Downloads MUST be applied from the bottom of the page to the top, as they must be applied in chronlogical order. Application of these patches in improper order will likely result in problems with the Sun Cobalt™ product.

Note: For all previous updates, please see http://ftp.cobalt.sun.com

The md5sums listed below are for the unzipped ISO image files and not for the .gz files

Sendmail Security Update 0.0.1

This update addresses two vulnerabilities in Sendmail.

• This update fixes the improper handling of Asynchronous signals which may lead to DoS attack
• This update fix the reference CVE 2006-0058 See: CAN-2006-0058

Pre-Requisites:
RaQ550-All-Security-0.0.1-16429.pkg

Reboot Required: No

MD5 Check Sum: fbbb2e234c7395ca539c8d13a4239604

PHP Security Update 0.0.1

This update fixes vulnerability with PHP issue

Obsoletes:
RaQ550-All-Security-0.0.1-17041.pkg

Pre-Requisites:
RaQ550-All-Security-0.0.1-15959.pkg

Reboot Required: Yes

MD5 Check Sum:49465664101ada84a73b779be581b21a

Apache and Openssl Security Update 0.0.1

This update addresses vulnerabilities discovered in Apache and mod_ssl.

Obsoletes:
RaQ550-All-Security-0.0.1-3-16689.pkg
RaQ550-All-Security-0.0.1-16687.pkg
RaQ550-All-Security-0.0.1-16644.pkg
RaQ550-All-Security-0.0.1-16622.pkg
RaQ550-All-Security-0.0.1-16343.pkg

Pre-Requisites:
None.

Reboot Required: Yes

MD5 Check Sum:8a1948d6b2b0096d5a1ea577fc9c5ccf

The md5sums listed below are for the unzipped ISO image files and not for the .gz files

RaQ550 End-of-Life System Update

This is the EOL update for the RaQ550 appliance server. The update fixes multiple system bugs.

Pre-Requisites:
None.

Reboot Required: Yes

MD5 Check Sum:c8973bae1bcba4f1d0a0b20c9e789cfb

Pine Security Update 0.0.1

This patch fixes security vulnerabilities in Pine.

Pre-Requisites:
None.

Reboot Required: No

MD5 Check Sum: 04be09d00e3a0fa7bd0df98c1d8c5321

Kernel 2.4.19C13_V Security Update 0.0.1

This kernel update addresses a do_mremap VMA security vulnerability.

Pre-Requisites:
None.

Reboot Required: Yes

MD5 Check Sum: 358e83da577d3f4c27e53ab321d3bdbf

Mutt Security Update 0.0.1

This update fixes security vulnerabilities with mutt.

Pre-Requisites:
None.

Reboot Required: No

MD5 Check Sum: bfc8b9df402d803e60c681a63d418f2a

ProFTPD Security Update 0.0.1

This update addresses a buffer overflow vulnerability with ProFTPD.

Pre-Requisites:
RaQ550-All-Security-0.0.1-15823.pkg

Reboot Required: No

MD5 Check Sum: 71ed2e4612e8970cebba2fe8f13f5b67

Kernel C12 Security Update 1.0.1

This kernel update addresses two security vulnerabilities, do_mremap and do_brk().

Pre-Requisites:
None.

Reboot Required: Yes

MD5 Check Sum: 628f9e06b3c406338120fb7a118a0e46

Fileutils Security Update 0.0.1

This updates address a remote denial of services vulnerability in the ls program, a utility that is part of the fileutils package.

Pre-Requisites:
None.

Reboot Required: No

MD5 Check Sum: eeccf88fae9dbe779af434450272546a

GnuPG Security Update 0.0.1

This package fixes a GnuPG vulnerability.

Pre-Requisites:
None.

Reboot Required: No

MD5 Check Sum: b944dbda27b8eaa9e0b86401a8b865dd

Iptables Security Update 0.0.1

This package fixes a security vulnerability in iptables.

Pre-Requisites:
None.

Reboot Required: No

MD5 Check Sum: 0ace54330d18e4f14674b82a2edebb94

PostgreSQL Security Update 0.0.1

This update addresses a vulnerability in PostgreSQL where attackers could execute arbitrary code through a buffer overflow.

