The maintenance team would like to announce that the following packages are available from the updates repositories for SME 6.0, 6.0.1 & 6.5RC1.
To update your server see
http://no.longer.valid/phpwiki/index.php/How%20to%20update%20SME%20ServerTo help this process see
http://no.longer.valid/phpwiki/index.php/Maintenance%20ProcessFollow the steps below to update using yum. These need to be entered from the command line.
yum update
/sbin/e-smith/signal-event post-upgrade
/sbin/e-smith/signal-event reboot
Packages in updates-common
cyrus-sasl-1.5.24-25.2.legacy.i386.rpm
cyrus-sasl-md5-1.5.24-25.2.legacy.i386.rpm
For SME 6.0 & 6.0.1
FL Note:
http://www.fedoralegacy.org/updates/RH7.3/2005-02-17-FLSA_2005_2137__Updated_cyrus_sasl_resolves_security_vulnerabilities.html FL Bug :
https://bugzilla.fedora.us/show_bug.cgi?id=2137 At application startup, libsasl and libsasl2 attempts to build a list
of all available SASL plug-ins which are available on the system. To do
so, the libraries search for and attempt to load every shared library found
within the plug-in directory. This location can be set with the SASL_PATH
environment variable.
In situations where an untrusted local user can affect the environment of a
privileged process, this behavior could be exploited to run arbitrary code
with the privileges of a setuid or setgid application. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2004-0884 to this issue.
e-smith-LPRng-1.12.0-04.noarch.rpm
For SME 6.0 & 6.0.1
Mitel update from
ftp://ibiblio.org/pub/linux/distributions/e-smith/updates/6.0/ Bug Fix for Bug 26
* Fri Jan 30 2004 Michael Soulier <msoulier@e-smith.com>
- [1.12.0-04]
- Backed-out bug 5558. It doesn't quite work yet, so we're going to try again
in 6.1. [msoulier 5558]
* Mon Jan 26 2004 Michael Soulier <msoulier@e-smith.com>
- [1.12.0-03]
- Fixed runtime error in LPRng-restart. [msoulier 10877]
* Fri Jan 23 2004 Michael Soulier <msoulier@e-smith.com>
- [1.12.0-02]
- Adding ability to view the print queue, and delete one's jobs.
[msoulier 5558]
* Thu Jan 22 2004 Michael Soulier <msoulier@e-smith.com>
- [1.12.0-01]
- rolling to stable - 1.12.0
* Tue Jan 6 2004 Michael Soulier <msoulier@e-smith.com>
- [1.11.0-06]
- Added 6.0 styling to printer panel. [msoulier 10876]
e-smith-dnscache-0.3.0-04sme02.noarch.rpm
For SME 6.0 & 6.0.1 (This version was already in 6.5RC1)
Bug Fix for Bug 109.
dnscache creating reverse entries for all localnetworks
* Thu Jan 27 2005 Shad L. Lords <slords@mail.com>
- [0.3.0-04sme02]
- Create ForwardOnly defaulting to enabled for forwarder
* Mon Jan 24 2005 Shad L. Lords <slords@mail.com>
- [0.3.0-04sme01]
- Only create reverse entries if local network or defined dns entry
e-smith-email-4.14.0-11.noarch.rpm
For SME 6.0 & 6.0.1
Mitel update from
ftp://ibiblio.org/pub/linux/distributions/e-smith/updates/6.0/ Bug Fix for Bug 2
* Thu Feb 12 2004 Mark Knox <markk@e-smith.com>
- [4.14.0-11]
- Fixed broken expansion of /etc/fetchmail in email-update event [markk 10064]
- Fixed buggy template causing multidrop to fail [markk 10064]
* Tue Jan 27 2004 Michael Soulier <msoulier@e-smith.com>
- [4.14.0-10]
- Added migration fragment to migrate broken Visisble property.
[msoulier 10907]
* Mon Jan 26 2004 Michael Soulier <msoulier@e-smith.com>
- [4.14.0-09]
- Fixed spelling of Visible in defaults fragment. [msoulier 10907]
* Sun Sep 21 2003 Charlie Brady <charlieb@e-smith.com>
- [4.14.0-08]
- Remove duplicate primary domain name in multidrop fetchmail template
[charlieb 10064]
* Wed Aug 27 2003 Michael Soulier <msoulier@e-smith.com>
- [4.14.0-07]
- Added K* init symlinks to runlevels 0, 1 and 6 for popd. [msoulier 9761]
e-smith-imap-1.2.0-03.noarch.rpm
For SME 6.0 & 6.0.1
Mitel update from
ftp://ibiblio.org/pub/linux/distributions/e-smith/updates/6.0/ * Tue Jan 27 2004 Michael Soulier <msoulier@e-smith.com>
- [1.2.0-03]
- Fixed scoping problem with function for concurrency template.
