices platform dell_rbu CVE 2009 0322 845 Moderate an inverted logic flaw was found in the SysKonnect FDDI PCI adapter driver allowing driver statis...

Page 141: ...ly set at boot causing slow gettimeofday calls BZ 488239 859 do_machine_check cleared all Machine Check Exception MCE status registers preventing the BIOS from using them to determine the cause of certain panics and errors BZ 490433 860 scaling problems caused performance problems for LAPI applications BZ 489457 861 a panic may have occurred on systems using certain Intel WiFi Link 5000 products w...

Page 142: ...rget the clock_gettime CLOCK_THREAD_CPUTIME_ID syscall returned a smaller timespec value than the result of previous clock_gettime function execution which resulted in a negative and nonsensical elapsed time value nfs_create_rpc_client was called with a flavor parameter which was usually ignored and ended up unconditionally creating the RPC client with an AUTH_UNIX flavor This caused problems on A...

Page 143: ...and Julien Tinnes of the Google Security Team for responsibly reporting these flaws These updated packages also fix the following bug in the dlm code a socket was allocated in tcp_connect_to_sock but was not freed in the error exit path This bug led to a memory leak and an unresponsive system A reported case of this bug occurred after running cman_tool kill n nodename BZ 515432 874 Users should up...

Page 144: ...ting behavior Now when the dirty_ratio is set to 100 the system will no longer limit writing to pagecache memory BZ 295291 881 The rd_blocksize option found in the previous kernel s ramdisk driver was causing data corruption when using large ramdisks under a reasonable system load This update removes this unnecessary option and resolves the data corruption issues BZ 480663 882 The function getrusa...

Page 145: ...ystemTap Bugzilla 493444 891 499008 892 493454 893 475719 894 This kernel update adds the success value to sched_wakeup and sched_wakeup_new tracepoints to track successful schedule wakes BZ 497414 895 This update includes a new dropstat script to monitor and locate packets that are dropped within the host machine BZ 470539 896 The new systemtap direct kernel tracepoint support requires access to ...

Page 146: ... patch to allow access to files on a GFS2 file system from client machines running the older and previously incompatible NFS v2 file sharing protocol BZ 497954 913 1 110 9 5 Networking Kernel updates that relate to Networking issues A new module has been added to this kernel version to enable DSCP Differentiated Services Code Point setting in systems using IPv6 netfilter BZ 481652 914 In order to ...

Page 147: ...hreaded applications slowed down drastically in pthread_create This is because glibc uses MAP_32BIT to allocate those stacks As the use of MAP_32BIT is a legacy implementation this update adds a new flag MAP_STACK mmap to the kernel to avoid constraining 64 bit applications BZ 459321 922 The update includes a feature bit that encourages Time Stamp Clocks TSCs to keep running in deep C states This ...

Page 148: ...was run This update adds a patch to have show_cpuinfo identify Power7 architectures as Power6 BZ 486649 933 This update includes several patches that are required to add improve MSI X Message Signaled Interrupts support on machines using System P processors BZ 492580 934 A patch has been added to this release to enable the functionality of the previously problematic power button on Cell Blades mac...

Page 149: ... of this update the hvc_console has been upgraded BZ 475551 942 This update includes functionality that allows users to add new kernel options using the IPL command without modifying the content of the CMS parmfile The entire boot command line can be replaced with the VM parameter string and new Linux Named Saved Systems NSS can also be created on the CP CMS command line BZ 475530 943 Crypto Devic...

Page 150: ... using pci_enable which enables regions probed by the device s Base Address Register BAR On larger servers I O port resources may not be assigned to all the PCI devices due to coded limitations and base register fragmentation This update adds removes and refines multiple functions so as to improve resource allocation around free I O ports BZ 442007 960 Three new patches have been added to this ker...

Page 151: ...Support for the Crystal Beach 3 I O AT Acceleration Technology device has been included in this kernel update BZ 436039 972 BZ 436048 973 This update upgrades the bnx2 driver for Broadcom network devices The update fixes multiple performance issues including a kernel panic occurrence when attempting to unload the driver while in use and a non responsiveness issue caused by call traces initiated by...

Page 152: ...y does not have a keyword for the SILI bit It must be set explicitly with mt f dev nst0 stsetoptions 0x4000 BZ 457970 986 The bnx2 driver now supports iSCSI The bnx2i driver will access the bnx2 driver through the cnic module to provide iSCSI offload support BZ 441979 987 and BZ 441979 988 Note The bnx2i version included in this release does not support IPv6 The md driver has been updated to provi...

Page 153: ... 484438 997 The ipr driver now supports MSI X interrupts BZ 475717 998 A bug that caused iSCSI iBFT installations to panic during disk formatting is now fixed BZ 436791 999 Also a bug in the iscsi_r2t_rsp struct that caused kernel panics during iSCSI failovers in some multipathed environments is now fixed BZ 484455 1000 The lpfc driver has been updated to version 8 2 0 48 This enables hardware sup...

Page 154: ... devices being removed from xenstore before xend was able to create a configuration for the rebooted domain Code has been amended in xenbus c to correct this behavior BZ 233801 1014 A kernel crash occurred when a Xen user specified the mem or highmem command via the command line on either the host or guest systems This was caused by the array allocated to the p2m table being too small which result...

Page 155: ...ues from the VM system This results in a better use of memory and better response to low memory conditions reducing the likelihood of out of memory issues As a side effect this update reduces the processing load produced by GFS2 under certain workloads BZ 273001 1019 In order to enable new features as discussed in Bugzillas 252949 and 436048 I O AT Advanced Technology code has been updated and pro...

Page 156: ... iommu pt mode if a device is assigned to and then de assigned from a guest it can no longer be used in the host until the host has been rebooted PCI hotplug devices can not be used in iommu pt mode This update includes a fix for kernel panic encountered when attempting to run a kdump process on hardware virtual machine HVM in an ia64 architecture environment BZ 418591 1029 This update corrects so...

Page 157: ...Intel s Calpella chipset BZ 438469 1041 This update includes a patch to fix an interrupt storm several thousand interrupts encountered after boot with CD DVD drive connected to IDE of Enterprise South Bridge 2 ESB2 BZ 438979 1042 Pre release testing has assessed the ipr and iprutil drivers as supporting the SAS paddle card on pBlade extensions BZ 439566 1043 An upstream change to the e1000 and bnx...

Page 158: ...gzilla 451849 1054 This update enables raw device support for IBM System z platforms Bugzilla 452534 1055 This release updates the ext3 filesystem code to prevent kernel panic in dx_probe Bugzilla 454942 1056 This kernel update removes the linux 2 6 ipmi legacy ioport setup changes patch which was causing keyboard lockups on IBM p series 7028 and 7029 models during the installation process Bugzill...

Page 159: ...ments Bugzilla 454981 1068 This release contains an update to the copy_user code which fixes problems encountered when running LTP read02 tests BZ 456682 1069 Kernel code has been updated to fix an error in compiling a custom kernel that includes the snd sb16 ko module BZ 456698 1070 Various patches have been implemented in this release to resolve an issue with calltrace outputs showing on screen ...

Page 160: ... kexec feature either on a normal or a panic reboot This package contains the sbin kexec binary and ancillary utilities that together form the userspace component of the kernel s kexec feature This updated package provides a fix for the following bug Kernels booted under the kexec system failed to map regions in the system E820 map which were marked as reserved As some hardware vendors use these r...

Page 161: ...ame of the crashed kernel is saved in the dump header BZ 497021 1095 fixed initrd generation to properly clean up files in tmp BZ 483092 1096 enhanced kdump to pickup virtio modules in use with kvm BZ 506863 1097 made makedumpfile verbosity configurable BZ 466436 1098 Users should upgrade to this updated package which resolves these issues 1 112 krb5 1 112 1 RHSA 2009 0408 Important security updat...

Page 162: ...n and a trusted third party the KDC These updated packages address the following bugs one of the error messages printed by the ksu command contained a spelling error geting This has been corrected BZ 462890 1103 several dozen spelling errors across 21 krb5 related manual pages were corrected BZ 499190 1104 this update no longer attempts to create a keytab for use by the kadmin service when the ser...

Page 163: ... T Bell Laboratories a shell programming language upwards compatible with sh the Bourne Shell This updated ksh package includes fixes for the following bugs when umask set a default permission in a subshell this default permission would persist after returning to the parent shell Subsequently files in the parent shell might have been created with wrong permissions This is now fixed BZ 485030 1112 ...

Page 164: ...r messages Ksh now reverts to using the previous catalog which does not produce these errors BZ 493570 1120 in the last version of ksh braces for a subscripted variable with var sub became compulsory when inside or as a subscript Because these braces were previouly optional some shell scripts written for earlier versions of ksh no longer worked as expected Ksh now recognises cases where the argume...

Page 165: ...eady been released prior to the GA of this release as FASTRACK errata RHBA 2009 0413 1128 An updated less package that fixes a bug is now available The less utility is a text file browser that resembles more but with more capabilities less is more The less utility allows users to move backwards in the file as well as forwards Because less need not read the entire input file before it starts less s...

Page 166: ...ever incompatible with LFTP s GNU GPL license and LFTP does not include an exception allowing OpenSSL linking With this update LFTP links to the GnuTLS GNU Transport Layer Security library which is released under the GNU LGPL license Like OpenSSL GnuTLS implements the SSL and TLS protocols so functionality has not changed BZ 458777 1132 running help mirror from within lftp only presented a sub set...

Page 167: ...y reduced but be aware that it may still be triggered under certain circumstances BZ 437790 1138 Fn F keys and System Buttons for Dell s Converse and Fila mobile platforms need to be mapped to appropriate actions When pressed nothing would happen xkeyboard config and libX11 have now been updated to accept input from these keys These keys will now work when pressed BZ 496184 1139 User should upgrad...

Page 168: ...ecessary for FIPS validation are now available The libgcrypt library provides general purpose implementations of various cryptographic algorithms This updated package rebases the libgcrypt library to version 1 4 4 the current upstream version This rebase adds the following enhancements runtime self tests and FIPS mode setting have been added both of which are necessary for Federal Information Proc...

Page 169: ...es are now available libsemanage provides an API for the manipulation of SELinux binary policies It is used by checkpolicy the policy compiler and similar tools as well as by programs such as load_policy which must perform specific transformations on binary policies for example customizing policy boolean settings These updated packages fix the following bugs dontaudit messages could not be disable...

Page 170: ...at Enterprise Linux 4 and 5 This update has been rated as having moderate security impact by the Red Hat Security Response Team libsoup is an HTTP client library implementation for GNOME written in C It was originally part of a SOAP Simple Object Access Protocol implementation called Soup but the SOAP and non SOAP parts have now been split into separate packages An integer overflow flaw which caus...

Page 171: ...ap based buffer overflows were found in various libtiff color space conversion tools An attacker could create a specially crafted TIFF file which once opened by an unsuspecting user would cause the conversion tool to crash or potentially execute arbitrary code with the privileges of the user running the tool CVE 2009 2347 1155 A buffer underwrite flaw was found in libtiff s Lempel Ziv Welch LZW co...

Page 172: ...sing GetIPInfo function which was provided by the GCC unwinder was used together with libunwind s unwinding support Because GCC s GetIPInfo function must access the valid state of the GCC unwinder an application crash could result Because of this ABI change libunwind required a small extension to its ABI to update it to the current unwinding ABI This updated package provides that extension thus re...

Page 173: ...now available for Red Hat Enterprise Linux 5 The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems In addition libvirt provides tools for remotely managing virtualized systems These updated packages upgrade the libvirt library for Red Hat Enterprise Linux 5 to upstream version 0 6 3 which contains a large number of enh...

Page 174: ...e virt manager list of VMs In addition domains created with the virt manager or virt install applications were not listed in the GUI window until virt manager was restarted or the newly created guest was started This issue was related to inotify support and has been fixed in these updated packages BZ 508278 1169 In addition these updated packages provide the following enhancements PCI pass through...

Page 175: ...ckage which resolves these issues 1 129 libvorbis 1 129 1 RHSA 2009 1219 Important security update Important This update has already been released prior to the GA of this release as the security errata RHSA 2009 1219 1178 Updated libvorbis packages that fix one security issue are now available for Red Hat Enterprise Linux 3 4 and 5 This update has been rated as having important security impact by ...

Page 176: ...ication when opened by a victim CVE 2009 1364 1181 Note This flaw is specific to the GD graphics library embedded in libwmf It does not affect the GD graphics library from the gd packages or applications using it Red Hat would like to thank Tavis Ormandy of the Google Security Team for responsibly reporting this flaw All users of libwmf are advised to upgrade to these updated packages which contai...

Page 177: ...date to take effect 1 132 linuxwacom 1 132 1 RHEA 2009 1384 enhancement update New linuxwacom packages that provide new features are now available The Linux Wacom Project manages the drivers libraries and documentation for configuring and running Wacom tablets under the Linux operating system It contains diagnostic applications as well as X org XInput drivers These updated packages include the fol...

Page 178: ...th the dynamic library calls called by the executed process and the signals received by the executed process The ltrace utility can also intercept and print system calls executed by the process This updated ltrace package includes fixes for the following bugs in some cases when tracing the process that used fork system call the kernel may have reported certain events in the forked child even befor...

Page 179: ...for pvs and pvdisplay commands Fixes segfault for vgcfgrestore on VG with missing PVs Fixes memory leaks in toolcontext error path and mirror allocation code Ignores suspended devices during repair and allows metadata correction even when PVs are missing Unifies error messages when processing inconsistent volume group Fixes multi extent mirror log allocation when smallest PV has only 1 extent Atte...

Page 180: ...w any requested VG Fixes minimum width of devices column in reports Fixes pvs report for orphan PVs when segment attributes are requested Fixes pvs a output to not read volume groups from non PV devices Fixes and updates to man pages including the restriction on file descriptors at invocation and nameprefixes unquoted rows options in pvs vgs lvs commands As well this update adds the following enha...

Page 181: ...bug fixes Fixes partial activation support in clustered mode Flushes memory pool and fixes locking in clvmd refresh and backup command Destroys toolcontext on exit in clvmd fixes memory pool leaks Fixes remote metadata backup for clvmd Fixes startup race in clvmd This update adds the following enhancements Introduces CLVMD_CMD_LOCK_QUERY command for clvmd Allows clvmd to start up if its lockspace ...

Page 182: ...f subjectAltName does not contain a host name BZ 504060 1192 the OpenSSL locking callback in M2Crypto did not block on a lock when the lock was held by another thread This could cause data corruption in multi threaded applications The locking callback now functions correctly regardless of which thread holds the lock BZ 507903 1193 Users are advised to upgrade to this updated m2crypto package which...

