Reboot Required: Yes

MD5 Check Sum: 495806adf781ec9ed0024424cd61c7ba

Apache Security Update 2.0.1

This update fixes security vulnerabilities with Apache.

Pre-Requisites:
None.

Reboot Required: Yes

MD5 Checksum: 36a1b2b571a5b3b0bb94359858492ad4

Mutt Security Update 2.0.1

This update fixes security vulnerabilities with mutt.

Pre-Requisites:
None.

Reboot Required: No

MD5 Check Sum: 4a1b391bc789cd469fbcb20f1fe2eb55

ProFTPD Security Update 2.0.1

This update addresses a buffer overflow vulnerability with ProFTPD.

Pre-Requisites:
RaQ4-All-Security-2.0.1-15823.pkg

Reboot Required: No

MD5 Check Sum: d47fcf99b19603d5096a18e63d3f5c72

Pine Security Update 2.0.1

This patch fixes security vulnerabilities in Pine.

Pre-Requisites:
None.

Reboot Required: No

MD5 Check Sum: 5173af407a7acffbd47d300d48279266

Fileutils Security Update 2.0.1

This updates address a remote denial of services vulnerability in the ls program, a utility that is part of the fileutils package.

Pre-Requisites:
None.

Reboot Required: No

MD5 Check Sum: 0160b0e292073272a0062e3ed64c8e1d

Rsync Security Update 2.0.1

This update addresses a heap overflow vulnerability in rsync, is a program for sychronizing files over the network.

Pre-Requisites:
None.

Reboot Required: No

MD5 Check Sum: 982e0aee16bfef2c7bf6941fd82a2134

BIND Security Update 2.0.1

This update addresses a vulnerability in BIND, that could allow an attacker to conduct cache poisoning attacks on the name servers by convincing the servers to retain invalid negative responses.

For more information, see: CAN-2003-0914

Pre-Requisites:
RaQ4-All-Security-2.0.1-16311.pkg

Reboot Required: No

MD5 Check Sum: 3ccc453abf220577299a29602147e8aa

Slocate Security Update 2.0.1

This update addresses a vulnerability in slocate where the heap management structures could be corrupted possibly lead to an attacker gaining slocate group privileges.
for more information, see: CAN-2003-0848

Reboot Required: No

MD5 Check Sum: 7da97b57a3e721a506f95159337dc18e

Tcpdump Security Update 2.0.1

This update adresses a vulnerability in tcpdump, where the privileges were not dropped corrextly at startup time. for more information, see: CAN-2003-0194

Pre-Requisites:
RaQ4-All-Security-2.0.1-14559.pkg

Reboot Required: No

MD5 Check Sum: 68c07c7d46673e2505ce769192557061

Bash Security Update 2.0.1

This update addresses a vulnerability in the bash shell. Temporary files were created with insecure permissions, which could allow an attacker to launch a symlink attack to overwrite arbitrary files.
For more information, see: CAN-2000-1134

Reboot Required: No

MD5 Check Sum: 637eeb5554fd973769ca9c2904a24b8a

Sendmail Security Update 2.0.2

This update addresses two vulnerabilities in Sendmail.

• The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks. See: CAN-2003-0694
• A potential buffer overflow in ruleset parsing. See: CAN-2003-0681

Version 2.0.1 ofthe patch did not preserve the configuration file correctly. This updated version (2.0.2) addresses this problem.

Pre-Requisites:
RaQ4-All-Security-2.0.1-16429.pkg

Reboot Required: No

MD5 Check Sum: bbe4af96f826c3476286fdd48ae3497f

NFS-Utils Security Update 2.0.1

This update addresses a buffer overflow in nfs-utils that could be exploited by an attacker, causing a remote Denial of Service.
For more information, see CAN-2003-0252

Reboot Required: No

MD5 Check Sum: 3afb09c7032e5fcd94e5ee291c328d43

Imap Clients Security Update 2.0.1

This update addresses multiple buffer overflow vulnerabilities discovered in various IMAP clients (Pine, Mutt, Imap).

