[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[linux-security] new rpm packages released

To: linux-security
Subject: [linux-security] new rpm packages released
From: Martin Siegert <siegert@sfu.ca>
Date: Tue, 17 Apr 2001 13:27:23 -0700
User-Agent: Mutt/1.2.5i

Topic
=====
The following applies to RedHat only.

This is not a security advisory. However, you may not be able to install
future security upgrades, if you choose not to upgrade your rpm packages.

A common version of rpm for all Red Hat distributions is being released.
This version of rpm understands legacy version 3 packaging used in Red
Hat 6.x distributions as well as version 4 packaging used in Red Hat
7.x.
In addition, rpm-4.0.2 has support for both the legacy db1 format used in
Red Hat 6.x databases as well as support for the db3 format database
used in Red Hat 7.x 

Problem description
===================
There are several potential problems with this upgrade:

1) Red Hat 6.x users will need to install the db3 packages first:
rpm -Uvh db3-3.1.17-4.6x.i386.rpm \
         db3-devel-3.1.17-4.6x.i386.rpm \
         db3-utils-3.1.17-4.6x.i386.rpm

You also should upgrade your ucd-snmp packages:
rpm -Fvh ucd-snmp-4.1.1-3.i386.rpm \
         ucd-snmp-devel-4.1.1-3.i386.rpm \
         ucd-snmp-utils-4.1.1-3.i386.rpm

and the gnorpm package:
rpm -Fvh gnorpm-0.95.1-6.6x.i386.rpm

2) Red Hat 6.x users should convert from db1 to db3 format databases at
your earliest convience. This can be done by running, as root, the
command
rpm --rebuilddb
Support for legacy db1 format rpm databases will be removed in the next
release of rpm.

3) RedHat also released new versions of the following packages for 7.0.
It is not clear from the advisory, whether it is required to upgrade
these packages in order to install the new rpm packages. It seems to be
advisable to upgrade anyway:
rpm -Fvh db3-3.1.17-5.i386.rpm \
         db3-devel-3.1.17-5.i386.rpm \
         db3-utils-3.1.17-5.i386.rpm \
         gnorpm-0.95.1-6.7x.i386.rpm

4) All platforms: If you chose to install rpm-4.0.2, and then go back to a
previous version of rpm, then you will experience segfaults due to an
incompatible change in headers in the database. The problem is in
legacy versions of rpm going back to rpm-3.0, and is both caused and
fixed by rpm-4.0.2. This incompatibility also applies to any/all
applications that are statically linked against rpm libraries which
should either be upgraded or recompiled to use rpm-4.0.2 libraries.
Applications that use shared libraries should not be affected by this
problem.

5) All platforms: rpm-4.0.2 will fail to install if you have both db1 and
db3 rpm databases in /var/lib/rpm. If the packages do not install,
please check the directory /var/lib/rpm for the files "packages.rpm"
(the db1 format headers) and "Packages" (the db3 format headers)
and rename/remove the older or smaller of the two files in order to 
upgrade. 

Upgrade Information
===================

RedHat 6.x
----------
rpm -Fvh rpm-4.0.2-6x.i386.rpm \
         rpm-devel-4.0.2-6x.i386.rpm \
         rpm-build-4.0.2-6x.i386.rpm \
         rpm-python-4.0.2-6x.i386.rpm \
         popt-1.6.2-6x.i386.rpm

RedHat 7.0
----------
rpm -Fvh rpm-4.0.2-7x.i386.rpm \
         rpm-devel-4.0.2-7x.i386.rpm \
         rpm-build-4.0.2-7x.i386.rpm \
         rpm-python-4.0.2-7x.i386.rpm \
         popt-1.6.2-7x.i386.rpm

Prev by Date: Re: [linux-security] local root exploit in Linux kernel (redhat, debian)
Next by Date: [linux-security] RH 6.2 distribution on sphinx
Prev by thread: [linux-security] RH 6.2 distribution on sphinx
Next by thread: [linux-security] ALERT: remote root exploit in ntpd
Index(es):
- Date
- Thread