# CLUSTER_README NAME: Solaris 2.6 Recommended Patch Cluster DATE: Feb/14/05 ######################################################################## This patch cluster is intended to provide a selected set of patches for the designated Solaris release level. This is a bundled set of patches conveniently wrapped for one-step installation. Only install this cluster on the appropriate Solaris system. Carefully read all important notes and install instructions provided in this README file before installing the cluster. A cluster grouping does not necessarily imply that additional compatibility testing has occured since the individual patches were released. WARNING!! IT IS HIGHLY RECOMMENDED that the installation of this patch cluster be performed in single-user mode (Run Level S). ######################################################################## CLUSTER DESCRIPTION ------------------- These Solaris Recommended patches are considered the most important and highly recommended patches that avoid the most critical system, user, or security related bugs which have been reported and fixed to date. In most cases a Solaris security patch will be included in the recommended patch set. It is possible, however, that a security patch may not be included in the recommended set if it is determined to be a more obscure application specific issue and not generally applicable. During initial installation of the Solaris product other patches or patch sets may be provided with the product and required with product installation. Refer to the Solaris product installation documentation to be sure that all the patches required at product installation are already installed. This patch cluster can then be used to update or augment the system with the recommended patches included. PATCHES INCLUDED: ----------------- 112542-01 SunOS 5.6: fgrep fails with "wordlist too large" 111109-02 SunOS 5.6: Patch to /usr/bin/nawk 106361-15 SunOS 5.6: csh/jsh/ksh/rksh/rsh/sh patch 107733-11 SunOS 5.6: linker patch 106292-14 SunOS 5.6: pkgadd/pkginstall & related utilities 106125-16 SunOS 5.6: Patch for patchadd and patchrm 106828-01 SunOS 5.6: /usr/bin/date patch 105564-05 SunOS 5.6: /kernel/misc/rpcsec patch 105181-39 SunOS 5.6: Kernel update patch 105210-52 SunOS 5.6: libaio, libc & watchmalloc patch 105401-47 SunOS 5.6: libnsl and NIS+ commands patch 105562-03 SunOS 5.6: chkey and keylogin patch 105568-26 SunOS 5.6: /usr/lib/libthread.so.1 patch 105216-05 SunOS 5.6: /usr/sbin/rpcbind patch 105356-23 SunOS 5.6: /kernel/drv/ssd and /kernel/drv/sd patch 105357-04 SunOS 5.6: /kernel/drv/ses patch 105375-29 SunOS 5.6: sf & socal driver patch 105379-07 SunOS 5.6: /kernel/misc/nfssrv patch 105395-09 SunOS 5.6: /usr/lib/sendmail patch 105407-01 SunOS 5.6: /usr/bin/volrmmount patch 105552-03 SunOS 5.6: /usr/sbin/rpc.nisd_resolv patch 105615-09 SunOS 5.6: /usr/lib/nfs/mountd patch 105665-04 SunOS 5.6: /usr/bin/login patch 105786-15 SunOS 5.6: /kernel/drv/ip patch 105741-09 SunOS 5.6: /kernel/drv/ecpp patch 105720-23 SunOS 5.6: /kernel/fs/nfs patch 106049-05 SunOS 5.6: /usr/sbin/in.telnetd patch 106235-14 SunOS 5.6: lp patch 106257-07 SunOS 5.6: /usr/bin/passwd and /usr/lib/libpam.so.1 patch 105755-13 SunOS 5.6: libresolv, in.named, named-xfer, nslookup, nstest patch 106301-06 SunOS 5.6: /usr/sbin/in.ftpd patch 106439-13 SunOS 5.6: /usr/sbin/syslogd patch 106448-01 SunOS 5.6: /usr/sbin/ping patch 105580-19 SunOS 5.6: /kernel/drv/glm patch 106226-03 SunOS 5.6: /usr/sbin/format patch 105642-10 SunOS 5.6: prtdiag patch 106040-18 SunOS 5.6: X Input & Output Method patch 105800-08 SunOS 5.6: /usr/bin/admintool, y2000 patch 106193-06 SunOS 5.6: Patch for Taiwan timezone 107434-01 CDE 1.2: Spell checking