Pre-Requisites:
RaQ4-All-Security-2.0.2-14936.pkg
RaQ4-All-Security-2.0.1-16306.pkg

Reboot Required: No

MD5 Check Sum: 8e61a1e9a313f87d269ceae03f33104d

BIND Security Update 2.0.1

This update addresses multiple vulnerabilities discovered in the Berkeley Internet Name Domain Server (BIND).

• BIND SIG Cached RR Overflow Vulnerability: CAN-2002-1219
• BIND OPT DoS: CAN-2002-1220
• BIND SIG Expiry Time DoS: CAN-2002-1221

Reboot Required: No

MD5 Check Sum: c26bbca1ac66a5b759b65afc4c783c31

Unzip Security Update 2.0.1

Updated unzip packages resolve a vulnerability allowing arbitrary files to be overwritten. The original patch to fix this issue (16170) missed a case where the path component included a quoted slash. These updated packages contain a new patch that corrects this issue.

for more information, see: CAN-2003-0282

Reboot Required: No

MD5 Check Sum: 0768c2e8ebbbc2997026eac6cf15d989

Zlib Security Update 2.0.2

This update addresses a buffer overflow vulnerability in the gzprintf function of the zlib compression package.

For more information, see CAN-2003-0107

Version 2 corrects dependency on update 13323

Pre-Requisites:
RaQ4-All-Security-2.0.1-13323.pkg

Reboot Required: No

MD5 Check Sum: 0d06c35dd17e60482ac87297bbdc2ef9

Maximum Disk Space Update 2.0.1

This update addresses a problem when setting the maximum disk space for a virtual site to a value divisible by 10.

Reboot Required: No

MD5 Check Sum: 1cf0bfa6f15770a69b63ecf9a387eb6a

Kernel Update C37 2.0.1

This updated kernel fixes a vulnerability in ptrace that could allow local users to obtain full privileges. Remote exploitation of this hole is not possible. For more information see: CAN-2003-0127

This kernel also fixes a problem with the I2C driver where the locks were not IRQ safe. This could cause problems including the system reporting false fan failures, repeated raid syncs, and random reboots.

Reboot Required: Yes

MD5 Check Sum: a5b1f97c372cb5b517558e141792e3d9

Vim Security Update 2.0.1

This update addresses a vulnerability found in the Vim editor, that could allow attackers to execute arbitrary commands using the libcall feature in modelines. For more information, see CAN-2002-1377

Reboot Required: No

MD5 Check Sum: 8b0f0b92200cff373028a338dca568e8

Qpopper Security Update 2.0.1

This update addresses a buffer overflow vulnerability found in Qpopper.
For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0143

Reboot Required: No

MD5 Check Sum: 46730b7b3beb48f2ece82730142fd486

Wget Security Update 2.0.1

This update addresses a directory traversal vulnerability in wget.
For more information see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1344

Reboot Required: No

MD5 Check Sum: a010a4c05392cc1486ca0f2d7dfa4125

Pine & File Security Update 2.0.1

This update addresses vulnerabilities found in the pine mail program and the file program.

Pine was vulnerable to a remote denial of service. For more information, see http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1320

File was vulnerable to a local buffer overflow. For more information, see http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0102

Reboot Required: No

MD5 Check Sum: 2e13e4520140d9bd3ef7e0a1e1d1f9c0

Glibc Security Update 2.0.1

This update addresses a security vulnerability in the glibc resolver. For more information, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1146

Reboot Required: Yes

MD5 Check Sum: cbcbb45e653b62c9005e7de2347c2173

Sendmail Security Update 2.0.1

This patch updates the Sendmail program on your server to address a buffer overflow vulnerability. See http://www.cert.org/advisories/CA-2003-12.html for more information.

Pre-Requisites:
RaQ4-All-Security-2.0.1-16402.pkg

Reboot Required: No

MD5 Check Sum: 911dd676681b050a6c17e5733c79fb45

Kernel Update 2.0.1 C35

This patch will update your kernel to version 2.2.16-C35. This kernel addresses a RAID issue on the RaQ4 where synchronization of a RAID array could take a long time.

Reboot Required: Yes

MD5 Check Sum: e778ebe202cca27540d2cf28cb3ca1c8

Sendmail Security Update 2.0.1

This patch updates the Sendmail program on your server to address a remote buffer overflow vulnerability. See http://www.cert.org/advisories/CA-2003-07.html for more information.