For more information, see: CAN-2003-0901

Pre-Requisites:
RaQ550-All-Security-0.0.1-15959.pkg

Reboot Required: No

MD5 Check Sum: e36b451137fd11676405b31888c99408

Slocate Security Update 0.0.1

This update addresses a vulnerability in slocate where the heap management structures could be corrupted possibly lead to an attacker gaining slocate group privileges.
for more information, see: CAN-2003-0848

Reboot Required: No

MD5 Check Sum: 1a10992e0395ea38563408c73ce9bb50

Tcpdump Security Update 0.0.1

This update adresses a vulnerability in tcpdump, where the privileges were not dropped corrextly at startup time. for more information, see: CAN-2003-0194

Pre-Requisites:
RaQ550-All-Security-0.0.2-14559.pkg

Reboot Required: No

MD5 Check Sum: bff691511c6ee4af3caaf26cb1a8f07c

ProFTPD Security Update 0.0.2

This update addresses a buffer overflow discovered in ProFTPD, that could allow an attacker capable of uploading a file to the vilnerable system, to execute arbitrary code. For more information, see http://xforce.iss.net/xforce/alerts/id/154

Pre-Requisites:
RaQ550-All-Security-0.0.1-15823.pkg

Reboot Required: No

MD5 Check Sum: 03a65e733f72f9df5a1242b29e07af4c

RAID Sync update 0.0.1

This update addresses a problem with the RAID subsystem when the two drives do not present the same geometry. Some replacement drives do not have the same geometry as the original drives, and when mismatched, the script that controls the synchronization of the RAID array did not use the correct values for each of the drives.

Reboot Required: Yes

MD5 Check Sum: 38458833ee036ca0ed9e9ad7c8d419fa

NFS-Utils Security Update 0.0.1

This update addresses a buffer overflow in nfs-utils that could be exploited by an attacker, causing a remote Denial of Service.
For more information, see CAN-2003-0252

Reboot Required: No

MD5 Check Sum: 30cf0456d9a58e7277775a6d16d03529

MySQL Security Update 0.0.1

The MySQL database server was vulnerable to buffer overflow in get_salt_from_password that could allow attackers with ALTER TABLE privileges to execute arbitrary code.
For more information, see CAN-2003-0780

Pre-Requisites:
RaQ550-All-Security-0.0.1-16488.pkg

Reboot Required: Yes

MD5 Check Sum: 0c47ac33538d99b25ba0c287d7b22596

UI Security update 0.0.1

This update addresses a problem with the User Interface where users logged in were allowed to view privileged information.

Reboot Required: No

MD5 Check Sum: db44729998e88f38bdebd96dbd8587f9

OpenSSH Security Update 0.0.1

This update addresses a vulnerability in OpenSSH. A "buffer management error" in buffer_append_space of buffer.c has been fixed. For more info see: CAN-2003-0693

Pre-Requisites:
RaQ550-All-Security-0.0.1-15674.pkg

Reboot Required: No

MD5 Check Sum: 17ca7d24b809d046fe6bc260f77bd2ca

Kernel C10 Update 0.0.1

This kernel update addresses various security issues found in the Linux Kernel.

• /proc/tty/driver/serial reveals the exact character counts for serial links. This could be used by a local attacker to infer password lengths and inter-keystroke timings during password entry. CAN-2003-0461
• File read race condition existing in the execve() system call, which could cause a local crash. CAN-2003-0462
• The /proc filesystem in Linux allows local users to obtain sensitive information by opening various entries in /proc/self before executing a setuid program. This causes the program to fail to change the ownership and permissions of already opened entries. CAN-2003-0501
• The execve system call in Linux 2.4.x records the file descriptor of the executable process in the file table of the calling process, allowing local users to gain read access to restricted file descriptors. CAN-2003-0476
• The STP protocol is known to have no security, which could allow attackers to alter the bridge topology. STP is now turned off by default. CAN-2003-0550
• STP input processing was lax in its length checking, which could lead to a denial of service. CAN-2003-0551
• The Forwarding table could be spoofed by sending forged packets with bogus source addresses the same as the local host. CAN-2003-0552
• Integer signedness error in the decode_fh function of nfs3xdr.c in Linux kernel before 2.4.21 allows remote attackers to cause a denial of service (kernel panic) via a negative size value within XDR data of an NFSv3 procedure call. CAN-2003-0619
• fix a possible NULL pointer reference in include/linux/sched.h:is_dumpable()

