[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] glibc update & other patches
- Subject: Re: [cobalt-security] glibc update & other patches
- From: Tom Worley <raq@xxxxxxxxxxxx>
- Date: Wed, 26 Jun 2002 21:06:58 +0100
- Organization: Worley Web Solutions
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
On Wednesday 26 June 2002 8:32 pm, Barbara wrote:
> I've patched my RaQ3 with all the available
> updates/patches to that point of glibc (actually I
> skipped the DNS Update 4.0.1 as well because I'm using
> the secure BIND from UK2). But I've held off on
UK2?
Do you mean Rupert Perry's chrooted bind package that was mentioned on the
uk2raq mailing list?
> installing the glibc pkg because I know it's caused
> some users problems with memory issues. I'm not
> running mySQL or PHP on my systems, just a plain old
> RaQ3, but I'm growing concerned over how to proceed
> regarding the patches that have followed glibc.
> Particalrly, if by skipping the glibc patch, will the
> other patches/updates encounter problems. I know
> Cobalt is planing on releasing new Apache updates on
> Friday, and I figured I'd put my nose to the grind
> stone and install the previous updates on Friday;
> Duplicate Email Alias 4.0.1
> Update: Security Bundle 4.0.1
> Then on Sat (if no problems creep in), I was going to
> go for the Apache update. But I'm a little worried
> about possible problems with any of these updates if I
> skip the glibc pkg and/or other issues that I might
> encounter by not including that one. I'm just not real
> excited about some of the things I heard about issues
> surrounding that patch (systems needing rebooted every
> xx hours and such), so I figured I'd skip it.. Does
> anyone see any potential problems with my proposed
> upgrade path by leaving out the glibc pkg.
I personally have installed the glibc pkg on 35 raqs without any problems. The
one thing I make sure I do, however, is NOT reboot through the gui. In fact,
I never install the pkgs through the gui either.
I wget the pkgs first, e.g.
wget -c ftp://ftp.cobalt.sun.com/bleh.pkg
then install them on the command line too:
/usr/local/sbin/cobalt_upgrade bleh.pkg
Once that is done (make sure you do them in order, going up the page)
And the important bit, don't reboot using the gui, try:
/sbin/shutdown -rf now
That will start a reboot (not shutdown), and skip the e2fsck disk checks that
can so often cause problems (because more serious problems can cause e2fsck
to need a root password to log in and that's not fun on a remotely admined
machine, but if you have access to the machine, then it's not a problem, just
need a serial cable and a terminal program...)
I personally don't reboot until all the updates are done, and haven't had
problems doing this even with a big list of updates, but probably not a good
thing to do. The other advantage to doing it on the command line is that it's
somewhat more verbose, so you can see what is going on and if a package
fails, why (with more info than the gui gives you).
HTH.
--
Regards,
Tom Worley, Worley Web Solutions
RaQ Maintenance http://worleyweb.net
RaQ server help: http://uk2raq.com
RaQ backup: http://uk2raq.com/backup.php
TA2 game: http://totalannihilation2.com
Flying Linux in space: http://projectmist.org