发到邮件列表里问了,用 Shift+Delete 可以直接删除,不经过回收站。:lol
支持 Red Hat Enterprise Linux, CentOS, Scientific Linux, Debian, Ubuntu, FreeBSD, OpenBSD
您尚未登陆。 请选择登陆或是注册一个新账号。
iRedMail 开源邮件服务解决方案 » 由 ZhangHuangbin 发表的文章
发到邮件列表里问了,用 Shift+Delete 可以直接删除,不经过回收站。:lol
这个是 PostfixAdmin 的问题(rhms 对它的配置不正确导致的),已经修正了。:lol
Red Hat is pleased to announce the availability of 5.2
(kernel-2.6.18-92.el5) for the Red Hat Enterprise Linux 5
family of products including:
- Red Hat Enterprise Linux 5 Advanced Platform for x86,
AMD64/Intel(r) 64, Itanium Processor Family, System p
and System z
- Red Hat Enterprise Linux 5 Server for x86,
AMD64/Intel(r) 64, Itanium Processor Family, System p
and System z
- Red Hat Enterprise Linux 5 Desktop for x86 and
AMD64/Intel(r)
Features
--------
This release includes the following improvements:
* Virtualization Enhancements
+ Large System Support
- Hypercall interface for NUMA topology discovery
- Physical CPU support increased to 64 CPU/system
- Large Memory Support increased to 512 GB/system
- Network interfaces in para-virtualized guests no
longer limited to 3
+ Libvirt Enhancements
- Remote management support
- Manage virtual machines from single instance of
virt-manager
- More dynamic management virt-manager capabilities
+ Additional Hardware Support
+ Xen hypervisor rebase to 3.1.2
+ Performance and stability improvements
* Laptop and Desktop Enhancements
+ Rebase of the top Desktop applications:
- Evolution 2.12.3
- Firefox 3
- OpenOffice 2.3.0
- Thunderbird 2.0
+ Updated graphics drivers
+ Added hotplug docking support for some laptops
* Encryption and Security Enhancements
+ New kernel crypto hardware driver APIs
+ SHA-256 / SHA-512 password encryption support
+ Added RFC4303 compliant auditing support
* Improved Audit and Logging
+ Added rsyslog logging facility
* Tuning and debugging: systemtap
+ Production support
+ New support for unprivileged users
+ Includes reference manuals
+ Post-crash trace data recovery
(Note: avoid overbroad probe wildcards)
* Networking and IPv6 Enablement
+ Improved IPv6 compliance
+ SNMP IPv6 MIB improvement
- Limited support to query IPv6 values
+ IKE 2 support via OpenSwan
+ DHCPv6 client and server
+ Added memory accounting in UDP
* Power Management Improvements
+ Added kernel support for Intel's dynamic acceleration
technology enabling CPUs on the same core to enter
lower power states when idle
+ Added Virtualization kernel support for Xen CPU
frequency scaling to reduce power consumption (see the
Release Notes for list of supported CPUs)
+ Improved laptop suspend and hibernate operation
* Cluster Improvements
+ Resource Event Scripting Language allows complex
application failover capabilities
+ Plock performance improvement
+ SCSI 3 reservation fencing support for active/active
and active/passive DM/MPIO (multipathing)
* Kernel Improvements
+ General Features
- Added NFS client support for servers with 64-bit inode
numbers
- Enabled IPMI panic handling
- Added HDMI support for AMD/ATI integrated chipsets
- Updated Infiniband support to OFED v1.3
- Eliminated erroneous PCI ROM warning messages
- Added support to offline CPU when realtime process is
running
- Added support for ICH10 chipset
+ Architecture Specific Support
- x86/x86_64
- Added support of pci=norom boot parameter to disable
p2p rom window
- Added pci=bfsort boot option to enable breadth-first
pci bus scanning rather than the default of
depth-first
- Increased boot command line size to 2048 for x86_64
- Added event based profiling support to AMD Greyhound
system
- IA64