Pre-Requisites:
RaQ550-All-Kernel-0.0.1-2.4.19C9_V-1.pkg

Reboot Required: Yes

MD5 Check Sum: 05aa0854a27e5b7c87113c8a0b2ab286

Imap Clients Security Update 0.0.1

This update addresses multiple buffer overflow vulnerabilities discovered in various IMAP clients (Pine, Mutt, Imap).

Pre-Requisites:
RaQ550-All-Security-0.0.1-14936.pkg
RaQ550-All-Security-0.0.1-16306.pkg

Reboot Required: No

MD5 Check Sum: eea49168183114490007e6a2c7635569

Reboot Required: No

MD5 Check Sum: 5672074dd2ce9236ab3d3bc5f15266a7

BIND Security Update 0.0.1

This update addresses multiple vulnerabilities discovered in the Berkeley Internet Name Domain Server (BIND).

• BIND SIG Cached RR Overflow Vulnerability: CAN-2002-1219
• BIND OPT DoS: CAN-2002-1220
• BIND SIG Expiry Time DoS: CAN-2002-1221

Pre-Requisites:
RaQ550-All-Security-0.0.1-1-15278.pkg

Reboot Required: No

MD5 Check Sum: 0321cfd77a8e51614ed467a0ecfe8884

Unzip Security Update 0.0.1

Updated unzip packages resolve a vulnerability allowing arbitrary files to be overwritten. The original patch to fix this issue (16170) missed a case where the path component included a quoted slash. These updated packages contain a new patch that corrects this issue.

for more information, see: CAN-2003-0282

Reboot Required: No

MD5 Check Sum: 0be4d0e69d25477d8955267bf1879dd3

Kernel C9 Update 0.0.1

This update contains fixes for the ioperm and nethash vulnerabilities backported from 2.4.21-pre3 and 2.4.21-rc4 to the cobalt linux-2.4 tree. It also contains an updated XFS filesystem snapshot for the 2.4.19 kernel. This bug consistently caused filesystems (mainly "/" on alpine) to be not be unmounted cleanly, hence a raid resync was always triggered on reboot. In addition, a fix is included for an issue that the previous ptrace errata kernel created where /proc//cmdline was empty for most processes. This latest revision includes fixes for CAN-2003-0247 and CAN-2003-0248 as well. These involved vulverabilities in the TTY layer and mxcsr code, respectively.

Pre-Requisites:
None.

Reboot Required: Yes

MD5 Check Sum: ff25f3be6b94cef4c99289abd53b0416

Zlib Security Update 0.0.1

This update addresses a buffer overflow vulnerability in the gzprintf function of the zlib compression package.

For more information, see CAN-2003-0107

Reboot Required: No

MD5 Check Sum: 78f13a1fb7e39902896010fe51648a17

Glibc Security Update 0.0.3

This update addresses a security vulnerability in the glibc resolver. For more information, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1146

Version 0.0.2 of this update fixes a problem with the MySQL server not working correctly with version 0.0.1
Version 0.0.3 fixes a problem with the Vim editor not working correctly.

Reboot Required: Yes

MD5 Check Sum: d3d42a1bd0ff62eb4075bc919da2c2f6

Mailing List Max Size Update 0.0.1

When setting the maximum message length for a mailing list to 10MB, the limit was incorrectly set to 1MB.

Reboot Required: No

MD5 Check Sum: 2094e8dbfcf82f41148723847e900290

MySQL Security Update 0.0.1 16488

This update addresses vulnerabilities found in the MySQL database server.

