[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

SunOS : Solaris 7 Recommended Patch Cluster



NAME: Solaris 7 Recommended Patch Cluster
DATE: Jun/22/04

########################################################################

This patch cluster is intended to provide a selected set of patches for
the designated Solaris release level.  This is a bundled set of patches
conveniently wrapped for one-step installation.  Only install this
cluster on the appropriate Solaris system.  Carefully read all important
notes and install instructions provided in this README file before
installing the cluster.  A cluster grouping does not necessarily imply
that additional compatibility testing has occured since the individual
patches were released.

WARNING!! IT IS HIGHLY RECOMMENDED that the installation of this patch 
cluster be performed in single-user mode (Run Level S). 

########################################################################

CLUSTER DESCRIPTION
-------------------

These Solaris Recommended patches are considered the most important and
highly recommended patches that avoid the most critical system, user, or
security related bugs which have been reported and fixed to date.  In
most cases a Solaris security patch will be included in the recommended
patch set.  It is possible, however, that a security patch may not be
included in the recommended set if it is determined to be a more obscure
application specific issue and not generally applicable.

During initial installation of the Solaris product other patches or patch
sets may be provided with the product and required with product installation.
Refer to the Solaris product installation documentation to be sure that all
the patches required at product installation are already installed.  This
patch cluster can then be used to update or augment the system with the
recommended patches included.


