Print this page

News

2009-08-12 13:43:00

YUM updates


A couple of fixes for BlueOnyx were released today and are now available through YUM.

Category: General
Posted by: mstauber

The following updates for BlueOnyx were released today and are now available through YUM:

==========
 Package  
==========

Updating:                                                                                                                        
 base-console-capstone
 base-console-glue
 base-console-locale-da_DK
 base-console-locale-de_DE
 base-console-locale-en
 base-console-locale-ja
 base-console-ui
 base-swupdate-capstone
 base-swupdate-glue
 base-swupdate-locale-da_DK
 base-swupdate-locale-de_DE
 base-swupdate-locale-en
 base-swupdate-locale-ja
 base-swupdate-ui
 base-vsite-capstone
 base-vsite-glue
 base-vsite-locale-da_DK
 base-vsite-locale-de_DE
 base-vsite-locale-en
 base-vsite-locale-ja
 base-vsite-ui

Transaction Summary
==========================
Install      0 Package(s)
Update      21 Package(s)
Remove       0 Package(s)

Total download size: 391 k

These package addresses the following issues:

base-console:

Sometimes 'pam_abl' logs the IP of the host where the failed logins came from, sometimes it logged the hostname. Therefore we changed the GUI pages a little to display both.

base-swupdate:

Small update to make sure that people cannot install PKGs that were created for incompatible platforms. Some PKG makers used wildcards in the product field of PKGs. Unfortunately some of the wildcards indended for BlueQuartz also allowed to install BlueQuartz PKGs on BlueOnyx. PKG makers should make sure that their PKGs have 'Product: 5106R' in the product field in the file 'packing_list'.

base-vsite:

Our developer Steve Howes found a potential security risk which has been in the code since the RaQ550 days (it also affects BlueQuartz and BlueOnyx):

If a virtual site has "Site Preview" enabled and you suspend the site, then it is still reachable through the usual preview URL.

A potential attacker could then still use scripts on the suspended site if he knew the preview URL.

Therefore we changed the code so that preview for a site gets disabled when you suspend the site. If you have suspended sites with preview enabled, then please install this update first and then set "Site Preview" to disabled for all suspended sites.


Previous page: API Documentation
Next page: Downloads