Reboot Required: No

MD5 Check Sum: 8d01bb169854393f6547d2718f8f7f56

PHP & PostgreSQL Security Update 2.0.1

This package addresses several issues with PHP and postgresql. Two PHP bugs have been fixed; the first is arbitrary command execution via the 5th parameter of mail() and the second is URL redirection using fopen(). In Postgresql, multiple buffer overruns have been recently identified and patched. In addition, Postgresql debugging is now disabled by default.

Reboot Required: Yes

MD5 Check Sum: f4798e1d90d332e23855dd5161ad5496

Root DNS server update 2.0.1

The IP address of one of the root DNS servers (J.ROOT-SERVERS.NET) has been changed. This patch updates the list of root DNS servers on your appliance.

Reboot Required: No

MD5 Check Sum: f4216e305ee5341a6e6d043667c024a1

Tar & Unzip Security update 2.0.1

The unzip and tar utilities contain vulnerabilities which can allow arbitrary files to be overwritten during archive extraction. See http://www.securityfocus.com/archive/1/196445 for more information.

Reboot Required: No

MD5 Check Sum: b00b98f358c6bfdd239a188938e930d9

Cgiwrap Update 2.0.1

This package addresses a cross-site scripting vulnerablity with cgiwrap when used with browsers that ignore input before the HTML and BODY tags.

Reboot Required: No

MD5 Check Sum: 04c0e33304a3225498ac7667ff8b4a55

Proftpd Security Update 2.0.1

This patch fixes an upload file permission issue in proftpd. It also adds an extra security measure by preventing some default system accounts from logging in via ftp

Reboot Required: No

MD5 Check Sum: 72542c19fca67a688f88ef9f017ffbd0

Util-linux Update 2.0.1

The chfn binary from the util-linux package could be used to gain unauthorized access.

Reboot Required: No

MD5 Check Sum: 901504d66b3a9d5500dea101765bebce

Kernel Update 2.0.1 C33

Kernel C33 fixes the "do_try_to_free_pages failed" VM problem under heavy load and also adds support for raw I/O.

Reboot Required: Yes

MD5 Check Sum: 0ea53b2ef29a724c16111c32b167ef17

SHP Removal 2.0.1

This patch removes the SHP package. Customers who installed SHP are advised to install this patch to remove a serious vulnerability issue. For more information please see:
http://sunsolve.Sun.COM/retrieve.do?doc=fsalert/49377

Reboot Required: Yes

MD5 Check Sum: ca100017bc957075ba6b142f337ef0a4

IMAP Update 2.0.2

This patch fixes a Remote Buffer Overflow in imapd.

Reboot Required: No

MD5 Check Sum: 7e28442e0a713afd91fbe5dadad920ab

Apache & SSL Update 2.0.1

This patch fixes multiple security issues with the Apache HTTP Server and OpenSSL. For more information please see:
http://online.securityfocus.com/advisories/4254
http://sunsolve.sun.com/retrieve.do?doc=fsalert%2F45509&zone_32=category%3Asecurity

Reboot Required: Yes

MD5 Check Sum: 38264ad4dfcf3f16101385a6ad139178

CGIWrap Update 2.0.1

This package contains an updated CGIWrap that addresses a security issue recently discovered. For more information, please see: http://online.securityfocus.com/bid/3084

Reboot Required: No

MD5 Check Sum: 579057707156df964a2e3dbf9f1f18d3

TCPDUMP Update 2.0.1

This patch replaces the TCPDUMP network analysis tool with a new version. This version of TCPDUMP contains security fixes for issues that were found in prior releases of TCPDUMP for the Sun Cobalt Server Appliance.

MD5 Check Sum: ed01348f71d8ebdaac8065d444a41269

Reboot Required: No

PHP Service Settings Update 2.0.1

This patch fixes a sync issue between what is shown in the web UI and what the actual state is on the server for the PHP service.