• Double-free vulnerability in mysqld: CAN-2003-0073
• World-writable files could allows mysql users to gain root privileges: CAN-2003-0150

The previous MySQL update (16356) caused the MySQL daemon to be started by default. This new update restores the factory default to have MySQL not started automatically at startup. Administrators who need to have MySQL on will need to enable it manually.

Pre-Requisites:
RaQ550-All-Security-0.0.1-16356.pkg

Reboot Required: Yes

MD5 Check Sum: 0b58bcc739edab6f842fcda82e3ba353

OpenSSH Security Update 0.0.1

This update addresses a security vulnerability in OpenSSH.
Update 15674 contained a configuration workaround for this problem. The new version of OpenSSH contains the correct fix for this vulnerability.

Pre-Requisites:
RaQ550-All-Security-0.0.1-15674.pkg

Reboot Required: No

MD5 Check Sum: 3a2af57acef747ab198873335faaf5cf

Vim Security Update 0.0.1

This update addresses a vulnerability found in the Vim editor, that could allow attackers to execute arbitrary commands using the libcall feature in modelines. For more information, see CAN-2002-1377

Reboot Required: No

MD5 Check Sum: c64f309a50562a39d2efce445dfea669

Qpopper Security Update 0.0.1

This update addresses a buffer overflow vulnerability found in Qpopper.
For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0143

Reboot Required: No

MD5 Check Sum: d21948257069bb7518c757b40d04711d

Wget Security Update 0.0.1

This update addresses a directory traversal vulnerability in wget.
For more information see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1344

Reboot Required: No

MD5 Check Sum: 988c2cc401e790abf3dd58f64b92ff4b

Pine & File Security Update 0.0.1

This update addresses vulnerabilities found in the pine mail program and the file program.

Pine was vulnerable to a remote denial of service. For more information, see http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1320

File was vulnerable to a local buffer overflow. For more information, see http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0102

Reboot Required: No

MD5 Check Sum: d441eb952c38b5b68317cabea24086ad

Virtual Site change 0.0.2

Changing the domain name, host name, or ip address of an existing vsite did not preserve the vsite's web capabilities. This left the ui (cce) and the actual system configuration out-of-sync. Version 0.0.2 now includes the Japanese locale that was left out in 0.0.1

Reboot Required: Yes

MD5 Check Sum: c66ab9ec939b51b556b6328694aabfbb

Sendmail Security Update 0.0.1

This patch updates the Sendmail program on your server to address a buffer overflow vulnerability. See http://www.cert.org/advisories/CA-2003-12.html for more information.

Pre-Requisites:
RaQ550-All-Security-0.0.1-16402.pkg

Reboot Required: No

MD5 Check Sum: db3ea4ec5427b49d4eb4558610459ce8

Tmpwatch Update 0.0.1

The /home/tmp directory was not tracked by tmpwatch. This could lead to filling up the /home partition. This update adds the /home/tmp directory to tmpwatch.

Reboot Required: No

MD5 Check Sum: 42056205317b5a19811a14a3ddbb31dd

MySQL Security Update 0.0.1

This patch addresses multiple vulnerabilities found in the MySQL database installed on your appliance. The vulnerabilities are:

• CAN-2002-1373 : Signed integer vulnerability in the COM_TABLE_DUMP package
• CAN-2002-1374 : Password vulnerability in the COM_CHANGE_USER command
• CAN-2002-1375 : Remote code execution in the COM_CHANGE_USER command
• CAN-2002-1376 : Denial of Service in libmysqlclient client library

Reboot Required: Yes

MD5 Check Sum: bffd4cd6500daece0e7969c26d971bce

Sendmail Security Update 0.0.1

This patch updates the Sendmail program on your server to address a remote buffer overflow vulnerability. See http://www.cert.org/advisories/CA-2003-07.html for more information.

Reboot Required: No

MD5 Check Sum: 0298e41737894be4a113e6fb5b525319

PHP & PostgreSQL Security Update 0.0.1

This package addresses several issues with PHP and postgresql. Two PHP bugs have been fixed; the first is arbitrary command execution via the 5th parameter of mail() and the second is URL redirection using fopen(). In Postgresql, multiple buffer overruns have been recently identified and patched. In addition, Postgresql debugging is now disabled by default.