PATCHES INCLUDED:
-----------------

106960-01  SunOS 5.7: Manual Pages for patchadd.1m and patchrm.1m
107038-02  SunOS 5.7: apropos/catman/man/whatis patch
106793-07  SunOS 5.7: ufsdump and ufsrestore patch
106934-04  CDE 1.3: libDtSvc Patch
106725-03  OpenWindows 3.6.1: mailtool vacation security patch
107544-03  SunOS 5.7: /usr/lib/fs/ufs/fsck patch
107587-01  SunOS 5.7: /usr/lib/acct/lastlogin patch
107359-02  SunOS 5.7: Patch for SPARCompiler Binary Compatibility Libraries
107887-10  CDE 1.3: Actions Patch
106952-04  SunOS 5.7: /usr/bin/uux patch
107456-01  SunOS 5.7: /etc/nsswitch.dns patch
106978-12  SunOS 5.7: sysid patch
107115-15  SunOS 5.7: LP Patch
107259-04  SunOS 5.7: /usr/sbin/vold patch
107454-06  SunOS 5.7: /usr/bin/ftp patch
107684-11  SunOS 5.7: sendmail patch
107792-05  SunOS 5.7: /usr/bin/pax patch
107972-02  SunOS 5.7: /usr/sbin/static/rcp patch
108301-02  SunOS 5.7: /usr/sbin/in.tftpd patch
107337-03  OpenWindows 3.6.1: kcms_server and kcms_configure security fixes
108219-01  CDE 1.3: dtaction Patch
108221-02  CDE 1.3: dtspcd Patch
107885-09  CDE 1.3: dtprintinfo Patch
108482-02  SunOS 5.7: /usr/sbin/snoop patch
108662-01  SunOS 5.7: Patch for sadmind
107709-23  SunOS 5.7: libssasnmp/libssagent/snmpdx/snmpXdmid/mibiisa Patches
108484-01  SunOS 5.7: aset patch
108721-05  SunOS 5.7: admintool patch
106950-24  SunOS 5.7: Linker Patch
106938-08  SunOS 5.7: libresolv, in.named, libadm, & nslookup patch
108376-44  OpenWindows 3.6.1: Xsun Patch
108327-02  SunOS 5.7: /usr/bin/cu patch
109253-07  SunOS 5.7: /usr/bin/mail Patch
109404-01  SunOS 5.7: /usr/vmsys/bin/chkperm patch
108798-02  SunOS 5.7: /usr/bin/tip patch
108838-03  SunOS 5.7: allocate/mkdevmaps/mkdevalloc Patch
107650-08  OpenWindows 3.6.1 X11R6.4 Xprint Extension Patch
109949-01  SunOS 5.7: jserver buffer overflow
107794-01  SunOS 5.7: ASET patch
109744-02  SunOS 5.7: nfsd and lockd Patch
106327-23  SunOS 5.7: 32-Bit Shared library patch for C++
106300-24  SunOS 5.7: 64-Bit Shared library patch for C++
107443-20  SunOS 5.7: packaging utilities patch
108551-03  SunOS 5.7: /usr/sbin/rpc.nispasswdd patch
107477-04  SunOS 5.7: /usr/lib/nfs/mountd Patch
108748-02  SunOS 5.7: /usr/lib/nfs/statd patch
108750-02  SunOS 5.7: /usr/lib/netsvc/yp/ypbind patch
108756-01  SunOS 5.7: /usr/lib/netsvc/yp/rpc.ypupdated patch
108762-01  SunOS 5.7: /usr/sbin/rpc.nisd_resolv patch
108764-01  SunOS 5.7: /usr/sbin/rpc.bootparamd patch
108758-01  SunOS 5.7: /usr/sbin/keyserv patch
109709-01  SunOS 5.7: /usr/sbin/arp patch
110281-02  SunOS 5.7: patch /usr/bin/find
110070-01  SunOS 5.7: security: libcurses:setupterm has buffer overflow
107180-30  CDE 1.3: dtlogin patch
110869-01  SunOS 5.7: useradd, usermod do not handle some expiration dates
107475-05  SunOS 5.7: /usr/sbin/in.telnetd Patch
106925-09  SunOS 5.7: glm Driver Patch
107148-11  SunOS 5.7: /kernel/fs/cachefs patch
110881-01  SunOS 5.7: semop() hangs due to receipt of a signal
107285-09  SunOS 5.7: passwd & pam Library Patch
111093-01  SunOS 5.7: /etc/security/bsmunconv patch
107654-10  OpenWindows 3.6.1: X11R6.4 LBX & XRX Extensions Patch
107460-14  SunOS 5.7: st driver patch
111242-01  SunOS 5.7: Patch to /usr/bin/finger
111113-02  SunOS 5.7: nawk Patch
110646-05  SunOS 5.7: /usr/sbin/in.ftpd Patch
111666-01  SunOS 5.7: bzip patch
111600-01  SunOS 5.7: /usr/sbin/whodo Patch
111578-02  SunOS 5.7: arp Patch
108162-08  SunOS 5.7: jsh, rsh, ksh, rksh, sh Patch
108574-04  SunOS 5.7: /usr/bin/csh Patch
111980-02  SunOS 5.7: ipcs Patch
108815-02  OpenWindows 3.6.1: Calendar Manager patch
111590-03  SunOS 5.7: rpc.yppasswdd Patch
109203-03  SunOS 5.7: edit & vi patch
111238-01  SunOS 5.7: Patch to /usr/sbin/in.fingerd
106924-11  SunOS 5.7: isp driver Patch
107841-03  SunOS 5.7: rpcsec patch
111350-02  SunOS 5.7: Patch for ttymon process modules
108451-07  SunOS 5.7: rpcmod patch
107469-09  SunOS 5.7: sf & socal drivers patch
108029-03  SunOS 5.7: S899 u3 prodreg fix for Java 1.1 and Java 1.2 VM
107441-03  SunOS 5.7: /usr/bin/mailx patch
112300-01  SunOS 5.7: usr/bin/login Patch
112106-01  SunOS 5.7: mkfs Patch
107374-02  Openwindows 3.6.1: Xview Patch
110072-01  SunOS 5.7: Sol7 11/99, can't mount udfs cdrom "not a udfs filesystem"
112590-01  SunOS 5.7: fgrep Patch
107716-26  SunOS 5.7: PGX32 Graphics Patch
112820-01  SunOS 5.7: in.talkd Patch
112899-01  SunOS 5.7: rwall Patch
107743-14  SunOS 5.7: Sun Quad FastEthernet 2.2
108117-06  OpenWindows 3.6.1: Font Server patch
113752-02  SunOS 5.7: utmp_update patch
108319-03  SunOS 5.7: /usr/bin/at patch
114151-01  SunOS 5.7: Japanese SunOS 4.x Binary Compatibility(BCP) patch
108800-03  SunOS 5.7: /usr/lib/fs/cachefs patch
114891-01  SunOS 5.7: /usr/sbin/wall patch
106949-03  SunOS 5.7: BCP (binary compatibility) patch
112604-03  SunOS 5.7: le patch
114944-01  SunOS 5.7: namefs patch
115565-01  SunOS 5.7: ed creates tempfiles in an insecure manner
106944-03  SunOS 5.7: /kernel/fs/fifofs and /kernel/fs/sparcv9/fifofs patch
107058-02  SunOS 5.7: Patch for assembler
107178-03  CDE 1.3: libDtHelp.so.1 patch
111646-01  SunOS 5.7: BCP libmle buffer overflow
112448-01  SunOS 5.7: pt_chmod Patch
112672-01  SunOS 5.7: vipw Patch
116456-01  SunOS 5.7: sadmind default security level
107702-12  CDE 1.3: dtsession patch
107834-04  SunOS 5.7: dkio.h & commands.h patch
107656-11  OpenWindows 3.6.1 libXt Patch
107171-13  SunOS 5.7: Fixes for patchadd and patchrm
106541-34  SunOS 5.7: Kernel Update Patch
107451-08  SunOS 5.7: /usr/sbin/cron Patch
106942-28  SunOS 5.7: libnsl, rpc.nisd and nis_cachemgr Patch
108374-07  CDE 1.3: libDtWidget Patch
108760-02  SunOS 5.7: /usr/sbin/rpcbind patch
106980-25  SunOS 5.7: libthread patch
108343-04  CDE 1.3: sdtperfmeter patch
108263-10  SunOS 5.7: hme driver Patch
109409-04  SunOS 5.7: xntpd and ntpdate Patch
107403-03  SunOS 5.7: rlmod & telmod patch
107589-13  SunOS 5.7: se, zs, kbd and kbio.h Patch
108317-04  SunOS 5.7: idn driver patch
108381-02  SunOS 5.7: ptsl driver patch
108585-04  SunOS 5.7: llc2 driver patch
109372-02  SunOS 5.7: /kernel/strmod/ldterm patch
109797-03  SunOS 5.7: kernel/drv/stc Patch
111931-02  SunOS 5.7: /kernel/strmod/timod Patch
107081-55  Motif 1.2.7 and 2.1.1: Runtime library patch for Solaris 7
107022-08  CDE 1.3: Calendar Manager patch
107636-10  SunOS 5.7: X Input & Output Method patch
107893-21  OpenWindows 3.6.1: Tooltalk patch
107200-16  CDE 1.3: dtmail patch


