# CLUSTER_README NAME: Solaris 2.6 x86_Recommended Patch Cluster DATE: Sep/15/04 ######################################################################## This patch cluster is intended to provide a selected set of patches for the designated Solaris release level. This is a bundled set of patches conveniently wrapped for one-step installation. Only install this cluster on the appropriate Solaris system. Carefully read all important notes and install instructions provided in this README file before installing the cluster. A cluster grouping does not necessarily imply that additional compatibility testing has occured since the individual patches were released. WARNING!! IT IS HIGHLY RECOMMENDED that the installation of this patch cluster be performed in single-user mode (Run Level S). ######################################################################## CLUSTER DESCRIPTION ------------------- These Solaris Recommended patches are considered the most important and highly recommended patches that avoid the most critical system, user, or security related bugs which have been reported and fixed to date. In most cases a Solaris security patch will be included in the recommended patch set. It is possible, however, that a security patch may not be included in the recommended set if it is determined to be a more obscure application specific issue and not generally applicable. During initial installation of the Solaris product other patches or patch sets may be provided with the product and required with product installation. Refer to the Solaris product installation documentation to be sure that all the patches required at product installation are already installed. This patch cluster can then be used to update or augment the system with the recommended patches included. PATCHES INCLUDED: ----------------- 105553-03 SunOS 5.6_x86: /usr/sbin/rpc.nisd_resolv patch 105182-38 SunOS 5.6_x86: kernel update patch 105380-07 SunOS 5.6_x86: /kernel/misc/nfssrv patch 105408-01 SunOS 5.6_x86: /usr/bin/volrmmount patch 105396-09 SunOS 5.6_x86: /usr/lib/sendmail patch 105563-03 SunOS 5.6_x86: chkey and keylogin patch 105616-09 SunOS 5.6_x86: /usr/lib/nfs/mountd patch 106258-07 SunOS 5.6_x86: /usr/bin/passwd and /usr/lib/libpam.so.1 patch 105639-02 SunOS 5.6_x86: /platform/i86pc/kernel/misc/pdwa patch 105666-04 SunOS 5.6_x86: /usr/bin/login patch 105668-02 SunOS 5.6_x86: /usr/bin/rdist patch 105756-13 SunOS 5.6_x86: libresolv, in.named, named-xfer, nslookup, nstest patch 107734-11 SunOS 5.6_x86: linker patch 105787-13 SunOS 5.6_x86: /kernel/drv/ip dirver patch 106050-05 SunOS 5.6_x86: /usr/sbin/in.telnetd patch 106236-13 SunOS 5.6_x86: lp patch 106302-06 SunOS 5.6_x86: /usr/sbin/in.ftpd patch 106440-14 SunOS 5.6_x86: /usr/sbin/syslogd patch 106449-01 SunOS 5.6_x86: /usr/sbin/ping patch 106041-18 SunOS 5.6_x86: X Input & Output Method patch 106194-06 SunOS 5.6_x86: Patch for Taiwan timezone 106829-01 SunOS 5.6_x86: /usr/bin/date patch 107435-01 CDE 1.2_x86: dtmail patch 105559-04 CDE 1.2_x86: dtpad patch 105670-10 CDE 1.2_x86: libDtSvc Patch 106243-03 CDE 1.2_x86: libDtHelp.so.1 fixes 105838-02 CDE 1.2_x86: dtappgather Patch 106363-02 OpenWindows 3.6_x86: multiple xterm fixes 106223-01 OpenWindows 3.6_x86: filemgr (ff.core) fixes 105285-50 Motif 1.2.7_x86: Runtime library patch 106496-03 SunOS 5.6_x86: truss & truss support library patch 105530-16 SunOS 5.6_x86: /kernel/drv/tcp patch 105723-07 SunOS 5.6_x86: /usr/lib/fs/ufs/ufsdump and ufsrestore patch 105781-05 SunOS 5.6_x86: /kernel/fs/fifofs patch 106124-05 SunOS 5.6_x86: sgml patch 106523-05 SunOS 5.6_x86: /usr/bin/ftp patch 106570-01 SunOS 5.6_x86: libauth.a & libauth.so.1 patch 106593-05 SunOS 5.6_x86: /usr/lib/nfs/statd patch 106835-02 SunOS 5.6_x86: cp/ln/mv patch 107566-03 SunOS 5.6_x86: /usr/sbin/in.tftpd patch 107619-04 SunOS 5.6_x86: vold patch 107759-05 SunOS 5.6_x86: /usr/bin/pax patch 107767-01 SunOS 5.6_x86: ASET cklist reports unchanged 6month older files as new 107775-01 SunOS 5.6_x86: inetd denial-of-service attack 107992-02 SunOS 5.6_x86: /usr/sbin/static/rcp patch 106248-49 OpenWindows 3.6_x86: Xsun patch 106416-04 OpenWindows 3.6_x86: xdm patch 106657-01 OpenWindows 3.6_x86: libce suid/sgid security fix 106658-01 OpenWindows 3.6_x86: libdeskset patch 106659-05 OpenWindows 3.6_x86: mailtool attachment security patch 107338-02 OpenWindows 3.6_x86: kcms_server and kcms_configure security fixes 105339-25 CDE 1.2_x86: dtmail patch 105704-28 CDE 1.2_x86: dtlogin patch 106028-12 CDE 1.2_x86: dtsession patch 106113-06 CDE 1.2_x86: dtfile patch 106438-04 CDE 1.2_x86: Print Manager Patch 108200-01 CDE 1.2_x86: dtspcd Patch 108202-01 CDE 1.2_x86: dtaction Patch 106647-03 SNC 3.2: rpc.pcnfsd has security problem, also hangs and dumps core 108493-01 SunOS 5.6_x86: Snoop may be exploited to gain root access 108661-01 SunOS 5.6_x86: Patch for sadmind 