Reboot Required: Yes

MD5 Check Sum: 0877ace55bfabb084ba3f45f76c2829b

Root DNS server update 0.0.1

The IP address of one of the root DNS servers (J.ROOT-SERVERS.NET) has been changed. This patch updates the list of root DNS servers on your appliance.

Reboot Required: No

MD5 Check Sum: 9b3a251b1b8fda002e363890054f9d96

Tar & Unzip Security update 0.0.1

The unzip and tar utilities contain vulnerabilities which can allow arbitrary files to be overwritten during archive extraction. See http://www.securityfocus.com/archive/1/196445 for more information.

Reboot Required: No

MD5 Check Sum: fccf5ea1d3cf3d24ee33a0f71333d2d3

Qpopper Update 0.0.1

This fixes a qpopper buffer limitation with users having usernames 12 characters long and home directory hashes three digits long failing to pop email.

Reboot Required: No

MD5 Check Sum: 5027a086aca93f5ac5e94f9e6842590a

Proftpd Security Update

This patch fixes an upload file permission issue in proftpd. It also adds an extra security measure by preventing some default system accounts from logging in via ftp

Reboot Required: No

MD5 Check Sum: ddc0020c77cd92442503079d8ff39f36

Cgiwrap Security update 0.0.1

This package addresses a cross-site scripting vulnerablity with cgiwrap when used with browsers that ignore input before the HTML and BODY tags.

Reboot Required: No

MD5 Check Sum: a534286801444e1e2b106d8828531831

Frontpage Update 0.0.3

This update enhances FrontPage Server Extensions functionality. SSL browsing and publishing capabilities are added and user web issues are resolved.

MD5 Check Sum: 4650735b991815cd5624f6dcb0def783

Reboot Required: No

Util-linux Update 1.0.1

The chfn binary from the util-linux package could be used to gain unauthorized access.

MD5 Check Sum: d185107cf164619c5f31a039591e3aef

Reboot Required: No

SSH Security Update

This update addresses a security issue with logins via ssh for users who are not granted permission to login to the system.

MD5 Check Sum: 7fc1421c2325a20ef8106adc78442fb0

Reboot Required: No

Apache & SSL Update 0.0.1

This patch fixes multiple security issues with the Apache HTTP Server and OpenSSL. For more information please see:
http://online.securityfocus.com/advisories/4254
http://sunsolve.sun.com/retrieve.do?doc=fsalert%2F45509&zone_32=category%3Asecurity

MD5 Check Sum: 36da5cd249ce0da4d205f75c33b6188d

Reboot Required: Yes

CCE Security Update 0.0.1

This package patches a security issue with the Cobalt Configuration Engine (CCE).

MD5 Check Sum: 99c1ae683309e42c701dd515f10a098a

Reboot Required: Yes

IMAP Update 0.0.1

This patch addresses a remote buffer overflow vulnerability found in the Imap server.

For more information, please see http://online.securityfocus.com/bid/4713

MD5 Check Sum: 6c789672baabaca14656f3a92d2f026d

Reboot Required: No

TCPDump Update 0.0.2

This patch replaces the TCPDUMP network analysis tool with a new version. This version of TCPDUMP contains security fixes for issues that were found in prior releases of TCPDUMP for the Sun Cobalt Server Appliance.

MD5 Check Sum: 2cb1f1564290c80fff0b0363be7f5c86

Reboot Required: No

Security Bundle 0.0.1

This patch addresses the following issues:

• DoS vulnerability in ISC bind 9. Upgraded to 9.2.1 (CERT Advisory CA-2002-15)
• Apache web server chunked encoding vulnerability. http://online.securityfocus.com/archive/1/277268/2002-06-14/2002-06-20/0>
• Mailling list collision issues.

MD5 Check Sum: b377176b16154a4b046ba1cda4c68e73

Reboot Required: Yes

Secutiy Update 0.0.1

This patch addresses a potential root exploit and its installation is strongly encouraged.

MD5 Check Sum: 32fdd12d9812c29ac907fc01b1bb8bfc

Reboot Required: No