MD5 Check Sum: 9968454952f9e0dc773a624016df2948

Reboot Required: Yes

Security Bundle Update 2.0.1

This package upgrades the following for a varity of security concerns:

• Bind 8.2.3-C4
• Cyrus SASL 1.5.24-C4
• ProFTPd 1.2.4-C2
• urlview 0.7-5
• Mutt 1.2.5i-C2
• Pine 4.44-C1
• zlib 1.1.3-25.7
• binutils 2.11.90.0.8-12c2r4
• CVS 1.11.1p1-6.2.C1r4
• libstdc++ 2.95.3-1c1r4
• GCC 2.95.3-1c1r4
• Sed 3.02-9

MD5 Check Sum: 08285df27e1420ad8193c689ded57b89

Reboot Required: No

Duplicate Email Alias Update 2.0.1

This patch filters email alias entries preventing duplicate virtusertable entries on your server appliance.

MD5 Check Sum: 13151e1c05deb07648056b7f0f1f87c3

Reboot Required: No

PHP Update Update 2.0.1

This patch upgrades the version of the PHP scripting engine on your server appliance. This version of PHP contains security fixes for issues that were found in prior releases of PHP for the Sun Cobalt server appliance.

This Update installs PHP version 4.0.6-C4. If you have upgraded PHP through a means other then packages from this website, your changes will be overwritten.

MD5 Check Sum: e640b63ed855068d7df58c17d82885a2

Reboot Required: No

glibc Update 2.0.1

This updates the version of glibc to fix a known vulnerability with file globbing functionality. See the following link for details: http://online.securityfocus.com/bid/3707

MD5 Check Sum: af333d0ca687404569c996f2746a4cc1

Reboot Required: Yes

Kernel Update 2.0.1

Updates Kernel version to C32 to fix following security alert. http://www.securityfocus.com/advisories/3607 NOTE: This package is for Sun Cobalt RaQ 4 Non-StaQware systems only. If you have Sun Cobalt StaQware running, please install kernel update at http://www.cobalt.com/support/download/staqwareraq4.html

MD5 Check Sum: 7cf79a0da0c91a0de98db51977deb430

Reboot Required: Yes

DNS Update 2.0.1

This package fixes a number of issues within Sun Cobalt's DNS configuration and management interface and it's interactions with the nameserver. Moreover, after this patch, the administrator will have more options in specifying the method of RFC 2317 style reverse subnet delegation.

MD5 Check Sum: b489ef028b80ceeb30bf5db2348923f9

Reboot Required: No

OS Update 2.0

This patch is an update to the Sun Cobalt RaQ 4 server appliance. It incorporates all previous patches as well as various bug fixes. See the following PDF for a complete list of bugs addressed in this update.

Prerequisites:

• RaQ4-en-OSUpdate 1.0
• RaQ4-All-Security-1.0.3-8762 (DOS /tmp attack)
• RaQ4-All-System-1.0.1-9882 (DNS update)
• RaQ4-All-Security-1.0.1-10602 (Apache Update)
• RaQ4-All-Kernel-1.0.1-2.216C28III (Kernel Update)

MD5 Check Sum: bd95b7cf9302cb9b7c335f99863889eb

Reboot Required: Yes

Kernel Update 1.0.1

Kernel C24 and C27 would not allow the system to switch to the correct disk after a RAID failure. To correct this a new modutils has been included for the gen III Kernel so that the bandwidth module could correctly load automatically after a reboot. Also included in the update is the fix for the sysctl negative offset bug as well as the ptrace setuid bug.

MD5 Check Sum: dad1efe8427613aa4830f85068529647

Reboot Required: Yes

Apache Update 1.0.1

This patch upgrades the version of Apache to 1.3.20. This version of Apache contains various security fixes for issues that were found in prior releases of Apache for the Sun Cobalt Server Appliance.

NOTE: Apache 1.3.20 Sun Cobalt Upgrade Overwrites Sun Chili!Soft Apache 1.3.20 Support. If you have upgraded your 3.5.2 version of Sun Chili!Soft ASP to 3.6 AND you installed the Sun Cobalt patch to support Apache 1.3.20, Sun Chili!Soft ASP 3.6 will not work. Contact Sun Chili!Soft Technical Support at chili.tech@sun.com for instructions on how to patch Sun Chili!Soft ASP 3.6 to support Apache 1.3.20.