105473-08 SunOS 5.6_x86: /usr/lib/autofs/automountd patch 104678-18 SunOS 5.6_x86: Shared library patch for C++ 108500-01 SunOS 5.6_x86: ASET sets the gid on /tmp,/var/tmp when set med or high 108469-03 SunOS 5.6_x86: ldterm streams module patch 106469-06 SunOS 5.6_x86: /usr/bin/cu and usr/bin/uustat patch 109267-05 SunOS 5.6_x86: /usr/bin/mail patch 109340-02 SunOS 5.6_x86: nscd fixes 108805-02 SunOS 5.6_x86: /usr/bin/tip patch 109389-01 SunOS 5.6_x86: patch /usr/vmsys/bin/chkperm 108334-02 SunOS 5.6_x86: jserver buffer overflow 108896-01 SunOS 5.6_x86: patch /usr/sbin/rpc.bootparamd 108894-01 SunOS 5.6_x86: patch /usr/lib/netsvc/yp/rpc.ypupdated 108891-02 SunOS 5.6_x86: ypxfrd, ypbind, and ypserv patch 106293-13 SunOS 5.6_x86: pkgadd/pkginstall & related utilities 109720-01 SunOS 5.6_x86: arp should lose set-gid bid 106626-14 SunOS 5.6_x86: libsec.a, libsec.so.1 and /kernel/fs/ufs patch 105406-03 SunOS 5.6_x86: libcurses.a & libcurses.so.1 patch 111110-02 SunOS 5.6_x86: Patch to /usr/bin/nawk 111030-01 SunOS 5.6_x86: /kernel/sys/semsys patch 106362-15 SunOS 5.6_x86: csh/jsh/ksh/rksh/rsh/sh patch 111031-01 SunOS 5.6_x86: adp patch 110991-02 SunOS 5.6_x86: Patch for ttymon 111241-01 SunOS 5.6_x86: Patch to /usr/bin/finger 107491-01 SunOS 5.6_x86: savecore doesn't work if swap slice is over 2G 111665-01 SunOS 5.6_x86: bzip patch 111573-01 SunOS 5.6_x86: ar_open failure leads to memory corruption 111860-01 SunOS 5.6_x86: Buffer overflow in whodo via $TZ 106304-04 SunOS 5.6_x86: /usr/lib/netsvc/yp/rpc.yppasswdd patch 105694-14 SunOS 5.6_x86: cachefs patch 105991-05 SunOS 5.6_x86: vi/ex/edit/view/vedit patch 111561-01 SunOS 5.6_x86: dmesg security problem 111237-01 SunOS 5.6_x86: Patch for /usr/sbin/in.fingerd 107299-03 SunOS 5.6_x86: ntpdate and xntpd patch 111040-02 SunOS 5.6_x86: /usr/bin/bdiff and /usr/bin/sdiff patch 107327-03 SunOS 5.6_x86: rlmod and telmod patch 112074-03 SunOS 5.6_x86: /usr/bin/mailx patch 105721-20 SunOS 5.6_x86: /kernel/fs/nfs patch 106640-07 SunOS 5.6_x86: rpcmod patch 112815-01 SunOS 5.6_x86: in.talkd has a "user format" security problem 112894-01 SunOS 5.6_x86: rpc.rwalld has format string problem 108130-05 OpenWindows 3.6_x86: Font Server patch 113755-02 SunOS 5.6_x86: utmp_update patch 105505-16 SunOS 5.6_x86: /kernel/drv/st.conf and /kernel/drv/st patch 108308-02 SunOS 5.6_x86: keyserv fixes 106331-05 OpenWindows 3.6: Xview Patch 114890-01 SunOS 5.6_x86: /usr/sbin/wall patch 114942-01 SunOS 5.6_x86: namefs patch 115564-01 SunOS 5.6_x86: ed creates tempfiles in an insecure manner 112543-01 SunOS 5.6_x86: fgrep fails with "wordlist too large" 105565-05 SunOS 5.6_x86: /kernel/misc/rpcsec patch 106126-16 SunOS 5.6_x86: Patch for patchadd and patchrm 105211-53 SunOS 5.6_x86: libaio, libc & watchmalloc patch 105402-47 SunOS 5.6_x86: libnsl and NIS+ commands patch 105217-05 SunOS 5.6_x86: /usr/sbin/rpcbind patch 105569-26 SunOS 5.6_x86: /usr/lib/libthread.so.1 patch 105801-08 SunOS 5.6_x86: /usr/bin/admintool, y2000 patch 105567-13 CDE 1.2_x86: calendar manager patch 105803-21 OpenWindows 3.6_x86: ToolTalk patch IMPORTANT NOTES AND WARNINGS: ----------------------------- SYSTEMS WITH LIMITED DISK SPACE SHOULD *NOT* INSTALL PATCHES: With or without using the save option, the patch installation process will still require some amount of disk space for installation and administrative tasks in the /, /usr, /var, or /opt partitions where patches are typically installed. The exact amount of space will depend on the machine's architecture, software packages already installed, and the difference in the patched objects size. To be safe, it is not recommended that a patch cluster be installed on a system with less than 4 MBytes of available space in each of these partitions. Running out of disk space during installation may result in only partially loaded patches. Be sure a recent full system backup is available in case a problem occurs, and check to be sure adequate disk space is available before installing the patch cluster. SAVE AND BACKOUT OPTIONS: By default, the cluster installation procedure uses the installpatch save feature to save the base objects being patched. Prior to installing the patches the cluster installation script will first determine if enough system disk space is available in /var/sadm/patch to save the base objects and will terminate if not. Patches can only be individually backed out with the original object restored if the save option was used when installing this cluster. Please later refer to the backoutpatch instructions provided in the individual patch README file which will be located in the specific patch directory under /var/sadm/patch after the patch has been installed. It is possible to override the save feature by using the [-nosave] option when executing the cluster installation script. Using the nosave option, however, means that you will