IMPORTANT NOTES AND WARNINGS:
-----------------------------

SYSTEMS WITH LIMITED DISK SPACE SHOULD *NOT* INSTALL PATCHES:  With or
without using the save option, the patch installation process will
still require some amount of disk space for installation and
administrative tasks in the /, /usr, /var, or /opt directories where
patches are typically installed.  The exact amount of space will depend
on the machine's architecture, software packages already installed, and
the difference in the patched objects size.  To be safe, it is not
recommended that a patch cluster be installed on a system with less
than 10 MBytes of available space in each of these directories. Running
out of disk space during installation may result in only partially
loaded patches.  Be sure a recent full system backup is available in
case a problem occurs, and check to be sure adequate disk space is
available before installing the patch cluster.

SAVE AND BACKOUT OPTIONS:
By default, the cluster installation procedure uses the patchadd
command save feature to save the base objects being patched.  Prior to
installing the patches the cluster installation script will first
determine if enough system disk space is available in /var/sadm/patch
to save the base objects and will terminate if not.  Patches can only
be individually backed out with the original object restored if the
save option was used when installing this cluster.  Please later refer
to the patchrm command manual page for instructions and more
information.  It is possible to override the save feature by using the
[-nosave] option when executing the cluster installation script.  Using
the nosave option, however, means that you will not be able to backout
individual patches if the need arises.