If you have not upgraded to Sun Chili!Soft ASP 3.6 and want support for Apache 1.3.20, install ALL Sun Cobalt 1.0.1 patches FIRST (including the Apache Update 1.0.1), and then install Sun Chili!Soft ASP 3.6. To download a free copy of 3.6 with Sun Chili!Soft SpicePack, go to http://www.chilisoft.com/chiliasp/cobalt.asp

MD5 Check Sum: 3b04eebff0e9f12a18415130079b0a72

Reverse Delegation Update 1.0.1

This patch fixes reverse delegations for subnets smaller than a /24. It also adds the ability to have 127.0.0.1 map to the localhost for a domain, and ensures that information relating to Secondary Name Services for networks appears in the web interface properly.

MD5 Check Sum: 325b2c69db79ef4c2c36e25c13bb8301

DoS Attack Update 1.0.2

This security update prevents a DoS attack by corrupting htpasswd and passwd when a site administrator adds a new user to the system and the "/tmp" directory or the "/" (root) directory is full.

OS Update 1.0

Prerequisites:

• Point release RaQ4-All-System-0.0.1-7657.pkg (Frontpage Fixes) and
• Point release RaQ4-All-Security-0.0.1-8061 (glibc update)

• RaQ4-All-Security-0.0.1-8577.pkg
• RaQ4-en-System-0.0.6-6375.pkg
• RaQ4-All-System-0.0.1-8061.pkg
• RaQ4-All-System-0.0.2-7709.pkg
• RaQ4-All-Security-0.0.1-8164.pkg
• RaQ4-All-Security-0.0.1-8148.pkg
• RaQ4-All-Security-0.0.1-8008.pkg
• RaQ4-All-System-0.0.1-7565.pkg
• RaQ4-en-Security-0.0.1-6453.pkg
• RaQ4-All-System-0.0.1-7657.pkg
• RaQ4-All-System-0.0.1-7262.pkg
• RaQ4R-All-System-0.0.1-6618.pkg

• "Web Access by Domain" is now active when activating under control panel.
• Generate report now removes duplicate entries
• Analog could cause web stats not to be generated.

• Active monitor was updated to not be activated if anonymous ftp goes over quota
• Active monitor was updated to correctly signal low disk space. Prior to this, files owned by admin and root could cause Active monitor to not correctly signal low disk space.
• Messages were updated which were sent to users
• Deleted users were not being deleted correctly in active monitor tables.
• Active monitor does not turn red if you have a cd-rom connected

• UPS use to shutdown while configuring as a slave
• 255 can now be added as part of an IP address

• Updated Interbase ODBC driver
• Updated MySQL ODBC driver
• Software now prevents malformed ODBC connections which could cause ASP to not function

• FrontPage was unable to establish a connection when reusing a name of a deleted site
• FrontPage forms can now be configured to sent email to a user
• FrontPage sub web creation now is supported.

• Changes to DNS Server will now update all serial numbers of all zones

• Mail lists are now sorts usernames
• Users are now able to use the 'newconfig' option of majordomo
• Deleting a user did not delete POP lockfile
• Blank lines in "relay field" are now correctly handled.
• Duplicate entries now checked for in email server parameters
• Email to mailing list bounces if message contains majordomo commands
• Vacation mail exploit has been fixed.

• New shell tools have been included
• New version of proftpd is installed
• sysreset is now disabled since it is not supported
• syslog was updated to address security exploits.
• traceroute was updated to address security exploit.
• tmpwatch was updated to address security exploits
• bind was updated to address security exploits

glibc Update 0.0.1

This updates the version of glibc. Prior to this update it was possible for local users to gain root access.

Due to the size of this update, please place this package in /home/packages and install via the 'Loaded' option under the 'Install Software' screen.

FrontPage Update 0.0.1-7657

This update fixes three problems that can occur when using Microsoft FrontPage.

• Using FrontPage form submission displays error and is unable to send email with form information.
• Disabling a FrontPage user web site causes site subweb creation to not work correctly.
• Unable to connect to a virtual site with FrontPage if the site has been deleted and then recreated with same name.

  NOTE: These virtual sites have an inconsistent FrontPage state. This update will fix these inconsistencies and correctly show these sites as being non-FrontPage enabled. The site-administrator needs to re-enable FrontPage for the above sites and give a new webmaster password before any user will be able to connect to this site with FrontPage.