occasionally kills mail 105558-04 CDE 1.2: dtpad patch 105669-11 CDE 1.2: libDtSvc Patch 105837-03 CDE 1.2: dtappgather Patch, including SDE 1.0 installations 106242-03 CDE 1.2: libDtHelp.so.1 fixes 105566-12 CDE 1.2: calendar manager patch 105464-02 OpenWindows 3.6: Multiple xterm fixes 106222-01 OpenWindows 3.6: filemgr (ff.core) fixes 105284-50 Motif 1.2.7: Runtime library patch 105802-19 OpenWindows 3.6: ToolTalk patch 106495-03 SunOS 5.6: truss & truss support library patch 105529-16 SunOS 5.6: /kernel/drv/tcp patch 105667-03 SunOS 5.6: /usr/bin/rdist patch 105722-07 SunOS 5.6: /usr/lib/fs/ufs/ufsdump and ufsrestore patch 105780-05 SunOS 5.6: /kernel/fs/fifofs patch 106123-05 SunOS 5.6: sgml patch 106522-05 SunOS 5.6: /usr/bin/ftp patch 106569-01 SunOS 5.6: libauth.a & libauth.so.1 patch 106592-05 SunOS 5.6: /usr/lib/nfs/statd patch 106625-14 SunOS 5.6: libsec.a, libsec.so.1 and /kernel/fs/ufs patch 106834-02 SunOS 5.6: cp/ln/mv patch 107618-04 SunOS 5.6: vold patch 107758-05 SunOS 5.6: /usr/bin/pax patch 107766-01 SunOS 5.6: ASET cklist reports unchanged 6month older files as new 107774-01 SunOS 5.6: inetd denial-of-service attack 107991-02 SunOS 5.6: /usr/sbin/static/rcp patch 105338-27 CDE 1.2: dtmail patch 106027-12 CDE 1.2 / SDE 1.0: dtsession patch 106112-06 CDE 1.2: dtfile patch 106437-04 CDE 1.2: Print Manager Patch 105633-64 OpenWindows 3.6: Xsun patch 106415-04 OpenWindows 3.6: xdm patch 106648-01 OpenWindows 3.6: libce suid/sgid security fix 106649-01 OpenWindows 3.6: libdeskset patch 106650-05 OpenWindows 3.6: mailtool attachment security patch 107336-02 SunOS 5.6: kcms_server and kcms_configure security fixes 108199-01 CDE 1.2: dtspcd Patch 108201-01 CDE 1.2: dtaction Patch 107565-03 SunOS 5.6: /usr/sbin/in.tftpd patch 108492-01 SunOS 5.6: Snoop may be exploited to gain root access 108660-01 SunOS 5.6: Patch for sadmind 105472-08 SunOS 5.6: /usr/lib/autofs/automountd patch 105591-20 SunOS 5.6: Shared library patch for C++ 108895-01 SunOS 5.6: patch /usr/sbin/rpc.bootparamd 108893-01 SunOS 5.6: patch /usr/lib/netsvc/yp/rpc.ypupdated 108890-02 SunOS 5.6: ypxfrd, ypbind, and ypserv patch 108499-01 SunOS 5.6: ASET sets the gid on /tmp, /var/tmp when setting med high 108468-03 SunOS 5.6: ldterm streams module fixes 108346-03 SunOS 5.6: patch usr/sbin/rpc.nispasswdd 108307-02 SunOS 5.6: keyserv fixes 106639-08 SunOS 5.6: rpcmod patch 106468-06 SunOS 5.6: /usr/bin/cu and usr/bin/uustat patch 109266-05 SunOS 5.6: /usr/bin/mail patch 109339-02 SunOS 5.6: nscd's size grows - TTL values not implemented 109388-01 SunOS 5.6: patch /usr/vmsys/bin/chkperm 108804-02 SunOS 5.6: /usr/bin/tip patch 108333-02 SunOS 5.6: jserver buffer overflow 106285-03 SunOS 5.6: /kernel/sys/msgsys patch 109719-01 SunOS 5.6: arp should lose set-gid bid 105847-14 SunOS 5.6: /kernel/drv/st.conf and /kernel/drv/st patch 105405-03 SunOS 5.6: libcurses.a & libcurses.so.1 patch 105792-10 SunOS 5.6: tar patch 105693-14 SunOS 5.6: cachefs patch 111029-01 SunOS 5.6: /kernel/sys/semsys patch 105486-07 SunOS 5.6: /kernel/fs/hsfs patch 110990-02 SunOS 5.6: Patch for ttymon 111240-01 SunOS 5.6: Patch to /usr/bin/finger 107490-01 SunOS 5.6: savecore doesn't work if swap slice is over 2G 111664-01 SunOS 5.6: bzip patch 111560-01 SunOS 5.6: dmesg security problem 111572-01 SunOS 5.6: ar_open failure can lead to stale queue & memory corruption 111859-01 SunOS 5.6: Buffer overflow in whodo via $TZ 106303-04 SunOS 5.6: /usr/lib/netsvc/yp/rpc.yppasswdd patch 105990-05 SunOS 5.6: vi/ex/edit/view/vedit patch 111236-01 SunOS 5.6: Patch for /usr/sbin/in.fingerd 107298-03 SunOS 5.6: ntpdate and xntpd patch 111039-02 SunOS 5.6: /usr/bin/bdiff and /usr/bin/sdiff patch 107326-03 SunOS 5.6: rlmod and telmod patch 