Categories: General Date: Aug 12, 2009 Title: YUM updates
A couple of fixes for BlueOnyx were released today and are now available through YUM.
The following updates for BlueOnyx were released today and are now available through YUM:
========== Package ========== Updating: base-console-capstone base-console-glue base-console-locale-da_DK base-console-locale-de_DE base-console-locale-en base-console-locale-ja base-console-ui base-swupdate-capstone base-swupdate-glue base-swupdate-locale-da_DK base-swupdate-locale-de_DE base-swupdate-locale-en base-swupdate-locale-ja base-swupdate-ui base-vsite-capstone base-vsite-glue base-vsite-locale-da_DK base-vsite-locale-de_DE base-vsite-locale-en base-vsite-locale-ja base-vsite-ui Transaction Summary ========================== Install 0 Package(s) Update 21 Package(s) Remove 0 Package(s) Total download size: 391 k
These package addresses the following issues:
Sometimes 'pam_abl' logs the IP of the host where the failed logins came from, sometimes it logged the hostname. Therefore we changed the GUI pages a little to display both.
Small update to make sure that people cannot install PKGs that were created for incompatible platforms. Some PKG makers used wildcards in the product field of PKGs. Unfortunately some of the wildcards indended for BlueQuartz also allowed to install BlueQuartz PKGs on BlueOnyx. PKG makers should make sure that their PKGs have 'Product: 5106R' in the product field in the file 'packing_list'.
Our developer Steve Howes found a potential security risk which has been in the code since the RaQ550 days (it also affects BlueQuartz and BlueOnyx):
If a virtual site has "Site Preview" enabled and you suspend the site, then it is still reachable through the usual preview URL.
A potential attacker could then still use scripts on the suspended site if he knew the preview URL.
Therefore we changed the code so that preview for a site gets disabled when you suspend the site. If you have suspended sites with preview enabled, then please install this update first and then set "Site Preview" to disabled for all suspended sites.