Page 183: ... been updated in several releases Therefore the existing package could not decode MCE events from newer Intel processors such as the Nehalem and Dunnington series This update adds support for newer Intel hardware BZ 473392 1203 Users are advised to upgrade to the mcelog 0 9pre 1 24 which fixes these bugs and adds support for new Intel hardware 1 140 mdadm 1 140 1 RHBA 2009 1382 bug fix and enhance...

Page 184: ...rformance degradation while it is running If users wish to disable this feature for performance reasons or if they wish to control what type of check is performed on arrays or which arrays to check at all edit the file etc sysconfig raid check Details of how to set options are included in the file as comments BZ 513200 1210 This package also updates the upstream source base from mdadm 2 6 4 to mda...

Page 185: ... issue 1 142 2 RHBA 2009 1345 bug fix and enhancement update Updated mkinitrd packages that fix several bugs and add enhancements are now available The mkinitrd utility creates file system images for use as initial ramdisk initrd images This update includes fixes for the following bugs mkinitrd failed on dmraid systems with kernels that don t include dm raid45 modules BZ479270 the netname command ...

Page 186: ...rprise Linux 5 This update has been rated as having moderate security impact by the Red Hat Security Response Team The mod_auth_mysql package includes an extension module for the Apache HTTP Server which can be used to implement web user authentication against a MySQL database A flaw was found in the way mod_auth_mysql escaped certain multibyte encoded strings If mod_auth_mysql was configured to u...

Page 187: ... this release as errata RHEA 2009 0403 1218 An enhanced mod_nss package is now available mod_nss provides strong cryptography for the Apache Web server via the Secure Sockets Layer SSL and Transport Layer Security TLS protocols using the Network Security Services NSS security library This update back ports the PassphraseDialog defer configuration option in NSS When this parameter is set to defer o...

Page 188: ...be read automatically from the kernel command line in the same fashion that built in kernel modules are handled BZ 487395 1219 previously in some cases a kernel module package may have installed an older version of an already installed kernel module When this occurred the manner in which the kernel modules were sorted may have resulted in an older version of the module being enabled by default Whi...

Page 189: ...aw was found in the mysql command line client s HTML output mode If an attacker was able to inject arbitrary HTML tags into data stored in a MySQL database which was later retrieved using the mysql command line client and its HTML output mode they could perform a cross site scripting XSS attack against victims viewing the HTML output in a web browser CVE 2008 4456 1226 Multiple format string flaws...

Page 190: ... tables created for filesorts frm files were created correctly but data files were written to the working directory Depending on the working directory s location MySQL could slow to a crawl or even appear to hang With this update the tmpdir variable is honored as expected BZ 455619 1234 for large enough query caches invalidating a data subset took too long effectively freezing the server Dictionar...

Page 191: ...xes an error where SQLDriverConnect threw an unexpected setup cannot be opened exception BZ 460293 1241 MySQL and ODBC users should upgrade to this updated package which resolves this and other issues 1 150 nautilus sendto 1 150 1 RHBA 2008 0916 bug fix and enhancement update An updated nautilus sendto package that fixes several bugs and adds enhancements is now available The nautilus sendto packa...

Page 192: ...x kernel sent or received greater than 4 294 967 296 2 32 packets then the snmpd daemon would terminate abnormally With this update the snmpd daemon no longer crashes when it encounters a packet counter in the directories listed above that is greater than 32 bits in size thus resolving the issue BZ 516182 1247 All users of net snmp are advised to upgrade to these updated packages which resolve thi...

Page 193: ...the snmpd daemon no longer prints spurious error on subcontainer insert 1 messages to snmpd log when it reloads its configuration file such as when the daemon is restarted BZ 468147 1252 the snmpd daemon no longer reports the following errors to syslog when walking through diskIOTable diskio c don t know how to handle x request BZ 474093 1253 the net snmp packages were upgraded to upstream version...

Page 194: ...ort for JPEG 2000 image format and used in the jpeg2ktopam and pamtojpeg2k converters An attacker could create a carefully crafted JPEG file which could cause jpeg2ktopam to crash or possibly execute arbitrary code as the user running jpeg2ktopam CVE 2007 2721 1261 CVE 2008 3520 1262 All users are advised to upgrade to these updated packages which contain backported patches which resolve these iss...

Page 195: ...trictions CVE 2008 4552 1263 This updated package also fixes the following bugs the LOCKD_TCPPORT and LOCKD_UDPPORT options in etc sysconfig nfs were not honored the lockd daemon continued to use random ports With this update these options are honored BZ 434795 1264 it was not possible to mount NFS file systems from a system that has the etc directory mounted on a read only file system this could ...

Page 196: ...quired by programs in the nfs utils package These updated packages apply a fix for the following bug when resolving a group ID a group s data structure is stored in a buffer When the buffer size was exceeded the default no group value was used in place of the group ID removing certain user privileges Larger buffer spaces are now provided when the defined buffer is exceeded so groups are mapped to ...

Page 197: ...ecurity enabled client and server applications Applications built with NSS can support SSLv2 SSLv3 TLS and other security standards These updated packages upgrade NSS from the previous version 3 12 2 to a prerelease of version 3 12 4 The version of NSPR has also been upgraded from 4 7 3 to 4 7 4 Moxie Marlinspike reported a heap overflow flaw in a regular expression parser in the NSS library used ...

Page 198: ...dated packages upgrade nss from the previous version 3 12 2 to a prerelease of version 3 12 4 The version of nspr has also been upgraded from 4 7 3 to 4 7 4 These version upgrades provide fixes for the following bugs SSL client authentication failed against an Apache server when it was using the mod_nss module and configured for NSSOCSP On the client side the user agent received an error message t...

Page 199: ...ould eventually cause the nscd daemon to consume 100 CPU and fail to reconnect to the LDAP server This has been fixed so that sockets do not leak and a failure to reconnect does not occur BZ 428837 1282 this update modifies the nss_ldap module s behavior so that when it encounters an entry which contains an attribute value which is expected to be numeric but the value contained in the entry can no...

Page 200: ...hentication is not enabled by default A buffer overflow flaw was found in the ntpq diagnostic command A malicious remote server could send a specially crafted reply to an ntpq request that could crash ntpq CVE 2009 0159 1288 All ntp users are advised to upgrade to this updated package which contains backported patches to resolve these issues After installing the update the ntpd daemon will be rest...

Page 201: ... is Simple NUMA policy support It consists of a numactl program to run other programs with a specific NUMA policy and a libnuma to do allocations with NUMA policy in applications the numactl devel subpackage did not require the same version as the primary numactl package The absence of this requirement could lead to situations where the version of the primary package installed on a system differed...

Page 202: ...d throughout the cluster software can sometimes segfault under certain loads On ppc architectures the IPC system can segfault because of how va_args and unions operate on these platforms The totempg subsystem in openais can sometimes throw away a message which can result in cluster failure The IPC system contains a problem with the CPG service The problem causes the wrong error code to be returned...

Page 203: ...h is used throughout the cluster software sometimes segfaulted under certain loads BZ 261381 1296 On PowerPC architectures the IPC system could segfault because of how va_args and unions operate on these platforms BZ 499767 1297 The totempg subsystem in openais could sometimes throw away a message which could result in cluster failure BZ 497419 1298 The IPC system contained a regression with the C...

Page 204: ...Z 506119 1313 This update adds the following enhancements Feature to allow rolling upgrades of the crypto stack BZ 497480 1314 Feature to set broadcast mode instead of using multicast BZ 492808 1315 Feature to allow uidgid files to be placed on the system to allow configurable ipc security of third party applications BZ 501337 1316 Users should upgrade to these updated packages which resolve these...

Page 205: ...lidated correctly Allows you to connect to multiple daemons from one client Obscure bug fixed in the daemon affected IPMI plugin when it didn t find shelf manager initially Add Dimis and Fumis to Simulator plugin Fix invalid handling of ATCA Led Controls in Manual Mode IPMI Direct plugin RTAS plugin build fixes Cross compilation build improvement regarding the number size checks Creates separate S...

Page 206: ...s preloading the SDP protocol decreased performance significantly The kernel and the userspace SDP protocol components have been updated improving performance BZ 230034 1319 BZ 451471 1320 the latest libsdp package appeared older than the previously installed package because it was missing epoch information This prevented upgrades to the latest package This has been corrected enabling upgrades BZ ...

Page 207: ...r the Infiniband bonding tool has been added to allow bonding over IPoIB interfaces which enables improved load balancing and aggregation performance BZ 475663 1332 mvapich has been updated to the current upstream release and the build process has been altered to provide support for building and implementing Fortran 90 based modules BZ 479933 1333 BZ 479935 1334 support for Mellanox 10 Gigabyte Et...

Page 208: ...e image types has been improved in OpenOffice org and Draw now imports them correctly BZ 469615 1344 the Next button in the Function Wizard was occasionally not being disabled This resulted in confusing navigation OpenOffice org has been updated to disable the button making usage clearer BZ 469630 1345 numbered lists in HTML files were being imported incorrectly resulting in a crash OpenOffice org...

Page 209: ...r than reporting errors early reducing the possibility of successful plain text recovery CVE 2008 5161 1352 This update also fixes the following bug the ssh client hung when trying to close a session in which a background process still held tty file descriptors open With this update this so called hang on exit error no longer occurs and the ssh client closes the session immediately BZ 454812 1353 ...

Page 210: ...uld cause applications using the affected function to crash when printing certificate contents CVE 2009 0590 1362 Note The affected function is rarely used No application shipped with Red Hat Enterprise Linux calls this function for example These updated packages also fix the following bugs openssl smime verify in verifies the signature of the input file and the verify switch expects a signed or e...

Page 211: ...swan packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 This update has been rated as having important security impact by the Red Hat Security Response Team Openswan is a free implementation of Internet Protocol Security IPsec and Internet Key Exchange IKE IPsec uses strong cryptography to provide both authentication and encryption services These services a...

Page 212: ...190 1374 Note The livetest script is an incomplete feature and was not automatically executed by any other script distributed with Openswan or intended to be used at all as was documented in its man page In these updated packages the script only prints an informative message and exits immediately when run All users of openswan are advised to upgrade to these updated packages which contain backport...

Page 213: ...k that there was a problem with IPsec The ipsec conf file now comments out the include of etc ipsec d and contains a note suggesting that users uncomment the line and use etc ipsec d for their customized configuration files BZ 463931 1377 Openswan did not close file decriptors on exec The resulting file descriptor leaks would then cause AVC denial warnings on systems set to enforce SELinux policy ...

Page 214: ...hell function to initialize the VERBOSE variable which contained the parameter list to NULL With this update opcontrol now uses the do_option shell function to initialize the VERBOSE variable BZ 454969 1382 This update also provides support for collecting data on programs using Java runtime environments that support jvmti Java 1 5 0 and newer BZ 474666 1383 Users of oprofile are advised to upgrade...

Page 215: ...904 1389 the coreutils package was listed incorrectly as a prerequisite requirement for the pam packages instead of a post install requirement This dependency statement has been corrected in these updated packages BZ 497570 1390 In addition these updated packages provide the following enhancements Gnome Display Manager s GDM s accessibility features did not function correctly when an audio device ...

Page 216: ... closes all open applications and logs you out of your session 1 169 2 RHBA 2009 1395 bug fix update An updated Pango package that rectifies a dependency issue is now available Pango is a library for laying out and rendering of text with an emphasis on internationalization Pango can be used anywhere that text layout is needed though most of the work on Pango so far has been done in the context of ...

Page 217: ...fix update Note This update has already been released prior to the GA of this release as errata RHBA 2009 0406 1400 An updated perl package that fixes a bug is now available Perl is a high level programming language with roots in C sed awk and shell scripting Perl is good at handling processes and files and is especially good at handling text These updated perl packages provide a fix for the follo...

Page 218: ...ting to load modules The INC array became quite large which negatively affected performance and led to verbose error messages Instead of adding all search paths to the INC array this update populates it only with those paths which actually do exist at the startup of the interpreter thus culling nonexistent paths In this way performance is improved and compatibility with installations of older modu...

Page 219: ...s the security errata RHSA 2009 0338 1409 Updated php packages that fix several security issues are now available for Red Hat Enterprise Linux 5 This update has been rated as having moderate security impact by the Red Hat Security Response Team PHP is an HTML embedded scripting language commonly used with the Apache HTTP Web server A heap based buffer overflow flaw was found in PHP s mbstring exte...

Page 220: ...ted php pear package that fixes various bugs is now available The PHP Extension and Application Repository PEAR is a framework and distribution system for reusable PHP components This updated php pear package includes fixes for the following bugs installing certain PHP components using the usr bin pecl command resulted in failures and error message similar to the following Fatal error Allowed memo...

Page 221: ...stant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously Federico Muttis of Core Security Technologies discovered a flaw in Pidgin s MSN protocol handler If a user received a malicious MSN message it was possible to execute arbitrary code with the permissions of the user running Pidgin CVE 2009 2694 1421 Note Users can change their privacy...

Page 222: ...Refer to the Pidgin release notes for a full list of changes http developer pidgin im wiki ChangeLog All Pidgin users should upgrade to these updated packages which correct these issues Pidgin must be restarted for this update to take effect 1 175 3 RHBA 2009 0407 bug fix update Note This update has already been released prior to the GA of this release as errata RHBA 2009 0407 1424 Updated Pidgin ...

Page 223: ...authentication With the plug in active Pidgin will still attempt to re connect to services after being disconnected It will not however use the previous password All Pidgin users should upgrade to these updated packages which contains Pidgin version 2 5 5 and resolves these issues Note after these errata packages are installed Pidgin must be restarted for the update to take effect 1 176 piranha 1 ...

Page 224: ...dition has been added and the problem has been resolved BZ 354361 1432 restorecond conf did not include definitions for web or www directories The paths for these directories have been added to restorecond conf resolving this issue BZ 458687 1433 chcat did not translate category IDs to name strings when a user belonged to multiple categories chcat and setrans conf have been modified so that catego...

Page 225: ...e a malicious PDF file that would cause applications that use poppler such as Evince to crash or potentially execute arbitrary code when opened CVE 2009 0800 1446 Multiple denial of service flaws were found in poppler s JBIG2 decoder An attacker could create a malicious PDF file that would cause applications that use poppler such as Evince to crash when opened CVE 2009 0799 1447 CVE 2009 1181 CVE ...