112073-03 SunOS 5.6: /usr/bin/mailx patch 112814-01 SunOS 5.6: in.talkd has a "user format" security problem 112893-01 SunOS 5.6: rpc.rwalld has format string problem 105798-04 SunOS 5.6: cprboot patch 106407-08 SunOS 5.6: Jumbo patch for ide and atapi fixes 105924-19 SunOS 5.6: kbd, se and zs drivers patch 106331-05 OpenWindows 3.6: Xview Patch 108129-05 OpenWindows 3.6: Font Server patch 113754-02 SunOS 5.6: utmp_update patch 114150-01 SunOS 5.6: Japanese SunOS 4.x Binary Compatibility(BCP) patch 114889-01 SunOS 5.6: /usr/sbin/wall patch 105377-06 SunOS 5.6: BCP patch 114941-01 SunOS 5.6: namefs patch 115563-01 SunOS 5.6: ed creates tempfiles in an insecure manner 105703-29 CDE 1.2: dtlogin patch IMPORTANT NOTES AND WARNINGS: ----------------------------- SYSTEMS WITH LIMITED DISK SPACE SHOULD *NOT* INSTALL PATCHES: With or without using the save option, the patch installation process will still require some amount of disk space for installation and administrative tasks in the /, /usr, /var, or /opt directories where patches are typically installed. The exact amount of space will depend on the machine's architecture, software packages already installed, and the difference in the patched objects size. To be safe, it is not recommended that a patch cluster be installed on a system with less than 10 MBytes of available space in each of these directories. Running out of disk space during installation may result in only partially loaded patches. Be sure a recent full system backup is available in case a problem occurs, and check to be sure adequate disk space is available before installing the patch cluster. SAVE AND BACKOUT OPTIONS: By default, the cluster installation procedure uses the patchadd command save feature to save the base objects being patched. Prior to installing the patches the cluster installation script will first determine if enough system disk space is available in /var/sadm/patch to save the base objects and will terminate if not. Patches can only be individually backed out with the original object restored if the save option was used when installing this cluster. Please later refer to the patchrm command manual page for instructions and more information. It is possible to override the save feature by using the [-nosave] option when executing the cluster installation script. Using the nosave option, however, means that you will not be able to backout individual patches if the need arises. SPECIAL INSTALL INSTRUCTIONS: As with any patch individually applied, there may be additional special installation instructions which are documented in the individual patch README file. It is recommended that each individual patch readme is reviewed before installing this cluster to determine if any additional installation steps are necessary for a patch. Otherwise it is possible that an individual patch may still not be completely installed in all respects after the cluster has been installed. DISKLESS CLIENT SYSTEMS: On server machines that service diskless clients, a patch is NOT applied to existing clients or to the client root template space. Therefore, all client machines of the server that will need this cluster will have to individually apply this cluster. Install this cluster on the client machines first, then the server. A PATCH MAY NOT BE APPLIED: Under certain circumstances listed below, a particular patch provided in this cluster may not be installed if: - The patch applies to a package that has not originally been installed - The same or newer revision of the patch has already been installed - The patch was obsoleted by another patch that has already been installed - The package database is corrupt or missing Use the 'showrev -p' command to