[msoulier 10871]
* Tue Jan 27 2004 Michael Soulier <msoulier@e-smith.com>
- [1.2.0-02]
- Adding an imap concurrency "throttle", based on the number of users.
[msoulier 10871]
* Tue Jan 27 2004 Michael Soulier <msoulier@e-smith.com>
- [1.2.0-01]
- rolling to stable - 1.2.0
* Fri Nov 28 2003 Charlie Brady <charlieb@e-smith.com>
- [1.1.0-02]
- Move setup of cvm environment variables into CDB file. Saves
execution of envdir, and allows customisation per IP address.
[charlieb]
* Fri Nov 28 2003 Charlie Brady <charlieb@e-smith.com>
- [1.1.0-01]
- Changing version to development stream number - 1.1.0
* Wed Aug 27 2003 Michael Soulier <msoulier@e-smith.com>
- [1.0.0-03]
- Added K* init symlinks for runlevels 0, 1 and 6. [msoulier 9761]
e-smith-ldap-4.10.0-03sme02
For SME 6.0 & 6.0.1 (This version was already in 6.5RC1)
Bug Fix for Bug 158.
changing ldap dir settings to existing users does not work
* Sun Feb 06 2005 Shad L. Lords <slords@mail.com>
- [4.10.0-03sme02]
- Do a graceful restart instead of full restart on directory save
e-smith-mailfront-1.4.0-01.noarch.rpm
For SME 6.0 & 6.0.1
Mitel update from
ftp://ibiblio.org/pub/linux/distributions/e-smith/updates/6.0/ * Thu Jan 29 2004 Michael Soulier <msoulier@e-smith.com>
- [1.4.0-01]
- rolling to stable - 1.4.0
- Backout of previous change. Wrong stream. [msoulier 10052]
* Fri Sep 19 2003 Charlie Brady <charlieb@e-smith.com>
- [1.3.0-12]
- Fix new_record call in migrate fragment. [charlieb 10052]
e-smith-packetfilter-1.14.0-03.noarch.rpm
For SME 6.0 & 6.0.1
Mitel update from
ftp://ibiblio.org/pub/linux/distributions/e-smith/updates/6.0/ * Thu Jan 8 2004 Mark Knox <markk@e-smith.com>
- [1.14.0-03]
- Backported fix of bug 10162, solving a problem with masq expansion in
server-only mode [markk 10882]
e-smith-proftpd-1.10.0-04.noarch.rpm
For SME 6.0 & 6.0.1
Mitel update from
ftp://ibiblio.org/pub/linux/distributions/e-smith/updates/6.0/ * Mon Jan 26 2004 Michael Soulier <msoulier@e-smith.com>
- [1.10.0-04]
- Added AllowRetrieveRestart and AllowStoreRestart global options.
[msoulier 9398]
* Mon Jan 26 2004 Michael Soulier <msoulier@e-smith.com>
- [1.10.0-03]
- Fixed duplication of Anonymous section. [msoulier 9184]
e-smith-proxy-4.12.0-02.noarch.rpm
For SME 6.0 & 6.0.1 (This version was already in 6.5RC1)
Mitel update from
ftp://ibiblio.org/pub/linux/distributions/e-smith/updates/6.0/ * Tue Sep 9 2003 Gordon Rowell <gordonr@e-smith.com>
- [4.12.0-02]
- Disable safe_ports ACL by default. Create squid{SafePorts}
default ports list and squid{EnforceSafePorts} default to no [gordonr 9488]
e-smith-qmail-1.8.0-04.noarch.rpm
For SME 6.0 & 6.0.1 (This version was already in 6.5RC1)
Mitel update from
ftp://ibiblio.org/pub/linux/distributions/e-smith/updates/6.0/ * Wed Mar 31 2004 Tony Clayton <apc@e-smith.com>
- [1.8.0-04]
- Pulling in spec file changes for last patch [tonyc MN00020822]
* Fri Feb 13 2004 Mark Knox <markk@e-smith.com>
- [1.8.0-03]
- Shadow MN00020522: Removed migrate-qmail-logfiles [markk MN00020822]
* Thu Aug 28 2003 Michael Soulier <msoulier@e-smith.com>
- [1.8.0-02]
- Adding K* init symlinks in runlevels 0, 1 and 6. [msoulier 9761]
e-smith-samba-1.12.0-02.noarch.rpm
For SME 6.0 & 6.0.1
Mitel update from
ftp://ibiblio.org/pub/linux/distributions/e-smith/updates/6.0/ * Thu Feb 5 2004 Michael Soulier <msoulier@e-smith.com>
- [1.12.0-02]
- Updating the build dependencies. [msoulier 10995]
* Wed Feb 4 2004 Michael Soulier <msoulier@e-smith.com>
- [1.12.0-01]
- rolling to stable - 1.12.0
* Wed Feb 4 2004 Mark Knox <markk@e-smith.com>
- [1.11.0-16]
- Include rc1.d/K35smb symlink for proper shutdown in single user mode
[markk 10958]
* Tue Nov 25 2003 Michael Soulier <msoulier@e-smith.com>
- [1.11.0-15]
- Removing client driver option, to move to [printers] section.