Page 226: ...our system The killall command sends a specified signal SIGTERM if nothing is specified to processes identified by name The fuser command identifies the PIDs of processes that are using specified files or file systems This updated psmisc package fixes the following bug calling the command fuser m device failed to detect open files on a file system that had been lazily unmounted by calling umount l...

Page 227: ...tubs for non ORBit objects and includes binary compatibility from upstream modules BZ 244921 1453 Users should upgrade to this updated package which resolves the issue 1 183 python 1 183 1 RHSA 2009 1176 Moderate security update Important This update has already been released prior to the GA of this release as the security errata RHSA 2009 1176 1454 Updated python packages that fix multiple securi...

Page 228: ...erly NULL terminated which could possibly cause disclosure of data stored in the memory of a Python application using this function CVE 2007 2052 1464 Red Hat would like to thank David Remahl of the Apple Product Security team for responsibly reporting the CVE 2008 2315 issue All Python users should upgrade to these updated packages which contain backported patches to correct these issues 1 183 2 ...

Page 229: ...onda being unable to install Red Hat Enterprise Linux 5 onto RAID10 arrays With this update pyblock deals with dmraid sets correctly and consequently Red Hat Enterprise Linux 5 installs as expected onto RAID10 arrays BZ 475386 1469 Users should upgrade to this updated package which resolves this issue 1 185 python virtinst 1 185 1 RHBA 2009 1412 bug fix and enhancement update An updated python vir...

Page 230: ...e specific information the new sound option for virt install This allows sound devices to be attached to guest operating systems the new hostdev option for virt install This allows a physical host device to be attached to guest operating systems the new import option for virt install This allows for the creation of a guest from an existing disk image with no installation phase required the virt to...

Page 231: ...dline 1 187 1 RHBA 2009 1078 bug fix update Note This update has already been released prior to the GA of this release as FASTRACK errata RHBA 2009 1078 1480 An updated readline package that fixes a bug is now available The Readline library provides a set of functions that allow users to edit command lines This updated package fixes the following bug readline failed to re allocate the array used t...

Page 232: ...ized Red Hat macros used during the building of RPM packages These macros replace the standard macros supplied as part of RPM itself with Red Hat specific versions This updated redhat rpm config package fixes the following bug the brp java repack jars script was unable to correctly handle certain Java ARchive files JAR files Those files would set the permissions on exploded directory hierarchies t...

Page 233: ...Enterprise Linux 5 3 were outdated This update includes the most recent SAP resource agents and consequently improves SAP failover support Exclusive service prioritization whereby a high priority exclusive service can take the place of a low priority exclusive service is now supported when central_processing is enabled Note this function does not work with virtual machines An issue that causes vir...

Page 234: ...ing and cloning during status checks has been optimized to reduce load spikes rg_test no longer hangs when run with large cluster configuration files when rgmanager is used with a restricted failover domain it will no longer occasionally segfault when some nodes are offline during a failover event virtual machine guests no longer restart after a cluster conf update nfsclient sh no longer leaves te...

Page 235: ... processing errata scheduled actions installed extra 32 bit packages as it was ignoring the package architecture BZ 476894 1491 rhn client tools should now depend on version 2 2 7 or newer of rhnlib BZ 487754 1492 the contactinfo option has been deprecated from the rhnreg_ks utility BZ 204449 1493 parsing te_IN locale strings in the registration Graphical User Interface GUI caused a TypeError BZ 2...

Page 236: ...1504 when a package could not be found on the content delivery network rhnlib would make an incorrect request to the original host and use this URL for subsequent attempts to locate the package rhn client now requests a fresh redirect when a package cannot be located on the network BZ 492638 1505 if an attempt to open a file in tmp failed the SmartIO py module would enter a loop and make multiple ...

Page 237: ...ent system capable of installing uninstalling verifying querying and updating software packages These updated rpm packages provide fixes for the following bugs on 64 bit multilib systems verifying all packages on the system led to a large number of files being listed which only differed in timestamp values With this update timestamp differences on multilib systems are now filtered so that verifyin...

Page 238: ...age translation has been corrected BZ 387321 1520 All users of rpm are advised to upgrade to these updated packages which resolve these issues 1 196 rsh 1 196 1 RHBA 2009 0423 bug fix update Note This update has already been released prior to the GA of this release as FASTRACK errata RHBA 2009 0423 1521 Updated rsh packages that resolve several issues are now available The rsh server package conta...

Page 239: ...ns the firmware required by the rt73usb driver in the kernel The rt73usb driver is not included in the IBM S 390 and IBM System z kernels Previously however rt73usb firmware an architecture independent noarch package containing firmware required by the rt73usb driver was automatically but unnecessarily included in the IBM S 390 and IBM System z distributions For this update the rt73usb firmware pa...

Page 240: ... the RO This differed from the expected functionality The tool has been updated to allow ECKD DASD devices that do not contain a default record 0 to be formatted BZ 474157 1527 the etc profile d s390x chs profile script was causing tcsh e scripts to fail because the sbin consoletype was returning a non zero value The profile script has now been updated to supply a stdout argument that forces conso...

Page 241: ...access to that file These updated packages include an adjusted fix for this problem which fixes the ACL inheritance so that saving an Excel file does not cause the owner to change BZ 501513 1537 a user who did not own a directory on a Red Hat Enterprise Linux 5 machine accessed via Samba was also unable to write to that directory when its permissions were set to 733 The user should have been able ...

Page 242: ... updated sblim packages provide fixes for the following bugs and add the following enhancement when the sblim cmpi dhcp package is installed it modifies the files under var lib Pegasus owned by the tog pegasus package Previously when sblim was installed in the course of an everything installation of Red Hat Enterprise Linux 5 on the PowerPC architecture the modifications that sblim made in the var...

Page 243: ...All users of scim bridge are advised to upgrade to these updated packages which resolve this issue 1 204 selinux policy 1 204 1 RHBA 2009 1242 The selinux policy packages contain the rules that govern how confined processes run on the system The selinux policy package has been updated providing the following enhanced policy changes for SELinux samba previously could not directly change a user s pa...

Page 244: ...sions BZ 490024 1566 the proc file system is now correctly labelled by the restorecon command BZ 492567 1567 search privileges are now granted to dnsmasq when dnsmasq is launched using libvirt BZ 496867 1568 Openswan can now correctly access the Network Security Services libraries BZ 497168 1569 autofs now restarts normally when active mounts exist BZ 497273 1570 the amanda backup utility can now ...

Page 245: ...ion on systems with SELinux BZ 511143 1588 This update allows objects and processes running in the ipsec_t domain to read files labeled as initrc_exec_t This is required for the etc rc d init d ipsec file to be launched properly BZ 511359 1589 the automount subsystem can now use the winbind mechanism as specified in etc nsswitch conf BZ 511927 1590 all files in the var vdsm directory have the same...

Page 246: ...consistency across shells csh files in the etc profile d directory are not read when csh is loaded as a non login shell when using the csh or tcsh shell the user s umask is now set exactly the same as it is for the bash shell If a process owned by a user creates a file the UID number of the user is 100 or greater and the username and group name match then the umask of the process will be set to 00...

Page 247: ...yntax and semantics the sg_dd sgp_dd and sgm_dd commands check INQUIRY data and associated pages sg_inq check mode and log pages sg_modes and sg_logs spin disks up and or down sg_start and perform self tests sg_senddiag along well as various other utilities These updated sg3_utils packages provide the following enhancement for Red Hat Enterprise Linux 5 4 a new shell script rescan scsi bus sh has ...

Page 248: ...iffering output BZ 433779 1605 the sg_ses command s usage information contained a typo the option is actually byte1 instead of simply byte BZ 435100 1606 the sg_read_long command sometimes exited with an incorrect exit code This has been fixed in these updated packages BZ 435275 1607 the sg_persist command s usage information incorrectly contained a reference to the prout sark option instead of co...

Page 249: ...ive a reply to the prompt sos would crash Sosreport now automatically chooses the option to continue instead of prompting the user whether to continue or not and can therefore run unattended BZ 475991 1615 Previously faulty logic in rh upload core prevented it from uploading a core if the quiet flag were not set Additionally the destination directory was incorrectly specified as dropbox redhat com...

Page 250: ...rpm qa command Now sos sorts the packages into alphabetical order as it compiles its list Listing the packages alphabetically makes it easier to find packages visually and groups some related packages together BZ 498474 1623 Sos now includes a batch mode in which it does not ask any questions during its run Batch mode is invoked with the batch option BZ 501842 1624 Previously the sos plugin that c...

Page 251: ...646 PXE related information BZ 487481 1647 VMWare related information BZ 487482 1648 process accounting related information BZ 487483 1649 MySQL related information BZ 487484 1650 MRG Messaging related information BZ 487485 1651 MRG GRID related information BZ 487488 1652 openssl related information BZ 487628 1653 wvdial and ppp related information BZ 488412 1654 Sos now includes information on a ...

Page 252: ...date Note This update has already been released prior to the GA of this release as FASTRACK errata RHBA 2009 0441 1666 Updated sqlite packages that resolve an issue are now available SQLite is a C library that implements an SQL database engine These updated sqlite packages fix the following bug using SQL s explain command caused the sqlite database to segmentation fault due to faulty opcode name a...

Page 253: ... directives used in HTML mail A remote attacker could send a specially crafted email that could place mail content above SquirrelMail s controls possibly allowing phishing and cross site scripting attacks CVE 2009 1581 1670 Users of squirrelmail should upgrade to this updated package which contains backported patches to correct these issues 1 211 strace 1 211 1 RHBA 2009 0309 bug fix update Note T...

Page 254: ...18 This applies several upstream bug fixes and enhancements including An erroneous file locking instruction caused strace to incorrectly decode fcntl64 system call parameters in 32 bit programs running on 64 bit systems This release corrects the errant file locking instruction ensuring that fcntl64 system call parameters are decoded correctly BZ 471169 1673 A race condition made it possible for pt...

Page 255: ...er could use these flaws to cause a heap overflow on a client when it attempts to checkout or update These heap overflows can result in a crash or possibly arbitrary code execution CVE 2009 2411 1677 All Subversion users should upgrade to these updated packages which contain a backported patch to correct these issues After installing the updated packages the Subversion server must be restarted for...

Page 256: ...o actions because mailerflags and mailerpath were not set Sudo had to be recompiled with sendmail installed in the build environment to enable the auto configuration system guess the right default values for mailerflags and mailerpath This update has compiled in default values for mailerflags and mailerpath and sudo is now able to send email about sudo actions after install All users of sudo are a...

Page 257: ...of hiding them This caused An error has occurred in the timezone module errors to present when trying to display the time zone screen With this update the widgets are correctly hidden and not removed ensuring the time zone screen displays as expected All users should upgrade to this updated package which resolves this issue 1 216 system config language 1 216 1 RHBA 2009 1074 bug fix update Note Th...

Page 258: ...g the configuration of layer 2 interfaces BZ 484289 1685 previously when system config network configured QETH interfaces in textual user interface TUI mode it attempted to set ports whether the hardware existed or not When the tool attempted to configure non existent hardware it would crash Now system config network tests whether hardware exists before configuring it This allows users to configur...

Page 259: ...e security update Important This update has already been released prior to the GA of this release as the security errata RHSA 2009 0373 1691 Updated systemtap packages that fix a security issue are now available for Red Hat Enterprise Linux 4 and 5 This update has been rated as having moderate security impact by the Red Hat Security Response Team SystemTap is an instrumentation infrastructure for ...

Page 260: ...97 This update resolves a ref count problem that prevented uprobes from properly disposing the uprobe_process struct on exec while there are outstanding uretprobe instances In addition a bug that caused utrace to incorrectly report events in progress to a recently created engine is now fixed as well These fixes address several uretprobe bugs that could cause the system to hang in previous releases...

Page 261: ...o uses the kernel DWARF unwinder automatically in the event of stack tracebacks BZ 503225 1706 A bug in runtime task_finder c made it possible for some processes to hold a semaphore while performing a memory map callback Whenever this occurred some tasks would become deadlocked if they were probed by user space probes This update fixes the bug ensuring that memory map callbacks are safe and do not...

Page 262: ...more These updated tcp_wrappers packages fix the following bug when tcp_wrappers performed an ident query which failed applications which used tcp_wrappers were then unable to receive SIGALRM alarm signals This has been fixed by correctly restoring signal masks in this update so that applications using tcp_wrappers are now able to receive and handle SIGALRM signals following a failed ident query A...

Page 263: ...es make the following changes tftp has been re based to version 0 49 This applies several upstream feature updates and bug fixes including most importantly support IPv6 BZ 464096 1711 two spelling corrections were made to the tftp server man page in tftpd 8 and the NAME section of both the client tftp 1 and server man pages was edited BZ 501482 1712 All users of tftp server should upgrade to these...

Page 264: ...pdated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 4 and 5 This update has been rated as having moderate security impact by the Red Hat Security Response Team Mozilla Thunderbird is a standalone mail and newsgroup client Several flaws were found in the processing of malformed HTML mail content An HTML mail message containing malicious conten...

Page 265: ...ream version 2 7 2 which provides a number of bug fixes and enhancements over the previous packaged version The OpenPegasus Feature Status page referenced below summarizes the changes in this version BZ 474458 1732 In addition these updated packages provide fixes for the following bugs the upstream documentation about using SSL with OpenPegasus shipped in the previous package was inaccurate and ou...

Page 266: ...scovered that request dispatchers did not properly normalize user requests that have trailing query strings allowing remote attackers to send specially crafted requests that would cause an information leak CVE 2008 5515 1737 A flaw was found in the way the Tomcat AJP Apache JServ Protocol connector processes AJP connections An attacker could use this flaw to send specially crafted requests that wo...

Page 267: ...ce files in the usr include totem and usr include totem 1 directories but previously did not list those directories for creation These directories would therefore be created during the installation process but would remain unowned The directories are now listed for creation and are therefore owned by the package BZ 481816 1743 previously the totem packages were only built against the latest gstrea...

Page 268: ...changes and users interacting with people or systems in the affected locales are advised to upgrade to this updated package which adds these enhancements 1 228 3 RHEA 2009 0422 enhancement update Note This update has already been released prior to the GA of this release as errata RHEA 2009 0422 1753 A new tzdata package that updates Daylight Saving Time observations in several locales is now avail...

Page 269: ...fted Netlink message sent to udev causing it to create a world writable block device file for an existing system block device for example the root file system CVE 2009 1185 1755 Red Hat would like to thank Sebastian Krahmer of the SUSE Security Team for responsibly reporting this flaw Users of udev are advised to upgrade to these updated packages which contain a backported patch to correct this is...