compare the list of patches already installed on the system with the patch list and revision levels provided in this cluster. During installation, the install process will indicate if a patch was not applied and more detailed installation messages will be logged to the installation log file. The README file with each patch also provides documentation regarding install and backout messages. OLDER VERSIONS OF PATCHES ALREADY INSTALLED: Backout of older versions of patches provided in the cluster is not required in order for the newer version to be installed. However not backing out an older rev before installing a newer rev will cause showrev -p to continue to show the older rev along with the newer rev. And, if the older rev was previously installed with the save option, the older rev will continue to occupy disk space in /var/sadm/patch even though it has been obsoleted by the new rev. The patchrm command will only allow the most recently saved objects to be restored, thus there are no serious risks associated with leaving an older rev on the system. It just may, however, avoid confusion and be more economical to first backout an older patch revision before installing a newer revision. ************************ CAUTION: **************************************** Before installing the cluster, read 105395's SPECIAL_INSTRUCTIONS file. ************************************************************************** INSTALL INSTRUCTIONS: --------------------- First, be sure the patch cluster has been uncompressed and extracted if the cluster was received as a tar.Z file, then proceed as follows: 1) Decide on which method you wish to install the cluster: Recommended Method Using Save Feature: By default, the cluster installation procedure uses the patchadd save feature to save the original objects being patched. Prior to installing the patches the cluster installation script will first determine if enough system disk space is available in /var/sadm/patch to save the objects and will terminate if not. Using the default save feature is recommended. Method Using No Save Option: It is possible to override the save feature by using the [-nosave] option when executing the cluster installation script. Using the nosave option means that you will not be able to backout individual patches if the need arises. 2) Run the install_cluster script cd ./install_cluster By default, a message warning the user to check for minimum disk space allowance (separate from the save feature) will appear and allow the user to abort if inadequate space exists. To suppress this interactive message the "-q" (quiet) option can be used when invoking install_cluster. The progress of the script will be displayed on your terminal. It should look something like: # ./install_cluster Patch cluster install script for Determining if sufficient save space exists... Sufficient save space exists, continuing... Installing patches located in Installing Installing . . . Installing For more installation messages refer to the installation logfile: /var/sadm/install_data/_log Use '/usr/bin/showrev -p' to verify installed patch-ids. Refer to individual patch README files for more patch detail. Rebooting the system is usually necessary after installation. # 3) Check the logfile if more detail is needed. If errors are encountered during the installation of this cluster, error messages will be displayed during installation. More details about the causes of failure can be found in the detail logfile: more /var/sadm/install_data/_log If this log file previously existed the latest cluster installation data will be concatenated to the file, so check the end of the file. 4) THE MACHINE SHOULD BE REBOOTED FOR ALL PATCHES TO TAKE EFFECT!!