|
Patch 2314 : OutBox security fix : [IRIX 6.2]
INDEX
RELATIONS
RELEASE NOTES
1. Patch SG0002314 Release Note
This release note describes patch SG0002314 to IRIX 6.2
1.1 Supported Hardware Platforms
This patch contains bug fixes suitable for all hardware
platforms running the supported software platforms described
below.
1.2 Supported Software Platforms
This patch contains bug fixes for OutBox 1.2 on a system
running IRIX 6.2
The software cannot be installed on other configurations.
1.3 Bugs Fixed by Patch SG0002314
This patch contains fixes for the following bugs in IRIX 6.2
Bug numbers from Silicon Graphics bug tracking system are
included for reference.
o 498919 - OutBox has numerous security vulnerabilities.
o 484580 - webdist has security hole.
Side effects: The fixes for the security-related bugs 498919
and 484580 required removal of the functionality responsible
for the security problems. The resulting changes in OutBox
behavior are described below:
o On the OutBox user page, published files no longer
display the "View" and "Download" buttons. Those
features were not secure, and have been removed. The
secure way to view a document is to click on the
document name or icon. The secure way to download a
document is by using the browser 'Save Link As'
feature. (In Netscape, press Shift-Button1 on the
OutBox file, or press the right mouse button over the
link to access the feature via a popup menu.)
o The script "/cgi-bin/wrap" has been modified. A URL
containing the text "/cgi-bin/wrap" can no longer be
used to view a document. To access a document from
such a URL, simply remove the text "/cgi-bin/wrap" from
the URL. Note: the "/cgi-bin/wrap" script is still
used in URL's pointing to OutBox folders. URL's
pointing to OutBox folders should not be modified.
o The script "/cgi-bin/handler" has been disabled. A URL
containing the text "/cgi-bin/handler" can no longer be
used to download a document. To access the document
from such a URL, remove the text "/cgi-bin/handler"
from the URL.
o The script "/cgi-bin/webdist.cgi" has been disabled for
security reasons. To generate a Web Software
Distribution Page, use the tool "/usr/etc/webdist" from
the command line. See the "webdist" man page for more
information.
1.4 Subsystems Included in Patch SG0002314
This patch release includes these subsystems:
o patchSG0002314.outbox_sw.outbox
o patchSG0002314.outbox_sw.webdist
1.5 Installation Instructions
Because you want to install only the patches for problems
you have encountered, patch software is not installed by
default. After reading the descriptions of the bugs fixed
in this patch (see Section 1.3), determine the patches that
meet your specific needs.
If, after reading Sections 1.1 and 1.2 of these release
notes, you are unsure whether your hardware and software
meet the requirements for installing a particular patch, run
inst. The inst program does not allow you to install
patches that are incompatible with your hardware or
software.
Patch software is installed like any other Silicon Graphics
software product. Follow the instructions in your Software
Installation Administrator's Guide to bring up the miniroot
form of the software installation tools.
Follow these steps to select a patch for installation:
1. At the Inst> prompt, type
install patchSGxxxxxxx
where xxxxxxx is the patch number.
2. Initiate the installation sequence. Type
Inst> go
3. You may find that two patches have been marked as
incompatible. (The installation tools reject an
installation request if an incompatibility is
detected.) If this occurs, you must deselect one of
the patches.
Inst> keep patchSGxxxxxxx
where xxxxxxx is the patch number.
4. After completing the installation process, exit the
inst program by typing
Inst> quit
1.6 Patch Removal Instructions
To remove a patch, use the versions remove command as you
would for any other software subsystem. The removal process
reinstates the original version of software unless you have
specifically removed the patch history from your system.
versions remove patchSGxxxxxxx
where xxxxxxx is the patch number.
To keep a patch but increase your disk space, use the
versions removehist command to remove the patch history.
versions removehist patchSGxxxxxxx
where xxxxxxx is the patch number.
1.7 Known Problems
There are no known problems with the patch at this time.
INST SUBSYSTEM REQUIREMENTS No Requirements Information Available. INST SUBSYSTEM CHECKSUMS These checksums help to provide a 'signature' for the patch inst image which can be used to authenticate other inst images. You can obtain this kind of output by running sum -r on the image (from the command line): 18667 2 patchSG0002314 23116 3 patchSG0002314.idb 56643 35 patchSG0002314.outbox_sw INST SUBSYSTEM FILE LISTINGS The following lists the files which get installed from each subsystem in the patch:
DOWNLOAD PATCH
|
||||||||||||||||||||||||||||||||||||
Document Id: 20021117065945-IRIXPatch-1121
|
||||||||||||||||||||||||||||||||||||