Page 270: ...ion mode for the new file to be the same as the mode of the old file filtered through the user s umask Users of unix2dos should upgrade to this updated package which resolves this issue 1 231 util linux 1 231 1 RHBA 2009 1405 bug fix update Updated util linux packages that fix various bugs are now available The util linux package contains a large variety of low level system utilities that are nece...

Page 271: ...ount of available memory incorrectly This miscalculation resulted in Vim slowing down significantly when opening large files With these updated packages Vim now calculates the total amount of available RAM differently which avoids the potential slowdown when opening and or working with very large files BZ 429208 1763 the package provided vim sh and vim csh setup scripts in the etc profile d direct...

Page 272: ...6 1768 BZ 443628 1769 BZ 460713 1770 Running virt manager in unprivileged mode listed guests twice when connecting to remote hosts If the remote host was disconnected and reconnected the list would double again Every guest entry including the duplicate entries could activate the guest This issue is now resolved and only the available guests will be listed for a remote host BZ 448885 1771 virt mana...

Page 273: ...igned PCI devices Supported architectures for VTd include 32 bit x86 64 bit Intel EM64T and 64 bit Intel Itanium 2 BZ 480521 1779 Users of virt manager are advised to upgrade to this updated package which provide these bug fixes and enhancements 1 235 virt viewer 1 235 1 RHBA 2009 1299 bug fix update A updated virt viewer package that fixes two issues with the w option is now available for Red Hat...

Page 274: ...er or when an attacker was able to connect to vncviewer running in the listen mode the attacker could cause the victim s vncviewer to crash or possibly execute arbitrary code CVE 2008 4770 1783 Users of vncviewer should upgrade to these updated packages which contain a backported patch to resolve this issue For the update to take effect all running instances of vncviewer must be restarted after th...

Page 275: ...y vsftpd which could pose a security risk This update fixes the child parent process dependency bug by adding several functions that terminate all vsftpd child processes whenever their parent process is stopped BZ 441485 1788 a bug caused the vsftpd daemon to not properly shut down SSL Secure Socket Layer data connections which led to interoperability problems between the vsftpd daemon and client ...

Page 276: ...ry which can allow for several test failures before finally rebooting Several bugs in the wd_keepalive program are now fixed With this release wd_keepalive now honors all command line options In addition wd_keepalive now requires a watchdog device to be configured properly Users of watchdog are advised to upgrade to this new version 1 239 wdaemon 1 239 1 RHBA 2009 1111 bug fix update Note This upd...

Page 277: ...n would cause Wget to fail with the message init c 612 setval_internal Assertion 0 comind comind sizeof commands sizeof commands 0 failed BZ 492672 1801 Wget would ignore the no clobber nc argument and download files a second time BZ 475900 1802 All users of wget should upgrade to this updated package which fixes these and other bugs and adds numerous enhancements For full details of bugs fixed in...

Page 278: ...k or opened a malformed dump file it could crash or possibly execute arbitrary code as the user running Wireshark CVE 2008 4683 1809 CVE 2009 0599 1810 Several denial of service flaws were found in Wireshark Wireshark could crash or stop responding if it read a malformed packet off a network or opened a malformed dump file CVE 2008 4680 1811 CVE 2008 4681 1812 CVE 2008 4682 1813 CVE 2008 4684 1814...

Page 279: ...erface bonding together with 802 1Q VLAN tagging works as expected and all interfaces that are expected to become active do so thus resolving the issue All users of the xen packages are advised to upgrade to these updated packages which resolve this issue 1 242 2 RHBA 2009 0401 bug fix update Note This update has already been released prior to the GA of this release as errata RHBA 2009 0401 1819 U...

Page 280: ... guests could hang on failure BZ 428691 1827 xend and xendomains init scripts returned wrong exit codes BZ 430904 1828 vfb and vkbd entries were not removed from xenstore after destroying a guest BZ 439182 1829 saving a guest reported success even if the operation failed BZ 451675 1830 the xm console documentation was updated to mention Ctrl sequence which escapes from xenconsole BZ 454611 1831 cr...

Page 281: ... 491408 1853 bridged network didn t work well when used together with bonding and 802 1q VLANs BZ 492258 1854 These updated packages add the following enhancements support for F11 and F12 keys in HVM BIOS BZ 338321 1855 support for Ctrk Alt Del in HVM BIOS BZ 338331 1856 support for global default keymap setting BZ 345251 1857 support for save restore migration and dump core of 32b guests on a 64b...

Page 282: ...enhancement the pc105 keyboard model includes a number of multimedia key symbols These keys are now supported by default BZ 432556 1873 Users of xkeyboard config are advised to upgrade to these updated packages which address this bug and add this enhancement 1 244 xorg x11 drv ati 1 244 1 RHBA 2009 1343 bug fix and enhancement update An updated xorg x11 drv ati package that fixes bugs and adds enh...

Page 283: ...es two drivers i810 and intel The i810 driver is supported for i8xx series chips up to and including i865 The intel driver is supported for all i915 and later chips This updated package provides the following bug fixes and enhancements previously support for switching between virtual terminals or between virtual terminals and the X Window System was not fully implemented for newer Intel graphics c...

Page 284: ... x11 drv i810 driver should upgrade to this updated package which resolves these issues and adds these enhancements 1 246 xorg x11 drv mga 1 246 1 RHBA 2009 1390 bug fix update An updated xorg x11 drv mga driver which fixes several bugs is now available xorg x11 drv mga is a video driver for the X Org implementation of the X Window System for Matrox G series chips This updated package provide the ...

Page 285: ...uld install this package which resolves this issue and adds these enhancements 1 248 xorg x11 proto devel 1 248 1 RHEA 2009 1411 enhancement update An updated xorg x11 proto devel package is now available The xorg x11 proto devel package provides X Org X11 Protocol header files that are used when building X servers or X client libraries Previously the XFD_SETSIZE value in the Xpoll h header file w...

Page 286: ...ources per client BZ 439797 two new opcodes to support newer video BIOSes were added Note Intel Mobile Express Series 5 chipsets also known as Ironlake graphics for the CPU used with the chipsets are only supported in VESA mode in Red Hat Enterprise Linux 5 BZ 503182 All xorg x11 server users should upgrade to these updated packages which resolve these issues and add these features 1 250 yaboot 1 ...

Page 287: ...e as errata RHBA 2009 1142 1900 An updated yum package that resolves an issue with RHN Snapshot Rollback is now available Yum is a utility that can check for or automatically download and install updated RPM packages Dependencies are obtained and downloaded automatically prompting the user as necessary This updated yum package fixes the following bug attempting to roll back a system to a previous ...

Page 288: ...s BZ 471598 1907 Previously yum assumed that any terminal was 80 characters in width Therefore when it drew a progress bar on the screen each additional printed would force a new line on terminals narrower than 80 characters Yum now determines the actual width of the terminal rather than assuming the width and draws its progress bars accordingly BZ 474822 1908 Previously when in quiet mode yum wou...

Page 289: ...ckage to provide that capability even if the newer vesions did not provide the capability As a result yum could assume that a dependency was met even when it was not Yum now tests dependencies more carefully preventing this situation from occurring and ensuring that dependencies are properly met BZ 498635 1916 When yum installed local packages it defaulted to expecting SHA 256 checksums Because pa...

Page 290: ...repos had been added where none existed before Therefore if the repos were not specified in the original configuration and repos were subsequently added yum would not add to the package sack the first time that it tried to use the new repos This situation could lead to problems during installation or the creation of live CDs Yum now re initializes the package sack when a repo is added if no repo w...

Page 291: ...version of yum running in memory might attempt to read a yum conf file that was updated for the new version of yum If the new yum conf file were incompatible with the old version of yum yum would crash and the transaction would fail Now before running the transaction yum creates a YumBase object to hold the actions and associated parameters that it will need during the transaction By referring to ...

Page 292: ...erpreter usable as an interactive login shell and as a shell script command processor Zsh resembles the ksh shell the Korn shell but includes many enhancements Zsh supports command line editing built in spelling correction programmable command completion shell functions with autoloading a history mechanism and more These updated zsh packages provide fixes for the following bugs when running a larg...

Page 293: ...ackage 2 3 RHEA 2009 1383 ctdb A new ctdb package is now available CTDB is a clustered database based on Samba s Trivial Database TDB The ctdb package is a cluster implementation used to store temporary data If an application is already using TBD for temporary data storage it can be very easily converted to be cluster aware and use CTDB BZ 499241 1 Note CTDB is included as a Technology Preview Tec...

Page 294: ...ace as well as retrieve and display information about FCoE instances This fcoe utils package is new to Red Hat Enterprise Linux 5 BZ 494555 5 All Fibre Channel over Ethernet users requiring an administrative FCoE interface should install this newly released package which adds this enhancement 2 6 RHEA 2009 1320 fuse fuse a new package that enables users to mount FUSE file systems is now available ...

Page 295: ...r specified key BZ 467500 8 and BZ 491724 9 2 9 RHEA 2009 1275 iasl iasl a new package that compiles ASL into AML is now available This package is a build requirement for KVM iasl compiles ACPI Source Language ASL into ACPI Machine Language AML it can also be used to de compile AML for debugging purposes AML is suitable for inclusion as Differentiated System Description Tables DSDT in system firmw...

Page 296: ...these issues 2 12 RHEA 2009 1314 libhbaapi A new libhbaapi package is now available for Red Hat Enterprise Linux 5 The libhbaapi library is the Host Bus Adapter HBA API library for Fibre Channel and Storage Area Network SAN resources It contains a unified API that programmers can use to access query observe and modify SAN and Fibre Channel services This libhbaapi package is new to Red Hat Enterpri...

Page 297: ...e Linux 5 BZ 496211 16 All users requiring libpciaccess should install this newly released package which adds this enhancement 2 16 RHEA 2009 1326 log4cpp A new log4cpp package is now available log4cpp is a library of C classes for flexible logging to files syslog IDSA and other destinations The new log4cpp package contains the 1 0 version of log4cpp for applications that need log4j style logging ...

Page 298: ... used from Perl The new perl SyS Virt package provides an API for managing virtual machines from Perl using the libvirt library This new package reflects changes made for the release of Red Hat Enterprise Linux 5 4 Users of Red Hat Enterprise Linux 5 should upgrade to this updated package 2 19 RHEA 2009 1293 pinentry A new package pinentry is now available for Red Hat Enterprise Linux 5 Pinentry i...

Page 299: ...lementation of the SPICE protocol BZ 488604 19 Users of Red Hat Enterprise Linux 5 should install the qcairo packages for use with SPICE enabled virtualization products 2 22 RHBA 2009 1323 qffmpeg A new qffmpeg package required for hypervisor Spice protocol support is now available qffmpeg is a stripped down version of FFMPEG including only a limited set of the codecs available in the upstream ver...

Page 300: ...first 2 26 RHEA 2009 1308 xorg x11 drv qxl xorg x11 qxl drv is a new package that is now available for Red Hat Enterprise Linux 5 as a technology preview xorg x11 qxl drv is an X11 video driver for the qemu QXL video accelerator This driver makes it possible to use Red Hat Enterprise Linux 5 as a guest operating system under KVM and QEMU using the SPICE protocol Technology preview features are inc...

Page 301: ...unity The release name of the file system for the Technology Preview is ext4dev The file system is provided by the ext4dev ko kernel module and a new e4fsprogs package which contains updated versions of the familiar e2fsprogs administrative tools for use with ext4 To use install e4fsprogs and then use commands like mkfs ext4dev from the e4fsprogs program to create an ext4 base file system When ref...

Page 302: ...eCryptfs kernel driver requires updated userspace which is provided by ecryptfs utils 56 4 el5 or newer For more information about eCryptfs refer to http ecryptfs sf net You can also refer to http ecryptfs sourceforge net README and http ecryptfs sourceforge net ecryptfs faq html for basic setup information Stateless Linux Stateless Linux is a new way of thinking about how a system should be run a...

Page 303: ...rofile for large memory systems running disk intensive and network intensive applications The settings provides by ktune do not override those set in etc sysctl conf or through the kernel command line ktune may not be suitable on some systems and workloads as such you should test it comprehensively before deploying to production You can disable any configuration set by ktune and revert to your nor...

Page 304: ...ample echo eth6 sys module fcoe parameters create To logout write the network interface name to the sys module fcoe parameters destroy file for example echo eth6 sys module fcoe parameters destroy For further information on software based FCoE refer to http www open fcoe org openfc wiki index php FCoE_Initiator_Quickstart Red Hat Enterprise Linux 5 3 provides full support for FCoE on three special...

Page 305: ...he libvirt protocol However as fence_virsh is not integrated with cluster suite it is not supported as a fence agent in that environment glibc new MALLOC behaviour The upstream glibc has been changed recently to enable higher scalability across many sockets and cores This is done by assigning threads their own memory pools and by avoiding locking in some situations The amount of additional memory ...

Page 306: ...288 ...

Page 307: ...tanium guest is 768MB After installation the memory allocated to the guest can be lowered to the desired amount BZ 507891 3 Upgrading a system using Anaconda is not possible if the system is installed on disks attached using zFCP or iSCSI unless booted from the disk using a network adaptor with iBFT Such disks are activated after Anaconda scans for upgradable installations and are not found To upd...

Page 308: ...e imposed limit is the size of physical memory plus 2GB BZ 462734 10 Existing encrypted block devices that contain vfat file systems will appear as type foreign in the partitioning interface as such these devices will not be mounted automatically during system boot To ensure that such devices are mounted automatically add an appropriate entry for them to etc fstab For details on how to do so refer...

Page 309: ...ound this remove any KDE or qt development packages before attempting to build the compiz package from its source RPM BZ 444609 17 4 4 device mapper multipath The device mapper multipath packages provide tools to manage multipath devices using the device mapper multipath kernel module When using dm multipath if features 1 queue_if_no_path is specified in etc multipath conf then any process that is...

Page 310: ...l option can cause the command to hang if one of the paths is on a blocking device Note that the driver does not fail a request after some time if the device does not respond This is caused by the cleanup code which waits until the path checker request either completes or fails To display the current multipath state without hanging the command use multipath l instead BZ 214838 21 4 5 dmraid The dm...

Page 311: ... script modification To modify init script after OROM has started rebuild 1 Start the system in rescue mode from the installation disk skip finding and mounting previous installations 2 At the command line find and enable the raid volume that is to be booted from the RAID volume and partitions will be activated dmraid ay isw_effjffhbi_Volume0 3 Mount the root partition mkdir tmp raid mount dev map...