[msoulier 10623]
e-smith-turba-1.4.0-01.noarch.rpm
For SME 6.0 & 6.0.1 (This version was already in 6.5RC1)
Mitel update from
ftp://ibiblio.org/pub/linux/distributions/e-smith/updates/6.0/ * Wed Feb 4 2004 Michael Soulier <msoulier@e-smith.com>
- [1.4.0-01]
- rolling to stable - 1.4.0
krb5-libs-1.2.4-16.1.legacy.i386.rpm
For all SME 6.x
FL Note:
http://www.fedoralegacy.org/updates/RH7.3/2005-07-24-FLSA_2005_154276__Updated_krb5_packages_fix_security_issues.html FL Bug :
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=154276 Several buffer overflows were possible for all Kerberos versions up to
and including 1.3.3 in the krb5_aname_to_localname library function. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2004-0523 to this issue.
Several double-free bugs were found in the Kerberos 5 KDC and libraries.
A remote attacker could potentially exploit these flaws to execuate
arbitrary code. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the names CAN-2004-0642 and CAN-2004-0643
to these issues.
A double-free bug was also found in the krb524 server. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CAN-2004-0772 to this issue.
An infinite loop bug was found in the Kerberos 5 ASN.1 decoder library.
A remote attacker may be able to trigger this flaw and cause a denial of
service. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-0644 to this issue.
A heap based buffer overflow bug was found in the administration library
of Kerberos 1.3.5 and earlier. This bug could allow an authenticated
remote attacker to execute arbitrary commands on a realm's master
Kerberos KDC. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-1189 to this issue.
Additionally a temporary file bug was found in the Kerberos krb5-send-pr
program. It is possible that an attacker could create a temporary file
that would allow an arbitrary file to be overwritten which the victim
has write access to. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-0971 to this issue.
The krb5-workstation package includes a Kerberos-aware telnet client.
Two buffer overflow flaws were discovered in the way the telnet client
handles messages from a server. An attacker may be able to execute
arbitrary code on a victim's machine if the victim can be tricked into
connecting to a malicious telnet server. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the names CAN-2005-0468
and CAN-2005-0469 to these issues.
All users of krb5 should upgrade to these updated packages, which
contain backported security patches to resolve these issues.
openssl-0.9.6b-39.7.legacy.i386.rpm
For all SME 6.x
FL Note:
http://www.fedoralegacy.org/updates/RH7.3/2005-07-15-FLSA_2005_152841__Updated_openssl_packages_fix_security_issues.html FL Bug :
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152841 A flaw was found in the way the der_chop script creates temporary files.
It is possible that a malicious local user could cause der_chop to
overwrite files (CAN-2004-0975).
perl-CGI-FormMagick-0.89-09.noarch.rpm
For SME 6.0 & 6.0.1
Mitel update from
ftp://ibiblio.org/pub/linux/distributions/e-smith/updates/6.0/SRPMS/ ftp://ibiblio.org/pub/linux/distributions/e-smith/updates/6.0/RPMS/i386/ ftp://ibiblio.org/pub/linux/distributions/e-smith/updates/6.0/RPMS/noarch/rsync-2.5.7-2.legacy.7x.i386.rpm
For SME 6.0 & 6.0.1 (This version was already in 6.5RC1)
FL Note:
http://www.fedoralegacy.org/updates/RH7.3/2004-09-30-FLSA_2004_2003__Updated_rsync_package_fixes_security_issues.html FL Bug :
https://bugzilla.fedora.us/show_bug.cgi?id=2003 Rsync before 2.6.1 does not properly sanitize paths when running a
read/write daemon without using chroot. This could allow a remote
attacker
to write files outside of the module's "path", depending on the
privileges
assigned to the rsync daemon. Users not running an rsync daemon, running
a
read-only daemon, or running a chrooted daemon are not affected by this
issue. The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2004-0426 to this issue.