SPECIAL INSTALL INSTRUCTIONS:
As with any patch individually applied, there may be additional special
installation instructions which are documented in the individual patch
README file.  It is recommended that each individual patch readme is
reviewed before installing this cluster to determine if any additional
installation steps are necessary for a patch.  Otherwise it is possible
that an individual patch may still not be completely installed in all
respects after the cluster has been installed.

DISKLESS CLIENT SYSTEMS:
On server machines that service diskless clients, a
patch is NOT applied to existing clients or to the client root template
space.  Therefore, all client machines of the server that will need
this cluster will have to individually apply this cluster.  Install
this cluster on the client machines first, then the server.

A PATCH MAY NOT BE APPLIED:
Under certain circumstances listed below, a particular patch provided in
this cluster may not be installed if:
 
- The patch applies to a package that has not originally been installed
- The same or newer revision of the patch has already been installed
- The patch was obsoleted by another patch that has already been installed
- The package database is corrupt or missing

Use the 'showrev -p' command to compare the list of patches already 
installed on the system with the patch list and revision levels provided
in this cluster.  During installation, the install process will indicate
if a patch was not applied and more detailed installation messages will
be logged to the installation log file.  The README file with each patch
also provides documentation regarding install and backout messages.

OLDER VERSIONS OF PATCHES ALREADY INSTALLED:
Backout of older versions of patches provided in the cluster is not
required in order for the newer version to be installed.  However
not backing out an older rev before installing a newer rev will
cause showrev -p to continue to show the older rev along with the
newer rev.  And, if the older rev was previously installed with
the save option, the older rev will continue to occupy disk space
in /var/sadm/patch even though it has been obsoleted by the new rev.
The patchrm command will only allow the most recently saved
objects to be restored, thus there are no serious risks associated
with leaving an older rev on the system.  It just may, however,
avoid confusion and be more economical to first backout an older
patch revision before installing a newer revision.


INSTALL INSTRUCTIONS:
---------------------

First, be sure the patch cluster has been unzipped
if the cluster was received as a .zip file, then proceed as follows:


1)      Decide on which method you wish to install the cluster:

Recommended Method Using Save Feature:
 
By default, the cluster installation procedure uses the patchadd
save feature to save the original objects being patched.  Prior
to installing the patches the cluster installation script will
first determine if enough system disk space is available in
/var/sadm/patch to save the objects and will terminate if not.
Using the default save feature is recommended. 
 
Method Using No Save Option:
 
It is possible to override the save feature by using the [-nosave]
option when executing the cluster installation script.  Using the
nosave option means that you will not be able to backout individual
patches if the need arises.
 
 
2)      Run the install_cluster script

        cd <patch cluster directory>
        ./install_cluster

By default, a message warning the user to check for minimum disk
space allowance (separate from the save feature) will appear
and allow the user to abort if inadequate space exists.  To
suppress this interactive message the "-q" (quiet) option can
be used when invoking install_cluster.
 
The progress of the script will be displayed on your terminal.
It should look something like:
 
# ./install_cluster
 
Patch cluster install script for <cluster name>
 
Determining if sufficient save space exists...
Sufficient save space exists, continuing...
Installing patches located in <patch cluster directory>
Installing <patch-id>
Installing <patch-id>
.
.
.
Installing <patch-id>
 
For more installation messages refer to the installation logfile:
   /var/sadm/install_data/<cluster name>_log
 
Use '/usr/bin/showrev -p' to verify installed patch-ids.
Refer to individual patch README files for more patch detail.
Rebooting the system is usually necessary after installation.
#
         
 
3)      Check the logfile if more detail is needed.
 
If errors are encountered during the installation of this cluster,
error messages will be displayed during installation.  More details
about the causes of failure can be found in the detail logfile:
 
        more /var/sadm/install_data/<cluster name>_log
 
If this log file previously existed the latest cluster installation
data will be concatenated to the file, so check the end of the file.
 
         
4)      THE MACHINE SHOULD BE REBOOTED FOR ALL PATCHES TO TAKE EFFECT!!