Page 312: ...rovide a traditional Unix style physical console As such Red Hat Enterprise Linux 5 2 for the IBM System z does not support the firstboot functionality during initial program load To properly initialize setup for Red Hat Enterprise Linux 5 2 on the IBM System z run the following commands after installation usr bin setup provided by the setuptool package usr bin rhn_register provided by the rhn set...

Page 313: ...more than two encrypted block devices anaconda has a option to provide a global passphrase The init scripts however do not support this feature When booting the system entering each individual passphrase for all encrypted devices will be required BZ 464895 26 Boot time logging to var log boot log is not available in Red Hat Enterprise Linux 5 3 BZ 223446 29 BZ 210136 30 4 11 iscsi initiator utils ...

Page 314: ...inux Server 2 6 18 152 el5xen root hd0 1 kernel xen gz 2 6 18 152 el5 com1 115200 8n1 console com1 iommu 1 module vmlinuz 2 6 18 152 el5xen ro root LABEL console ttyS0 115200 pci_pt_e820_access on This enables the MMCONF access method for the PCI configuration space a requirement for VF device support When using Single Root I O Virtualization SR IOV devices under Xen a single Hardware Virtual Mach...

Page 315: ...cause the virtualized kernel failed to properly detect the default console device from the Extensible Firmware Interface EFI settings When this occurs add the boot parameter console tty to the kernel boot options in boot efi elilo conf BZ 249076 41 On some Itanium systems such as the Hitachi Cold Fusion 3e the serial port cannot be detected in dom0 when VGA is enabled by the EFI Maintenance Manage...

Page 316: ...al CPUs cannot be safely placed offline or online when the kvm_intel or kvm_amd module is loaded This precludes physical CPU offline and online operations when KVM guests that utilize processor virtualization support are running It also precludes physical CPU offline and online operations without KVM guests running when the kvm_intel or kvm_amd module is simply loaded and not being used If the kmo...

Page 317: ...em like tmpfs or ramfs is mounted To work around this issue unmount all RAM based filesystems i e tmpfs or ramfs If unmounting the RAM based filesystems is not possible modify the application to allocate lesser memory Finally if modifying the application is not possible disable NUMA memory reclaim by running sysctl vm zone_reclaim_mode 0 Important Turning NUMA reclaim negatively effects the overal...

Page 318: ...utstanding work requests generated by the user application Although the driver will reset the hardware and recover from such an event all existing connections at the time of the error will be lost This generally results in a segmentation fault in the user application Further if opensm is running at the time the error occurs then you need to manually restart it in order to resume proper operation B...

Page 319: ...e advised to disable hardware accelerated encryption using module parameters Failure to do so may result in the inability to connect to Wired Equivalent Privacy WEP protected wireless networks after connecting to WiFi Protected Access WPA protected wireless networks To do so add the following options to etc modprobe conf alias wlan0 iwlagn options iwlagn swcrypto50 1 swcrypto 1 where wlan0 is the ...

Page 320: ...uipped with ATI Rage XL ensure that it is using the vesa driver in order to successfully reboot into a kexec kdump kernel BZ 221656 65 kdump now serializes drive creation registration with the rest of the kdump process Consequently kdump may hang waiting for IDE drives to be initialized In these cases it is recommended that IDE disks not be used with kdump BZ 473852 67 It is possible in rare circu...

Page 321: ...is a full virtualization solution for Linux on x86 hardware KVM is a Linux kernel module built for the standard Red Hat Enterprise Linux kernel KVM can run multiple unmodified virtualized guest Windows and Linux operating systems KVM is a hypervisor which uses the libvirt virtualization tools virt manager and virsh By default KVM virtual machines created in Red Hat Enterprise Linux 5 4 have a virt...

Page 322: ...irtualization extensions on a CPU while it is being taken down Consequently suspending a host running KVM based virtual machines may cause the host to crash BZ 509809 72 The KSM module shipped in this release is a different version from the KSM module found on the latest upstream kernel versions Newer features such as exporting statistics on the sys filesystem that are implemented upstream are not...

Page 323: ...re loaded automatically at boot time if the kmod kvm package is installed To make these KVM modules available after installing the kmod kvm package the system either needs to be rebooted or the modules can be loaded manually by running the etc sysconfig modules kvm modules script BZ 501543 83 Some Linux based guests that use virtio virtual block devices may abort during installation returning the ...

Page 324: ...browsing the file line per line The command line option old bot forces less to behave as it did previously with long text lines displayed correctly BZ 441691 88 4 18 libvirt cim The libvirt cim package is a Common Manageablity Programming Interface CMPI CIM provider that implements the Distributed Management Task Force s DMTF s System Virtualization Partitioning and Clustering SVPC virtualization ...

Page 325: ...e lvchange command on a volume group that contains a mirror or snapshot may result in messages similar to the following Unable to change mirror log LV fail_secondary_mlog directly Unable to change mirror image LV fail_secondary_mimage_0 directly Unable to change mirror image LV fail_secondary_mimage_1 directly These messages can be safely ignored BZ 232499 91 4 21 mesa Mesa provides a 3D graphics ...

Page 326: ...he OFED software stack as its complete stack for Infiniband iWARP RDMA hardware support The following note applies to the ia64 Architectures Running perftest will fail if different CPU speeds are detected As such you should disable CPU speed scaling before running perftest BZ 433659 96 4 24 openmpi Open MPI MVAPICH and MVAPICH2 are all competing implementations of the Message Passing Interface MPI...

Page 327: ...le shells including bash AT T ksh and pdksh This issue will be resolved in an upcoming update to Red Hat Enterprise Linux 5 4 BZ 510374 101 4 26 qspice The Simple Protocol for Independent Computing Environments SPICE is a remote display system built for virtual environments which allows users to view a computing desktop environment not only on the machine where it is running but from anywhere on t...

Page 328: ...who need to register provider modules for tog pegasus should register these modules manually by running the following command as root usr share sblim cmpi dhcp provider register sh t pegasus v n root PG_InterOp r usr share sblim cmpi dhcp Linux_DHCPRegisteredProfile registration usr share sblim cmpi dhcp Linux_DHCPElementConformsToProfile registration m usr share sblim cmpi dhcp Linux_DHCPService ...

Page 329: ...ackage in Red Hat Enterprise Linux 5 4 Running some user space probe test cases provided by the systemtap testsuite package fail with an Unknown symbol in module error on some architectures These test cases include but are not limited to systemtap base uprobes exp systemtap base bz10078 exp systemtap base bz6850 exp systemtap base bz5274 exp Because of a known bug in the latest SystemTap update ne...

Page 330: ...in the above Microsoft knowledgebase article BZ 496592 109 Installation of Windows XP with the floppy containing guest drivers in order to get the virtio net drivers installed as part of the installation will return messages stating that the viostor sys file could not be found viostor sys is not part of the network drivers but is on the same floppy as portions of the virtio blk drivers These messa...

Page 331: ...may result in hda lost interrupt errors To avoid this bootup error configure the guest to use the SMP kernel BZ 249521 120 4 35 xorg x11 drv i810 xorg x11 drv i810 is an Intel integrated graphics video driver for the X Org implementation of the X Window System Running a screensaver or resuming a suspended laptop with an external monitor attached may result in a blank screen or a brief flash follow...

Page 332: ...tch to a virtual console and back to the original X host BZ 222737 126 BZ 221789 127 4 37 xorg x11 drv vesa xorg x11 drv vesa is a video driver for the X Org implementation of the X Window System It is used as a fallback driver for cards with no native driver or when the native driver does not work The following note applies to x86 Architectures When running the bare metal non Virtualized kernel t...

Page 333: ...ansmission of high quality speech and audio This is meant to close the gap between traditional speech codecs such as Speex and traditional audio codecs such as Vorbis etherboot 5 4 4 10 el5 Group Development Tools Summary Etherboot collection of boot roms Description Etherboot is a software package for creating ROM images that can download code over an Ethernet network to be executed on an x86 com...

Page 334: ...he gpg agent as included in GnuPG 2 and allows for seamless passphrase caching The advantage of GnupG 1 x is its smaller size and no dependency on other modules at run and build time hmaccalc 0 9 6 1 el5 Group System Environment Base Summary Tools for computing and checking HMAC values for files Description The hmaccalc package contains tools which can calculate HMAC hash based message authenticat...

Page 335: ...up System Environment Libraries Summary PCI access library Description libpciaccess is a library for portable PCI access routines across multiple operating systems log4cpp 1 0 4 el5 Group Development Libraries Summary C logging library Description A library of C classes for flexible logging to files syslog IDSA and other destinations It is modeled after the Log for Java library http www log4j org ...

Page 336: ...application but each thread has it s own individual program counter run time stack signal mask and errno variable qcairo 1 8 7 1 3 el5 Group System Environment Libraries Summary A 2D graphics library Description This is a version of the cairo 2D graphics library with additional features required to support the implementation of the spice protocol Cairo is a 2D graphics library designed to provide ...

Page 337: ...ry Xorg X11 qxl video driver Description X Org X11 qxl video driver xorg x11 xdm 1 0 5 6 el5 Group User Interface X Summary X Org X11 xdm X Display Manager Description X Org X11 xdm X Display Manager A 2 Dropped Packages gcc43 4 3 2 7 el5 Group Development Languages Summary Preview of GCC version 4 3 Description The gcc43 package contains preview the GNU Compiler Collection version 4 3 A 3 Updated...

Page 338: ...velop an open code base to allow access to platform information using Intelligent Platform Management Interface IPMI This package contains the tools of the OpenIPMI project Added Dependencies desktop file utils tcl devel tkinter No removed dependencies No added provides No removed provides No added conflicts No removed conflicts No added obsoletes No removed obsoletes acpid 1 0 4 7 el5 acpid 1 0 4...

Page 339: ...ary A network capable tape backup solution Description AMANDA the Advanced Maryland Automatic Network Disk Archiver is a backup system that allows the administrator of a LAN to set up a single master backup server to back up multiple hosts to one or more tape drives or disk files AMANDA uses native dump and or GNU tar facilities and can back up a large number of workstations running multiple versi...

Page 340: ...1 0 0 libdhcp devel 1 20 10 libdhcp6client 1 0 10 17 Removed Dependencies iscsi initiator utils 6 2 0 868 0 9 libdhcp devel 1 20 5 No added provides No removed provides No added conflicts No removed conflicts No added obsoletes No removed obsoletes apr 1 2 7 11 apr 1 2 7 11 el5_3 1 Group System Environment Libraries Summary Apache Portable Runtime library Description The mission of the Apache Port...

Page 341: ...y contains additional utility interfaces for APR including support for XML LDAP database interfaces URI parsing and more No added dependencies No removed dependencies No added provides No removed provides No added conflicts No removed conflicts No added obsoletes No removed obsoletes aspell nl 0 1e 1 fc6 aspell nl 0 1e 2 el5 Group Applications Text Summary Dutch dictionaries for Aspell Description...

Page 342: ...o removed obsoletes authconfig 5 3 21 5 el5 authconfig 5 3 21 6 el5 Group System Environment Base Summary Command line tool for setting up authentication from network services Description Authconfig is a command line utility which can configure a workstation to use shadow more secure passwords Authconfig can also configure a system to be a client for certain networked user information and authenti...

Page 343: ...en you use them and unmounts them later when you are not using them This can include network filesystems CD ROMs floppies and so forth No added dependencies No removed dependencies No added provides No removed provides No added conflicts No removed conflicts No added obsoletes No removed obsoletes avahi 0 6 16 1 el5 avahi 0 6 16 6 el5 Group System Environment Base Summary Local network service dis...

Page 344: ...ed Dependencies glibc kernheaders 2 4 7 10 No added provides No removed provides No added conflicts No removed conflicts No added obsoletes No removed obsoletes binutils 2 17 50 0 6 9 el5 binutils 2 17 50 0 6 12 el5 Group Development Tools Summary A GNU collection of binary utilities Description Binutils is a collection of binary utilities including ar for creating modifying and extracting from ar...

Page 345: ...ons of a large number of system commands including a shell This package can be very useful for recovering from certain types of system failures particularly those involving broken shared libraries No added dependencies No removed dependencies No added provides No removed provides No added conflicts No removed conflicts No added obsoletes No removed obsoletes cman 2 0 98 1 el5 cman 2 0 115 1 el5 Gr...

Page 346: ...No added conflicts No removed conflicts No added obsoletes No removed obsoletes cmirror kmod 0 1 21 10 el5 cmirror kmod 0 1 22 1 el5 Group System Environment Kernel Summary cmirror kernel modules Description cmirror kmod The Cluster Mirror kernel modules Added Dependencies kernel devel ia64 2 6 18 159 el5 kernel xen devel ia64 2 6 18 159 el5 Removed Dependencies kernel devel ia64 2 6 18 128 el5 ke...

Page 347: ...es No added conflicts No removed conflicts No added obsoletes No removed obsoletes coreutils 5 97 19 el5 coreutils 5 97 23 el5 Group System Environment Base Summary The GNU core utilities a set of tools commonly used in shell scripts Description These are the GNU core utilities This package is the combination of the old GNU fileutils sh utils and textutils packages Added Dependencies libattr devel...

Page 348: ...ves created on machines with a different byte order Install cpio if you need a program to manage file archives Added Dependencies rmt rsh No removed dependencies No added provides No removed provides No added conflicts No removed conflicts No added obsoletes No removed obsoletes cpuspeed 1 2 1 5 el5 cpuspeed 1 2 1 8 el5 Group System Environment Base Summary CPU frequency adjusting daemon Descripti...

Page 349: ...d dependencies No added provides No removed provides No added conflicts No removed conflicts No added obsoletes No removed obsoletes cryptsetup luks 1 0 3 4 el5 cryptsetup luks 1 0 3 5 el5 Group Applications System Summary A utility for setting up encrypted filesystems Description This package contains cryptsetup a utility for setting up encrypted filesystems using Device Mapper and the dm crypt t...

Page 350: ...es a portable printing layer for UNIX operating systems It has been developed by Easy Software Products to promote a standard printing solution for all UNIX vendors and users CUPS provides the System V and Berkeley command line interfaces No added dependencies No removed dependencies No added provides No removed provides No added conflicts No removed conflicts No added obsoletes No removed obsolet...

Page 351: ...gle directory CVS provides version control for a hierarchical collection of directories consisting of revision controlled files These directories and files can then be combined together to form a software release No added dependencies No removed dependencies No added provides No removed provides No added conflicts No removed conflicts No added obsoletes No removed obsoletes cyrus imapd 2 3 7 2 el5...