Versions of rsync up to and including version 2.6.2 contain a path
sanitization issue. This issue could allow an attacker to read or write
files outside of the rsync directory. This vulnerability is only
exploitable when an rsync server is enabled and is not running within a
chroot. The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2004-0792 to this issue.
shadow-utils-20000902-9.7es1.i386.rpm
For SME 6.0 & 6.0.1 (This version was already in 6.5RC1)
RH Note:
https://rhn.redhat.com/errata/RHSA-2003-057.html Note this has one patch applied.
Updated shadow-utils packages correct a bug that caused the useradd tool to
create mail spools with incorrect permissions.
The shadow-utils package includes programs for converting UNIX password
files to the shadow password format, plus programs for managing user and
group accounts. One of these programs is useradd and is used to create or
update new user information.
When creating a user account, the version of useradd
creates a mailbox file with incorrectly-set
group ownership. Instead of setting the file's group ownership to the
'mail' group, it is set to the user's primary group.
These erratum packages contain an updated patch to useradd. Where a 'mail'
group exists, mailboxes will be created with group 'mail' having read and
write permissions. Otherwise the mailbox file will be created without
group read and write permissions.
Additional Patch
* Mon Feb 16 2004 Damien Curtain <damien@pagefault.org> 20000902-9.7es1
- Add fix from previous e-smith release:
- Fix problem with long lines in /etc/group. Patch recovered from PLD
- shadow-4.0.0 RPM.
stunnel-3.26-1.7.3es01.i386.rpm
For SME 6.0 & 6.0.1 (This version was already in 6.5RC1)
RH Note:
http://rhn.redhat.com/errata/RHSA-2003-296.html Note this has one patch applied.
Updated stunnel packages are now available. These updates address
problems stemming from improper use of non-reentrant functions
in signal handlers.
Stunnel is a wrapper for network connections. It can be used to tunnel an
unencrypted network connection over an encrypted connection (encrypted
using SSL or TLS) or to provide an encrypted means of connecting to
services that do not natively support encryption.
A previous advisory provided updated packages to address re-entrancy
problems in stunnel's signal-handling routines. These updates did not
address other bugs that were found by Steve Grubb, and introduced an
additional bug, which was fixed in stunnel 3.26.
Additional Patch
* Mon Feb 16 2004 Damien Curtain <damien@pagefault.org> 3.26-1.7.3es01
- Add fix from previous e-smith release:
- Add Scott Gifford's STARTTLS proxy patches and makesock program.
- (Ported to 3.26).
Packages for only 6.0
http://mirror.contribs.org/smeserver/releases/6.0/updates/e-smith-formmagick-1.2.2-02.noarch.rpm
For SME 6.0 only
Mitel update from
ftp://ibiblio.org/pub/linux/distributions/e-smith/updates/6.0/ * Tue Apr 6 2004 Tony Clayton <apc@e-smith.com>
- [1.2.2-02]
- Remove stray LOG reference [tonyc MN00025561]
e-smith-horde-1.10.0-02.noarch.rpm
For SME 6.0 only
Mitel update from
ftp://ibiblio.org/pub/linux/distributions/e-smith/updates/6.0/ Bug Fix for Bug 12
* Mon Jan 26 2004 Michael Soulier <msoulier@e-smith.com>
- [1.10.0-02]
- Added directive to block access to test.php scripts in horde.
[msoulier 7376]
* Tue Jan 20 2004 Mark Knox <markk@e-smith.com>
- [1.10.0-01]
- Rolling to stable. Bug 10917. - 1.10.0
* Tue Jan 6 2004 Michael Soulier <msoulier@e-smith.com>
- [1.9.0-17]
- Fixed bad variable reference in conf-horde-startup. [msoulier 10855]
* Tue Jan 6 2004 Michael Soulier <msoulier@e-smith.com>
- [1.9.0-16]
- Fixed ordering of template expansion to symlink creation. [msoulier 10855]
* Tue Dec 23 2003 Michael Soulier <msoulier@e-smith.com>
- [1.9.0-15]
- Fixed ordering of password set and template expansion. Removed password set
from update privs script. One place to set the password is enough.
[msoulier 10855]
* Mon Dec 22 2003 Michael Soulier <msoulier@e-smith.com>
- [1.9.0-14]
- Fixed typo in conf-horde. [msoulier 7112]
* Fri Dec 19 2003 Michael Soulier <msoulier@e-smith.com>
- [1.9.0-13]
- Moved code to set the random horde password into conf-horde.
[msoulier 7112]
* Thu Dec 18 2003 Michael Soulier <msoulier@e-smith.com>
- [1.9.0-12]
- Make sure that the horde password is alphabetical. [msoulier 7112]
10 Replies
7447 Views