========================================================================== The checksum's (found through sum -r) of the files that you have received (other than this README) are as follows: 61339 4 patchSG0003347 11384 69 patchSG0003347.eoe1_man 27750 850 patchSG0003347.eoe1_sw 54110 7 patchSG0003347.idb ========================================================================== - 1 - 1. Patch_SG0003347_Release_Note This release note describes patch SG0003347 to IRIX 5.3 Patch SG0003347 replaces patches(es) SG0000175, SG0000332, SG0000407, SG0000526, SG0000646, SG0000825, SG0000967, SG0001042, SG0001146, SG0001502, SG0001769, and SG0001789 and SG0002309, 1.1 Supported_Hardware_Platforms This patch contains bug fixes for all hardware platforms. 1.2 Supported_Software_Platforms This patch contains bug fixes for IRIX on a system running IRIX 5.3 The software cannot be installed on other configurations. 1.3 Bugs_Fixed_by_Patch_SG0003347 This patch contains fixes for the following bugs in IRIX 5.3 Bug numbers from Silicon Graphics bug tracking system are included for reference. Bugs fixed by patch SG0003347 o Bug 615834 - Security vulnerability in Mail o Bug 614246 - parse0 ruleset missing from antispam support o Bug 617435 - Sendmail delivery is case sensitive o Bug 617068 - /bin/mail security vulnerability o Bug 615170 - configmail script required patched nawk o Bug 615458 - configmail script required patched grep Replaces and rolls up Patchs 175, 332, 407, 526, 646, 825, 967, 1042, 1146, 1502, 1789, and 2309; which fixed: o Bug 235405 - Sendmail -d Security CERT Advisory CA- 94:12 o Bug 283474 - sendmail security check disables vacation o Bug 286549 - sendmail.cf needs support for rewriting from addresses - 2 - o Bug 301302 - syslog has security hole with no bounds checking. o Bug 301932 - sendmail 8.6.12 leaves fuzzy gecos matching always on o Bug 321742 - sendmail.cf now stripping hostnames by default [ gauntlet ] o Bug 344527 - security hole in sendmail queue management o Bug 356996 - sendmail core dumps o Bug 367577 - There is a security hole in rmail which allows user to read any file that is readable by the group "mail". This is typically exploited to access other user's mailbox. o Bug 389520 - When /var/mail is nfs mounted, mail files are created with incorrect ownership. o Bug 443335 - Sendmail load average calculation o Bug 498861 - Similar to bug 367577. o Bug 553016 - Sendmail versions 8.6.x has security holes. The recommended solution is to upgrade to the current version of sendmail. 1.4 Subsystems_Included_in_Patch_SG0003347 This patch release includes these subsystems: o patchSG0003347.eoe_sw.unix o patchSG0003347.eoe_man.unix 1.5 Installation_Instructions Because you want to install only the patches for problems you have encountered, patch software is not installed by default. After reading the descriptions of the bugs fixed in this patch (see Section 1.3), determine the patches that meet your specific needs. If, after reading Sections 1.1 and 1.2 of these release notes, you are unsure whether your hardware and software meet the requirements for installing a particular patch, run inst. The inst program does not allow you to install patches that are incompatible with your hardware or - 3 - software. Patch software is installed like any other Silicon Graphics software product. Follow the instructions in your Software Installation Administrator's Guide to bring up the miniroot form of the software installation tools. Follow these steps to select a patch for installation: 1. At the Inst> prompt, type install patchSGxxxxxxx where xxxxxxx is the patch number. 2. Initiate the installation sequence. Type Inst> go 3. You may find that two patches have been marked as incompatible. (The installation tools reject an installation request if an incompatibility is detected.) If this occurs, you must deselect one of the patches. Inst> keep patchSGxxxxxxx where xxxxxxx is the patch number. 4. After completing the installation process, exit the inst program by typing Inst> quit 1.6 Patch_Removal_Instructions To remove a patch, use the versions remove command as you would for any other software subsystem. The removal process reinstates the original version of software unless you have specifically removed the patch history from your system. versions remove patchSGxxxxxxx where xxxxxxx is the patch number. To keep a patch but increase your disk space, use the versions removehist command to remove the patch history. versions removehist patchSGxxxxxxx - 4 - where xxxxxxx is the patch number. 1.7 Known_Problems