Page 352: ... proposed standard It supports any authentication mechanism available from the SASL library imaps pop3s nntps IMAP POP3 NNTP encrypted using SSL and TLSv1 can be used for security The server supports single instance store where possible when an email message is addressed to multiple recipients SIEVE provides server side email filtering No added dependencies No removed dependencies No added provide...

Page 353: ... db4 4 3 29 9 fc6 db4 4 3 29 10 el5 Group System Environment Libraries Summary The Berkeley DB database library version 4 for C Description The Berkeley Database Berkeley DB is a programmatic toolkit that provides embedded database support for both traditional and client server applications The Berkeley DB includes B tree Extended Linear Hashing Fixed and Variable length record access methods tran...

Page 354: ...0 4 7 30 el5 Group System Environment Base Summary Tools to manage multipath devices using device mapper Description device mapper multipath provides tools to manage multipath devices by instructing the device mapper multipath kernel module what to do The tools are multipath Scan the system for multipath devices and assemble them multipathd Detects when paths fail and execs multipath to update thi...

Page 355: ...flicts No removed conflicts No added obsoletes No removed obsoletes dhcpv6 1 0 10 16 el5 dhcpv6 1 0 10 17 el5 Group System Environment Daemons Summary DHCPv6 DHCP server and client for IPv6 Description Implements the Dynamic Host Configuration Protocol DHCP for Internet Protocol version 6 IPv6 networks in accordance with RFC 3315 Dynamic Host Configuration Protocol for IPv6 DHCPv6 Consists of dhcp...

Page 356: ...arallel USB Added Dependencies automake Removed Dependencies usr bin aclocal usr bin autoconf usr bin automake No added provides No removed provides No added conflicts No removed conflicts No added obsoletes No removed obsoletes dmraid 1 0 0 rc13 33 el5 dmraid 1 0 0 rc13 53 el5 Group System Environment Base Summary dmraid Device mapper RAID tool and library Description DMRAID supports RAID device ...

Page 357: ...e or other storage medium The restore command performs the inverse function of dump it can restore a full backup of a filesystem Subsequent incremental backups can then be layered on top of the full backup Single files and directory subtrees may also be restored from full or partial backups Install dump if you need a system for both backing up filesystems and restoring filesystems after backups No...

Page 358: ...ystem or to create test cases for e2fsck tune2fs used to modify filesystem parameters and most of the other core ext2fs filesystem utilities You should install the e2fsprogs package if you need to manage the performance of an ext2 and or ext3 filesystem No added dependencies No removed dependencies No added provides No removed provides No added conflicts No removed conflicts No added obsoletes No ...

Page 359: ...es No removed dependencies No added provides No removed provides No added conflicts No removed conflicts No added obsoletes No removed obsoletes ecryptfs utils 56 8 el5 ecryptfs utils 75 5 el5 Group System Environment Base Summary The eCryptfs mount helper and support libraries Description eCryptfs is a stacked cryptographic filesystem that ships in the Linux kernel This package provides the mount...

Page 360: ...ved conflicts No added obsoletes No removed obsoletes esc 1 0 0 39 el5 esc 1 1 0 9 el5 Group Applications Internet Summary Enterprise Security Client Smart Card Client Description Enterprise Security Client allows the user to enroll and manage their cryptographic smartcards No added dependencies No removed dependencies No added provides No removed provides No added conflicts No removed conflicts N...

Page 361: ...rovides No removed provides No added conflicts No removed conflicts No added obsoletes No removed obsoletes evolution data server 1 12 3 6 el5_2 3 evolution data server 1 12 3 18 el5 Group System Environment Libraries Summary Backend data server for Evolution Description The evolution data server package provides a unified backend for programs that work with contacts tasks and calendar information...

Page 362: ...ded provides No removed provides No added conflicts No removed conflicts No added obsoletes No removed obsoletes findutils 4 2 27 5 el5 findutils 4 2 27 6 el5 Group Applications File Summary The GNU versions of find utilities find and xargs Description The findutils package contains programs which will help you locate files on your system The find utility searches through a hierarchy of directorie...

Page 363: ...MAC SHA256 checksum files No added dependencies No removed dependencies No added provides No removed provides No added conflicts No removed conflicts No added obsoletes No removed obsoletes firefox 3 0 5 1 el5_2 firefox 3 0 12 1 el5_3 Group Applications Internet Summary Mozilla Firefox Web browser Description Mozilla Firefox is an open source web browser designed for standards compliance performan...

Page 364: ...ate queues foomatic configure and to print files manipulate jobs foomatic printjob The site http www linuxprinting org is based on this database No added dependencies No removed dependencies No added provides No removed provides No added conflicts No removed conflicts No added obsoletes No removed obsoletes freetype 2 2 1 20 el5_2 freetype 2 2 1 21 el5_3 Group System Environment Libraries Summary ...

Page 365: ...des No added conflicts No removed conflicts No added obsoletes No removed obsoletes gdb 6 8 27 el5 gdb 6 8 37 el5 Group Development Debuggers Summary A GNU source level debugger for C C Java and other languages Description GDB the GNU debugger allows you to debug programs written in C C Java and other languages by executing them in a controlled fashion and printing their data No added dependencies...

Page 366: ...added provides No removed provides No added conflicts No removed conflicts No added obsoletes No removed obsoletes gfs kmod 0 1 31 3 el5 gfs kmod 0 1 34 2 el5 Group System Environment Kernel Summary gfs kernel modules Description gfs The Global File System is a symmetric shared disk cluster file system Added Dependencies kernel devel ia64 2 6 18 159 el5 kernel xen devel ia64 2 6 18 159 el5 Removed...

Page 367: ...ties for managing the global filesystem GFS Description The gfs2 utils package contains a number of utilities for creating checking modifying and correcting any inconsistencies in GFS filesystems No added dependencies No removed dependencies No added provides No removed provides No added conflicts No removed conflicts No added obsoletes No removed obsoletes ghostscript 8 15 2 9 4 el5 ghostscript 8...

Page 368: ...lating GIF format image files Description The giflib package contains a shared library of functions for loading and saving GIF format image files It is API and ABI compatible with libungif the library which supported uncompressed GIFs while the Unisys LZW patent was in effect Install the giflib package if you need to write programs that use GIF files You should also install the giflib utils packag...

Page 369: ...ommon system code is kept in one place and shared between programs This particular package contains the most important sets of shared libraries the standard C library and the standard math library Without these two libraries a Linux system will not function No added dependencies No removed dependencies No added provides No removed provides No added conflicts No removed conflicts No added obsoletes...

Page 370: ...No added provides No removed provides No added conflicts No removed conflicts No added obsoletes No removed obsoletes grep 2 5 1 54 2 el5 grep 2 5 1 55 el5 Group Applications Text Summary The GNU versions of grep pattern matching utilities Description The GNU versions of commonly used grep utilities Grep searches through textual input for lines which contain a match to a specified pattern and then...

Page 371: ...eamer plugins base 0 10 20 3 el5 gstreamer plugins base 0 10 20 3 0 1 el5_3 Group Applications Multimedia Summary GStreamer streaming media framework base plug ins Description GStreamer is a streaming media framework based on graphs of filters which operate on media data Applications using this library can do anything from real time sound processing to playing videos and just about anything else m...

Page 372: ...Plug ins is a collection of well supported plug ins of good quality and under the LGPL license No added dependencies No removed dependencies No added provides No removed provides No added conflicts No removed conflicts No added obsoletes No removed obsoletes gtk vnc 0 3 2 3 el5 gtk vnc 0 3 8 3 el5 Group Development Libraries Summary A GTK widget for VNC clients Description gtk vnc is a VNC viewer ...

Page 373: ...k Webcrawler and AltaVista Instead it is meant to cover the search needs for a single company campus or even a particular sub section of a web site As opposed to some WAIS based or web server based search engines ht Dig can span several web servers at a site The type of these different web servers doesn t matter as long as they understand the HTTP 1 0 protocol ht Dig is also used by KDE to search ...

Page 374: ...figuration No added dependencies No removed dependencies No added provides No removed provides No added conflicts No removed conflicts No added obsoletes No removed obsoletes hwdata 0 213 11 1 el5 hwdata 0 213 16 1 el5 Group System Environment Base Summary Hardware identification and configuration data Description hwdata contains various hardware identification and configuration data such as the p...

Page 375: ...ed provides No removed provides No added conflicts No removed conflicts No added obsoletes No removed obsoletes ibutils 1 2 9 el5 ibutils 1 2 10 el5 Group System Environment Libraries Summary OpenIB Mellanox InfiniBand Diagnostic Tools Description ibutils provides IB network and path diagnostics No added dependencies No removed dependencies No added provides No removed provides No added conflicts ...

Page 376: ... No removed provides No added conflicts No removed conflicts No added obsoletes No removed obsoletes infiniband diags 1 4 1 2 el5 infiniband diags 1 4 4 1 el5 Group System Environment Libraries Summary OpenFabrics Alliance InfiniBand Diagnostic Tools Description This package provides IB diagnostic programs and scripts needed to diagnose an IB subnet No added dependencies No removed dependencies No...

Page 377: ...are designed to use the advanced networking capabilities of the Linux 2 4 x and 2 6 x kernel No added dependencies No removed dependencies No added provides No removed provides No added conflicts No removed conflicts No added obsoletes No removed obsoletes iprutils 2 2 8 2 el5 iprutils 2 2 13 1 el5 Group System Environment Base Summary Utilities for the IBM Power Linux RAID adapters Description Pr...

Page 378: ...ed dependencies No removed dependencies No added provides No removed provides No added conflicts No removed conflicts No added obsoletes No removed obsoletes iptables 1 3 5 4 el5 iptables 1 3 5 5 3 el5 Group System Environment Base Summary Tools for managing Linux kernel packet filtering capabilities Description The iptables utility controls the network packet filtering code in the Linux kernel If...

Page 379: ...ved provides No added conflicts No removed conflicts No added obsoletes No removed obsoletes ipvsadm 1 24 8 1 ipvsadm 1 24 10 Group Applications System Summary Utility to administer the Linux Virtual Server Description ipvsadm is a utility to administer the IP Virtual Server services offered by the Linux kernel No added dependencies No removed dependencies No added provides No removed provides No ...

Page 380: ...otocol as well as the utility programs used to manage it iSCSI is a protocol for distributed disk access using SCSI commands sent over Internet Protocol networks Added Dependencies doxygen python devel No removed dependencies No added provides No removed provides No added conflicts No removed conflicts No added obsoletes No removed obsoletes isdn4k utils 3 2 51 el5 isdn4k utils 3 2 56 el5 Group Ap...

Page 381: ...ing them as TeX files to obtain DVI PostScript or PDF files for example No added dependencies No removed dependencies No added provides No removed provides No added conflicts No removed conflicts No added obsoletes No removed obsoletes java 1 6 0 openjdk 1 6 0 0 0 25 b09 el5 java 1 6 0 openjdk 1 6 0 0 1 2 b09 el5 Group Development Languages Summary OpenJDK Runtime Environment Description The OpenJ...

Page 382: ...d kscreensaver kcontrol kfind kfontmanager kmenuedit No added dependencies No removed dependencies No added provides No removed provides No added conflicts No removed conflicts No added obsoletes No removed obsoletes kdelibs 3 5 4 18 el5 kdelibs 3 5 4 22 el5_3 Group System Environment Libraries Summary K Desktop Environment Libraries Description Libraries for the K Desktop Environment KDE Librarie...

Page 383: ...Description The kernel package contains the Linux kernel vmlinuz the core of any Linux operating system The kernel handles the basic functions of the operating system memory allocation process allocation device input and output etc Added Dependencies hmaccalc No removed dependencies No added provides No removed provides No added conflicts No removed conflicts No added obsoletes No removed obsolete...

Page 384: ...hird party network authentication system which can improve your network s security by eliminating the insecure practice of cleartext passwords No added dependencies No removed dependencies No added provides No removed provides No added conflicts No removed conflicts No added obsoletes No removed obsoletes ksh 20080202 2 el5 ksh 20080202 14 el5 Group Applications Shells Summary The Original ATT Kor...

Page 385: ...o added conflicts No removed conflicts No added obsoletes No removed obsoletes less 394 5 el5 less 394 6 el5 Group Applications Text Summary A text file browser similar to more but better Description The less utility is a text file browser that resembles more but has more capabilities Less allows you to move backwards in the file as well as forwards Since less doesn t have to read the entire input...

Page 386: ...as bookmarks built in mirroring and can transfer several files in parallel It is designed with reliability in mind Added Dependencies gnutls devel Removed Dependencies openssl devel No added provides No removed provides No added conflicts No removed conflicts No added obsoletes No removed obsoletes libX11 1 0 3 9 el5 libX11 1 0 3 11 el5 Group System Environment Libraries Summary X Org X11 libX11 r...

Page 387: ...ved conflicts No added obsoletes No removed obsoletes libdhcp 1 20 6 el5 libdhcp 1 20 10 el5 Group Development Libraries Summary A library for network interface configuration with DHCP Description libdhcp enables programs to invoke and control the Dynamic Host Configuration Protocol DHCP clients the Internet Software Consortium ISC IPv4 DHCP client library libdhcp4client and the IPv6 DHCPv6 client...

Page 388: ...emoved provides No added conflicts No removed conflicts No added obsoletes No removed obsoletes libgcrypt 1 2 4 1 el5 libgcrypt 1 4 4 5 el5 Group System Environment Libraries Summary A general purpose cryptography library Description Libgcrypt is a general purpose crypto library based on the code used in GNU Privacy Guard This is a development version Added Dependencies fipscheck gawk libgpg error...

Page 389: ... removed conflicts No added obsoletes No removed obsoletes libibcommon 1 1 1 1 el5 libibcommon 1 1 2 1 el5 Group System Environment Libraries Summary OpenFabrics Alliance InfiniBand management common library Description libibcommon provides common utility functions for the OFA diagnostic and management tools No added dependencies No removed dependencies No added provides No removed provides No add...

Page 390: ...System Environment Libraries Summary OpenFabrics Alliance InfiniBand umad user MAD library Description libibumad provides the user MAD library functions which sit on top of the user MAD modules in the kernel These are used by the IB diagnostic and management tools including OpenSM Added Dependencies libibcommon devel 1 1 2 Removed Dependencies libibcommon devel 1 1 1 No added provides No removed p...

Page 391: ...dded obsoletes No removed obsoletes libipathverbs 1 1 11 el5 libipathverbs 1 1 14 el5 Group System Environment Libraries Summary QLogic InfiniPath HCA Userspace Driver Description QLogic hardware driver for use with libibverbs user space verbs access library This driver supports QLogic InfiniPath based cards Added Dependencies libibverbs devel 1 1 2 4 el5 valgrind Removed Dependencies libibverbs d...