not be able to backout individual patches if the need arises. SPECIAL INSTALL INSTRUCTIONS: As with any patch individually applied, there may be additional special installation instructions which are documented in the individual patch readme file. It is recommended that each individual patch readme is reviewed before installing this cluster to determine if any additional installation steps are necessary for a patch. Otherwise it is possible that an individual patch may still not be completely installed in all respects after the cluster has been installed. DISKLESS OR DATALESS CLIENT SYSTEMS: On server machines that service diskless and/or dataless clients, a patch is NOT applied to existing clients or to the client root template space. Therefore, all client machines of the server that will need this cluster will have to individually apply this cluster. Install this cluster on the client machines first, then the server. A PATCH MAY NOT BE APPLIED: Under certain circumstances listed below, a particular patch provided in this cluster may not be installed if: - The patch applies to a package that has not originally been installed - The same or newer revision of the patch has already been installed - The patch was obsoleted by another patch that has already been installed - The package database is corrupt or missing Use the 'showrev -p' command to compare the list of patches already installed on the system with the patch list and revision levels provided in this cluster. During installation, the install process will indicate if a patch was not applied and more detailed installation messages will be logged to the installation log file. The README file with each patch also provides documentation regarding install and backout messages. OLDER VERSIONS OF PATCHES ALREADY INSTALLED: Backout of older versions of patches provided in the cluster is not required in order for the newer version to be installed. However not backing out an older rev before installing a newer rev will cause showrev -p to continue to show the older rev along with the newer rev. And, if the older rev was previously installed with the save option, the older rev will continue to occupy disk space in /var/sadm/patch even though it has been obsoleted by the new rev. The backoutpatch utility will only allow the most recently saved objects to be restored, thus there are no serious risks associated with leaving an older rev on the system. It just may, however, avoid confusion and be more economical to first backout an older patch rev before installing a newer rev. INSTALL INSTRUCTIONS: --------------------- First, be sure the patch cluster has been uncompressed and extracted if the cluster was received as a tar.Z file, then proceed as follows: 1) Decide on which method you wish to install the cluster: Recommended Method Using Save Feature: By default, the cluster installation procedure uses the installpatch save feature to save the original objects being patched. Prior to installing the patches the cluster installation script will first determine if enough system disk space is available in /var/sadm/patch to save the objects and will terminate if not. Using the default save feature is recommended. Method Using No Save Option: It is possible to override the save feature by using the [-nosave] option when executing the cluster installation script. Using the nosave option means that you will not be able to backout individual patches if the need arises. 2) Run the install_cluster script cd ./install_cluster By default, a message warning the user to check for minimum disk space allowance (separate from the save feature) will appear and allow the user to abort if inadequate space exists. To suppress this interactive message the "-q" (quiet) option can be used when invoking install_cluster. The progress of the script will be displayed on your terminal. It should look something like: # ./install_cluster Patch cluster install script for Determining if sufficient save space exists... Sufficient save space exists, continuing... Installing patches located in Installing Installing . . . Installing For more installation messages refer to the installation logfile: /var/sadm/install_data/_log Use '/usr/bin/showrev -p' to verify installed patch-ids. Refer to individual patch README files for more patch detail. Rebooting the system is usually necessary after installation. # 3) Check the logfile if more detail is needed. If errors are encountered during the installation of this cluster, error messages will be displayed during installation. More details about the causes of failure can be found in the detail logfile: more /var/sadm/install_data/_log If this log file previously existed the latest cluster installation data will be concatenated to the file, so check the end of the file. 4) THE MACHINE SHOULD BE REBOOTED FOR ALL PATCHES TO TAKE EFFECT!!