Page 392: ...ellanox InfiniBand HCA Userspace Driver Description Mellanox hardware driver for use with libibverbs user space verbs access library This driver supports Mellanox based Single Data Rate and Dual Data Rate cards including those from Cisco Topspin and Voltaire It does not support the Connect X architecture based Quad Data Rate cards libmlx4 handles that hardware Added Dependencies libibverbs devel 1...

Page 393: ...files Description The libpng package contains a library of functions for creating and manipulating PNG Portable Network Graphics image format files PNG is a bit mapped graphics format similar to the GIF format PNG was created to replace the GIF format since GIF uses a patented data compression algorithm Libpng should be installed if you need to manipulate PNG format image files No added dependenci...

Page 394: ...dp see libsdp conf which is installed in sysconfdir usually usr local etc or etc No added dependencies No removed dependencies No added provides No removed provides No added conflicts No removed conflicts No added obsoletes No removed obsoletes libselinux 1 33 4 5 1 el5 libselinux 1 33 4 5 5 el5 Group System Environment Libraries Summary SELinux library and simple utilities Description Security en...

Page 395: ...lities with enhanced security functionality designed to add mandatory access controls to Linux The Security enhanced Linux kernel contains new architectural components originally developed to improve the security of the Flask operating system These architectural components provide general support for the enforcement of many kinds of mandatory access control policies including those based on the co...

Page 396: ...policy compiler and similar tools as well as by programs like load_policy that need to perform specific transformations on binary policies such as customizing policy boolean settings No added dependencies No removed dependencies No added provides No removed provides No added conflicts No removed conflicts No added obsoletes No removed obsoletes libsoup 2 2 98 2 el5 libsoup 2 2 98 2 el5_3 1 Group D...

Page 397: ...s libtiff 3 8 2 7 el5_2 2 libtiff 3 8 2 7 el5_3 4 Group System Environment Libraries Summary Library of functions for manipulating TIFF format image files Description The libtiff package contains a library of functions for manipulating TIFF Tagged Image File Format image format files TIFF is a widely used file format for bitmapped images TIFF files usually end in the tif extension and they are oft...

Page 398: ...rovides No removed provides No added conflicts No removed conflicts No added obsoletes No removed obsoletes libvirt 0 3 3 14 el5 libvirt 0 6 3 20 el5 Group Development Libraries Summary Library providing a simple API virtualization Description Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux and other OSes Added Dependencies usr sbin qcow create c...

Page 399: ...ple platforms with a single provider Added Dependencies libvirt devel 0 6 3 Removed Dependencies libvirt devel 0 3 2 No added provides No removed provides No added conflicts No removed conflicts No added obsoletes No removed obsoletes libvorbis 1 1 2 3 el5_1 2 libvorbis 1 1 2 3 el5_3 3 Group System Environment Libraries Summary The Vorbis General Audio Compression Codec Description Ogg Vorbis is a...

Page 400: ... 1 2 7 libxml2 2 6 26 2 1 2 8 Group Development Libraries Summary Library providing XML and HTML support Description This library allows to manipulate XML files It includes support to read modify and write XML and HTML files There is DTDs support this includes parsing and validation even with complex DtDs either at parse time or later once the document has been modified The output can be a simple ...

Page 401: ...nflicts No added obsoletes No removed obsoletes lksctp tools 1 0 6 1 el5 1 lksctp tools 1 0 6 3 el5 Group System Environment Libraries Summary User space access to Linux Kernel SCTP Description This is the lksctp tools package for Linux Kernel SCTP Stream Control Transmission Protocol Reference Implementation This package is intended to supplement the Linux Kernel SCTP Reference Implementation now...

Page 402: ...g the execution of processes No added dependencies No removed dependencies No added provides No removed provides No added conflicts No removed conflicts No added obsoletes No removed obsoletes lvm2 2 02 40 6 el5 lvm2 2 02 46 8 el5 Group System Environment Base Summary Userland logical volume management tools Description LVM2 includes all of the support for handling read write operations on physica...

Page 403: ...oved Dependencies device mapper 1 02 28 2 No added provides No removed provides No added conflicts No removed conflicts No added obsoletes No removed obsoletes m2crypto 0 16 6 el5 3 m2crypto 0 16 6 el5 6 Group System Environment Libraries Summary Support for using OpenSSL in python scripts Description This package allows you to call OpenSSL functions from python scripts No added dependencies No re...

Page 404: ...Check Exception data Description mcelog is a daemon that collects and decodes Machine Check Exception data on x86 64 machines No added dependencies No removed dependencies No added provides No removed provides No added conflicts No removed conflicts No added obsoletes No removed obsoletes mdadm 2 6 4 1 el5 mdadm 2 6 9 2 el5 Group System Environment Base Summary mdadm controls Linux md devices soft...

Page 405: ... ramdisk image for preloading modules Description Mkinitrd creates filesystem images for use as initial ramdisk initrd images These ramdisk images are often used to preload the block device modules SCSI or RAID needed to access the root filesystem In other words generic kernels can be built without drivers for any SCSI adapters which load the SCSI driver as a module Since the kernel needs to read ...

Page 406: ...ading most of the file system which makes updatedb faster and does not trash the system caches as much as traditional locate implementations No added dependencies No removed dependencies No added provides No removed provides No added conflicts No removed conflicts No added obsoletes No removed obsoletes mod_auth_mysql 3 0 0 3 1 mod_auth_mysql 3 0 0 3 2 el5_3 Group System Environment Daemons Summar...

Page 407: ...tion based on role or by configured filters No added dependencies No removed dependencies No added provides No removed provides No added conflicts No removed conflicts No added obsoletes No removed obsoletes mod_nss 1 0 3 6 el5 mod_nss 1 0 3 8 el5 Group System Environment Daemons Summary SSL TLS module for the Apache HTTP server Description The mod_nss module provides strong cryptography for the A...

Page 408: ... obsoletes No removed obsoletes mpi selector 1 0 1 1 el5 mpi selector 1 0 2 1 el5 Group System Environment Base Summary Provides site wide and per user MPI implementation selection Description A simple tool that allows system administrators to set a site wide default for which MPI implementation is to be used but also allow users to set their own default MPI implementation thereby overriding the s...

Page 409: ... provides No removed provides No added conflicts No removed conflicts No added obsoletes No removed obsoletes mstflint 1 3 1 el5 mstflint 1 4 1 el5 Group Applications System Summary Mellanox firmware burning tool Description This package contains a burning tool for Mellanox manufactured HCA cards It also provides access to the relevant source code No added dependencies No removed dependencies No a...

Page 410: ...ah pich Added Dependencies autoconf libibverbs devel 1 1 2 4 el5 Removed Dependencies libibverbs devel No added provides No removed provides No added conflicts No removed conflicts No added obsoletes No removed obsoletes mvapich2 1 0 3 3 el5 mvapich2 1 2 0 p1 3 el5 Group Development Libraries Summary OSU MVAPICH2 MPI package Description This is an MPI 2 implementation which includes all MPI 1 feat...

Page 411: ...files No added dependencies No removed dependencies No added provides No removed provides No added conflicts No removed conflicts No added obsoletes No removed obsoletes mysql connector odbc 3 51 12 2 2 mysql connector odbc 3 51 26r1127 1 el5 Group System Environment Libraries Summary ODBC driver for MySQL Description An ODBC rev 3 driver for MySQL for use with unixODBC No added dependencies No re...

Page 412: ...ies No removed dependencies No added provides No removed provides No added conflicts No removed conflicts No added obsoletes No removed obsoletes netpbm 10 35 6 fc6 netpbm 10 35 58 8 el5 Group System Environment Libraries Summary A library for handling different graphics file formats Description The netpbm package contains a library of functions which support programs for handling various graphics...

Page 413: ... dependencies No added provides No removed provides No added conflicts No removed conflicts No added obsoletes No removed obsoletes nfs utils lib 1 0 8 7 2 z2 nfs utils lib 1 0 8 7 6 el5 Group System Environment Libraries Summary Network File System Support Library Description Support libraries that are needed by the commands and daemons the nfs utils rpm No added dependencies No removed dependenc...

Page 414: ...hared library linking No added dependencies No removed dependencies No added provides No removed provides No added conflicts No removed conflicts No added obsoletes No removed obsoletes nss 3 12 2 0 2 el5 nss 3 12 3 99 3 1 el5_3 2 Group System Environment Libraries Summary Network Security Services Description Network Security Services NSS is a set of libraries designed to support cross platform d...

Page 415: ...cies Removed Dependencies fipscheck devel No added provides No removed provides No added conflicts No removed conflicts No added obsoletes No removed obsoletes ntp 4 2 2p1 9 el5 ntp 4 2 2p1 9 el5_3 2 Group System Environment Daemons Summary Synchronizes system time using the Network Time Protocol NTP Description The Network Time Protocol NTP is used to synchronize a computer s time with another re...

Page 416: ...nd a libnuma to do allocations with NUMA policy in applications No added dependencies No removed dependencies No added provides No removed provides No added conflicts No removed conflicts No added obsoletes No removed obsoletes ofed docs 1 3 2 0 20080728 0355 1 el5 ofed docs 1 4 1 2 el5 Group Documentation Man Summary OpenFabrics Enterprise Distribution documentation Description Documentation from...

Page 417: ...roviding an implementation of the SA Forum s Hardware Platform Interface HPI HPI provides an abstracted interface to managing computer hardware typically for chassis and rack based servers HPI includes resource modeling access to and control over sensor control watchdog and inventory data associated with resources abstracted System Event Log interfaces hardware events and alerts and a managed hots...

Page 418: ...n Message Passing Interface Description Open MPI is an open source freely available implementation of both the MPI 1 and MPI 2 standards combining technologies and resources from several other projects FT MPI LA MPI LAM MPI and PACX MPI in order to build the best MPI library available A completely new MPI 2 compliant implementation Open MPI offers advantages for system and software vendors applica...

Page 419: ...icts No added obsoletes No removed obsoletes openssh 4 3p2 29 el5 openssh 4 3p2 36 el5 Group Applications Internet Summary The OpenSSH implementation of SSH protocol versions 1 and 2 Description SSH Secure SHell is a program for logging into and executing commands on a remote machine SSH is intended to replace rlogin and rsh and to provide secure encrypted communications between two untrusted host...

Page 420: ...wan 2 6 21 5 el5 Group System Environment Daemons Summary Openswan IPSEC implementation Description Openswan is a free implementation of IPsec IKE for Linux IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services These services allow you to build secure tunnels through untrusted networks Everything passing through the untrusted ne...

Page 421: ...rently during the background and profile data can be collected at any time OProfile makes use of the hardware performance counters provided on Intel P6 and AMD Athlon family processors and can use the RTC for profiling on other x86 processor types See the HTML documentation for further details Added Dependencies libtool popt No removed dependencies No added provides No removed provides No added co...

Page 422: ...tem for layout and rendering of internationalized text Description Pango is a system for layout and rendering of internationalized text No added dependencies No removed dependencies No added provides No removed provides No added conflicts No removed conflicts No added obsoletes No removed obsoletes pciutils 2 2 3 5 pciutils 2 2 3 7 el5 Group Applications System Summary PCI bus related utilities De...

Page 423: ... el5 Group Development Languages Summary The Perl programming language Description Perl is a high level programming language with roots in C sed awk and shell scripting Perl is good at handling processes and files and is especially good at handling text Perl s hallmarks are practicality and efficiency While it is used to do a lot of different things Perl s most common applications are system admin...

Page 424: ...s php 5 1 6 23 el5 php 5 1 6 23 2 el5_3 Group Development Languages Summary The PHP HTML embedded scripting language PHP Hypertext Preprocessor Description PHP is an HTML embedded scripting language PHP attempts to make it easy for developers to write dynamically generated webpages PHP also offers built in database integration for several commercial and non commercial database management systems s...

Page 425: ...No removed provides No added conflicts No removed conflicts No added obsoletes No removed obsoletes piranha 0 8 4 11 el5 piranha 0 8 4 13 el5 Group System Environment Base Summary Cluster administation tools Description Various tools to administer and configure the Linux Virtual Server as well as heartbeating and failover components The LVS is a dynamically adjusted kernel routing mechanism that p...

Page 426: ...Enforcement Role based Access Control and Multi level Security policycoreutils contains the policy core utilities that are required for basic operation of a SELinux system These utilities include load_policy to load policies setfiles to label filesystems newrole to switch roles and run_init to run etc init d scripts in the proper context Added Dependencies libsemanage devel 1 9 1 4 2 Removed Depen...

Page 427: ...7 Group Applications System Summary Utilities for managing processes on your system Description The psmisc package contains utilities for managing processes on your system pstree killall and fuser The pstree command displays a tree structure of all of the running processes on your system The killall command sends a specified signal SIGTERM if nothing is specified to processes identified by name Th...

Page 428: ... pyorbit is an extension module for python that gives you access to the ORBit2 CORBA ORB No added dependencies No removed dependencies No added provides No removed provides No added conflicts No removed conflicts No added obsoletes No removed obsoletes python 2 4 3 24 el5 python 2 4 3 27 el5 Group Development Languages Summary An interpreted interactive object oriented programming language Descrip...

Page 429: ... Environment Libraries Summary Python modules for dealing with block devices Description The pyblock contains Python modules for dealing with block devices No added dependencies No removed dependencies No added provides No removed provides No added conflicts No removed conflicts No added obsoletes No removed obsoletes python virtinst 0 300 2 12 el5 python virtinst 0 400 3 5 el5 Group Development L...

Page 430: ...ce No added dependencies No removed dependencies No added provides No removed provides No added conflicts No removed conflicts No added obsoletes No removed obsoletes qperf 0 4 1 2 el5 qperf 0 4 4 3 el5 Group Networking Diagnostic Summary Measure socket and RDMA performance Description Measure socket and RDMA performance Added Dependencies libibverbs devel 1 1 2 4 librdmacm devel 1 0 8 5 Removed D...

Page 431: ...oved dependencies No added provides No removed provides No added conflicts No removed conflicts No added obsoletes No removed obsoletes readline 5 1 1 1 readline 5 1 3 el5 Group System Environment Libraries Summary A library for editing typed command lines Description The Readline library provides a set of functions that allow users to edit command lines Both Emacs and vi editing modes are availab...

Page 432: ...ed obsoletes No removed obsoletes redhat release notes 5Server 25 redhat release notes 5Server 29 Group System Environment Base Summary Red Hat Enterprise Linux release notes files Description Red Hat Enterprise Linux release notes files No added dependencies No removed dependencies No added provides No removed provides No added conflicts No removed conflicts No added obsoletes No removed obsolete...

Page 433: ... applications in the event of planned or unplanned system downtime No added dependencies No removed dependencies No added provides No removed provides No added conflicts No removed conflicts No added obsoletes No removed obsoletes rhn client tools 0 4 19 17 el5 rhn client tools 0 4 20 9 el5 Group System Environment Base Summary Support programs and libraries for Red Hat Network Description Red Hat...

Page 434: ...des No added conflicts No removed conflicts No added obsoletes No removed obsoletes rhnsd 4 6 1 1 el5 rhnsd 4 7 0 4 el5 Group System Environment Base Summary Red Hat Network query daemon Description The Red Hat Update Agent that automatically queries the Red Hat Network servers and determines which packages need to be updated on your machine and runs any actions No added dependencies No removed de...

Page 435: ...el5 Group Applications Internet Summary Clients for remote access commands rsh rlogin rcp Description The rsh package contains a set of programs which allow users to run commands on remote machines login to other machines and copy files between machines rsh rlogin and rcp All three of these commands use rhosts style authentication This package contains the clients needed for all of these services ...

Page 436: ... fdasd which is used to create or modify partitions on eckd dasds formatted with the z OS compatible disk layout osasnmpd a subagent for net snmp to access the OSA hardware qetharp to query and purge address data in the OSA and HiperSockets hardware qethconf to configure IBM QETH function IPA VIPA and Proxy ARP src_vipa sh to start applications using VIPA capabilities tunedasd a tool to adjust tun...

Page 437: ...ls and does NOT need the NetBEUI Microsoft Raw NetBIOS frame protocol No added dependencies No removed dependencies No added provides No removed provides No added conflicts No removed conflicts No added obsoletes No removed obsoletes sblim 1 31 el5_2 1 sblim 1 35 el5 Group Applications System Summary Standards Based Linux Instrumentation for Manageability Description SBLIM stands for Standards Bas...

Page 438: ...M module for SCIM No added dependencies No removed dependencies No added provides No removed provides No added conflicts No removed conflicts No added obsoletes No removed obsoletes selinux policy 2 4 6 203 el5 selinux policy 2 4 6 255 el5 Group System Environment Base Summary SELinux policy configuration Description SELinux Reference Policy modular Added Dependencies policycoreutils 1 33 12 14 5 ...

Page 439: ...lerts can be configured to user preference The same tools can be run on existing log files No added dependencies No removed dependencies No added provides No removed provides No added conflicts No removed conflicts No added obsoletes No removed obsoletes setup 2 5 58 4 el5 setup 2 5 58 7 el5 Group System Environment Base Summary A set of system configuration and setup files Description The setup p...

Page 440: ... In the 2 6 series other device names may be used as well e g dev sda Warning Some of these tools access the internals of your system and the incorrect usage of them may render your system inoperable No added dependencies Removed Dependencies libtool No added provides No removed provides No added conflicts No removed conflicts No added obsoletes No removed obsoletes sos 1 7 9 16 el5 sos 1 7 9 27 e...

Page 441: ...o removed dependencies No added provides No removed provides No added conflicts No removed conflicts No added obsoletes No removed obsoletes squirrelmail 1 4 8 4 0 1 el5 squirrelmail 1 4 8 5 el5_3 7 Group Applications Internet Summary SquirrelMail webmail client Description SquirrelMail is a standards based webmail package written in PHP4 It includes built in pure PHP support for the IMAP and SMTP...

Page 442: ...oletes No removed obsoletes strace 4 5 18 2 el5 strace 4 5 18 5 el5 Group Development Debuggers Summary Tracks and displays system calls associated with a running process Description The strace program intercepts and records the system calls called and received by a running process Strace can print a record of each system call its arguments and its return value Strace is useful for diagnosing prob...

Page 443: ...moved obsoletes sudo 1 6 9p17 3 el5 sudo 1 6 9p17 5 el5 Group Applications System Summary Allows restricted root access for specified users Description Sudo superuser do allows a system administrator to give certain users or groups of users the ability to run some or all commands as root while logging all commands and arguments Sudo operates on a per command basis It is not a replacement for the s...

Page 444: ...d obsoletes system config date 1 8 12 3 el5 system config date 1 8 12 4 el5 Group System Environment Base Summary A graphical interface for modifying system date and time Description system config date is a graphical interface for changing the system date and time configuring the system time zone and setting up the NTP daemon to synchronize the time of the system with an NTP time server No added d...

Page 445: ...GUI of the NEtwork Adminstration Tool Description This is the GUI of the network configuration tool supporting Ethernet Wireless TokenRing ADSL ISDN and PPP No added dependencies No removed dependencies No added provides No removed provides No added conflicts No removed conflicts No added obsoletes No removed obsoletes system config samba 1 2 41 3 el5 system config samba 1 2 41 5 el5 Group System ...

Page 446: ...lfutils devel 0 127 No added provides No removed provides No added conflicts No removed conflicts No added obsoletes No removed obsoletes tcl 8 4 13 3 fc6 tcl 8 4 13 4 el5 Group Development Languages Summary Tcl scripting language development environment Description The Tcl Tool Command Language provides a powerful platform for creating integration applications that tie together diverse applicatio...

Page 447: ...onflicts No removed conflicts No added obsoletes No removed obsoletes tetex 3 0 33 2 el5_1 2 tetex 3 0 33 8 el5 Group Applications Publishing Summary The TeX text formatting system Description TeTeX is an implementation of TeX for Linux or UNIX systems TeX takes a text file and a set of formatting commands as input and creates a typesetter independent dvi DeVice Independent file as output Usually ...

Page 448: ...ttle security and should not be enabled unless it is expressly needed No added dependencies No removed dependencies No added provides No removed provides No added conflicts No removed conflicts No added obsoletes No removed obsoletes tog pegasus 2 7 1 2 el5 tog pegasus 2 7 2 1 el5 Group Systems Management Base Summary OpenPegasus WBEM Services for Linux Description OpenPegasus WBEM Services for Li...

Page 449: ... Software License Tomcat is intended to be a collaboration of the best of breed developers from around the world We invite you to participate in this open development project To learn more about getting involved click here No added dependencies No removed dependencies No added provides No removed provides No added conflicts No removed conflicts No added obsoletes No removed obsoletes totem 2 16 7 ...

Page 450: ...conflicts No removed conflicts No added obsoletes No removed obsoletes udev 095 14 19 el5 udev 095 14 21 el5 Group System Environment Base Summary A userspace implementation of devfs Description The udev package contains an implementation of devfs in userspace using sysfs and netlink No added dependencies No removed dependencies No added provides No removed provides No added conflicts No removed c...

Page 451: ...ry for a Linux system to function Among others Util linux contains the fdisk configuration tool and the login program No added dependencies No removed dependencies No added provides No removed provides No added conflicts No removed conflicts No added obsoletes No removed obsoletes vim 7 0 109 4 el5_2 4z vim 7 0 109 6 el5 Group Applications Editors Summary The VIM editor Description VIM VIsual edit...

Page 452: ...devel intltool libtool No removed dependencies No added provides No removed provides No added conflicts No removed conflicts No added obsoletes No removed obsoletes virt manager 0 5 3 10 el5 virt manager 0 6 1 8 el5 Group Applications Emulators Summary Virtual Machine Manager Description Virtual Machine Manager provides a graphical tool for administering virtual machines for KVM Xen and QEmu Start...

Page 453: ...System Summary Virtual Machine Viewer Description Virtual Machine Viewer provides a graphical console client for connecting to virtual machines It uses the GTK VNC widget to provide the display and libvirt for looking up VNC server details No added dependencies No removed dependencies No added provides No removed provides No added conflicts No removed conflicts No added obsoletes No removed obsole...

Page 454: ...om scratch No added dependencies No removed dependencies No added provides No removed provides No added conflicts No removed conflicts No added obsoletes No removed obsoletes watchdog 5 3 1 7 el5 watchdog 5 6 1 el5 Group System Environment Daemons Summary Software and or Hardware watchdog daemon Description The watchdog program can be used as a powerful software watchdog daemon or may be alternate...

Page 455: ...ut devices for Wacom tablets so they can be plugged and unplugged while X org server is running This should go away as soon X org properly supports hotplugging No added dependencies No removed dependencies No added provides No removed provides No added conflicts No removed conflicts No added obsoletes No removed obsoletes wget 1 10 2 7 el5 wget 1 11 4 2 el5 Group Applications Internet Summary A ut...

Page 456: ...y to GTK package No added dependencies No removed dependencies No added provides No removed provides No added conflicts No removed conflicts No added obsoletes No removed obsoletes xen 3 0 3 80 el5 xen 3 0 3 94 el5 Group Development Libraries Summary Xen is a virtual machine monitor Description This package contains the Xen tools and management daemons needed to run virtual machines on x86 x86_64 ...

Page 457: ...on xkeyboard config alternative xkb data files No added dependencies No removed dependencies No added provides No removed provides No added conflicts No removed conflicts No added obsoletes No removed obsoletes xorg x11 drv ati 6 6 3 3 22 el5 xorg x11 drv ati 6 6 3 3 27 el5 Group User Interface X Hardware Support Summary Xorg X11 ati video driver Description X Org X11 ati video driver Added Depend...

Page 458: ...ncies xorg x11 server sdk 1 1 1 48 58 el5 Removed Dependencies xorg x11 server randr source 1 1 1 48 46 el5 xorg x11 server sdk 1 1 0 2 No added provides No removed provides No added conflicts No removed conflicts No added obsoletes No removed obsoletes xorg x11 drv mga 1 4 2 10 el5 xorg x11 drv mga 1 4 10 5 el5 Group User Interface X Hardware Support Summary Xorg X11 mga video driver Description ...

Page 459: ...er sdk 1 1 1 48 58 el5 Removed Dependencies xorg x11 server randr source 1 1 1 48 46 el5 xorg x11 server sdk 1 1 1 48 22 No added provides No removed provides No added conflicts No removed conflicts No added obsoletes No removed obsoletes xorg x11 proto devel 7 1 9 fc6 xorg x11 proto devel 7 1 13 el5 Group Development System Summary X Org X11 Protocol headers Description X Org X11 Protocol headers...

Page 460: ... removed provides No added conflicts No removed conflicts No added obsoletes No removed obsoletes xulrunner 1 9 0 5 1 el5_2 xulrunner 1 9 0 12 1 el5_3 Group Applications Internet Summary XUL Runtime for Gecko Applications Description XULRunner provides the XUL Runtime environment for Gecko applications No added dependencies No removed dependencies No added provides No removed provides No added con...

Page 461: ...ogin names passwords home directories group information to all of the machines on a network NIS can allow users to log in on any machine on the network as long as the machine has the NIS client programs running and the user s password is recorded in the NIS passwd database NIS was formerly known as Sun Yellow Pages YP This package provides the ypbind daemon The ypbind daemon binds NIS clients to a...

Page 462: ... yum metadata parser 1 1 2 2 el5 yum metadata parser 1 1 2 3 el5 Group Development Libraries Summary A fast metadata parser for yum Description Fast metadata parser for yum implemented in C No added dependencies No removed dependencies No added provides No removed provides No added conflicts No removed conflicts No added obsoletes No removed obsoletes yum rhn plugin 0 5 3 30 el5 yum rhn plugin 0 5...

Page 463: ...erpreter usable as an interactive login shell and as a shell script command processor Zsh resembles the ksh shell the Korn shell but includes many enhancements Zsh supports command line editing built in spelling correction programmable command completion shell functions with autoloading a history mechanism and more No added dependencies No removed dependencies No added provides No removed provides...

Page 464: ...446 ...

Page 465: ...ry Revision 1 1 Thu Sep 03 2009 Ryan Lerch rlerch redhat com Added the Preface Updated the Abstract and corrected erroneous errata IDs Revision 1 0 Wed Sep 02 2009 Ryan Lerch rlerch redhat com Initial Release of the Technical Notes ...

Page 466: ...448 ...

Reviews:

No comments

Related manuals for ENTERPRISE 5.4 RELEASE NOTES

Xerox C8 - DocuPrint Color Inkjet Printer User Manual preview
C8 - DocuPrint Color Inkjet Printer
Brand: Xerox Pages: 458
Xerox FreeFlow Important Installation Information preview
FreeFlow
Brand: Xerox Pages: 2
Xerox C8 - DocuPrint Color Inkjet Printer Manual preview
C8 - DocuPrint Color Inkjet Printer
Brand: Xerox Pages: 51
Adobe CAPTIVATE 2 Use Manual preview
CAPTIVATE 2
Brand: Adobe Pages: 306
Mitsubishi WiFi-Doc Client for iOS User Manual preview
WiFi-Doc Client for iOS
Brand: Mitsubishi Pages: 10
AMX G4 PANELPREVIEW V1.2 Instruction Manual preview
G4 PANELPREVIEW V1.2
Brand: AMX Pages: 16
Native Instruments Monark Manual preview
Monark
Brand: Native Instruments Pages: 49
Nokia Series 60 Manual preview
Series 60
Brand: Nokia Pages: 84
Samsung LN32D467E1H Software Manual preview
LN32D467E1H
Brand: Samsung Pages: 1
Samsung MZ-7PC064D Specifications preview
MZ-7PC064D
Brand: Samsung Pages: 2
Samsung S1A0905-S0B0 Quick Start Manual preview
S1A0905-S0B0
Brand: Samsung Pages: 6
Samsung MZ-7PC064D User Manual preview
MZ-7PC064D
Brand: Samsung Pages: 59
Internet Security Systems RealSecure User Manual preview
RealSecure
Brand: Internet Security Systems Pages: 126
Ulead DVD MOVIEFACTORY 5 User Manual preview
DVD MOVIEFACTORY 5
Brand: Ulead Pages: 72
Red Hat DEVICE-MAPPER MULTIPATH 4.6 Configuration And Administration Manual preview
DEVICE-MAPPER MULTIPATH 4.6
Brand: Red Hat Pages: 42
Konica Minolta COLIBRI Brochure preview
COLIBRI
Brand: Konica Minolta Pages: 6
DeLorme Topo North America 9.0 User Manual preview
Topo North America 9.0
Brand: DeLorme Pages: 257
10ZiG Technology Limited RBT Series Configuration Manual preview
RBT Series
Brand: 10ZiG Technology Limited Pages: 125

Brands by name

Popular brands

Load more brands