- Added CMCI for hot-plugged processors
- Removed IA64 stack hard limit of
DEFAULT_USER_STACK_SIZE
- Added zonelist order sysctl/boot option on NUMA
systems
- PPC64
- IBM Cell Broadband Engine blade systems
- Added oprofile support
- Updated IPMI driver
- Support for booting with greater than 2GB memory
- IBM Power6 blade systems
- Enabled support of FB_RADEON driver
- Improved watchpoint support in GDB
- Updated ehea driver to latest upstream
- Added SPURR (Scaled Processor Utilization of
Resources Register) support
- Improved hugepage allocation for no-memory nodes
- Added SLB shadow buffer support
- System z (s390x)
- Added large page support
- Added HiperSockets MAC layer routing support and IP
packet support
- Added z/VM monitor stream state 2 application support
- Added support for z/VM DIAG 2FC for HYPFS
- Added AF_IUCV Protocol support on BSD socket interface
- Added dynamic CHPID reconfiguration support via SCLP
+ New Driver support or Driver Updates
- Network Driver Updates
- Added bnx2x driver for Broadcom 10GbE Hardware
- Added dm9601 driver support for Davicom's ZT6688
- Updated bnx2, e1000, e1000e, tg3, forcedeth, igb,
ixgb, cxgb3 driver
- PCI Express-based devices moved from e1000 to e1000e
- Added WEXT scan capabilities to wireless extensions API
- Updated mac80211/iwl4965 infrastructure
- Updated cfg80211 driver to support mac80211/iwl4965
- Updated ixgbe driver to support new Intel 10GbE
hardware
- Added r8169 driver support for Realtek 8111c and 8101e
loms
- Updated bonding, netxen, ioatdma driver
- Storage Driver Updates
- Updated iSCSI
- Added iSNS client: isns-utils
- Added iSCSI Boot Firmware Table (iBFT) support to
boot iSCSI root volumes
- Updated aic94xx, arcmsr, aacraid, cciss, ibmvSCSI
driver
- Updated ipr driver to add dual SAS RAID controller
support
- Updated qla2xxx, lpfc Fibre Channel drivers
- Includes support for 8 Gb/s adapters
- Updated qla3xxx, mpt-fusion, stex, megaraid_sas
- Updated firmwire for Qlogic qla25xx
- Updated SATA driver and infrastructure
- Updated cciss driver to add kdump support
- Added SB800/SB700/SB600 SATA/LAN support
- Added DRAC4 hotplug support
- Added uevent and kobject to device mapper
infrastructure for xDR/GDPs
- Updated device mapper support
- New support for active/passive HP MSA family
- Miscellaneous Driver Updates
- Added R500/R600 drm driver (X11 deccelerator driver)
support
- Added support for Realtek alc888s codec
- Updated wacom driver
Technology Previews
-------------------
Technology Preview features are included in Red Hat
Enterprise Linux to provide the features with wide
exposure with the goal of supporting these features in a
future release of Red Hat Enterprise Linux. Technology
Preview features are not supported under Red Hat
Enterprise Linux 5.2 subscription services and may not
be functionally complete. Red Hat welcomes customer
feedback and suggestions for Technology Previews.
Advisories will be provided for high-severity security
issues in Technology Preview features.
The following Technology Preview features are new or
enhanced in Red Hat Enterprise Linux 5.2. See the
Red Hat Enterprise Linux 5.2 Release Notes for more
information.
- 32-bit para-virtualized (PV) guests on
64-bit AMD64/Intel(r) 64 hosts
- Stability, performance, and memory improvements in
GFS2 file system
- AIGLX including X server and updated Mesa package
- Firewire stack
+ Updated firewire support to latest upstream
- Limited eCryptFS support
+ Added ecryptfs support to kernel
+ Added authentication in crypto library to kernel
- iSCSI
+ iSCSI target device (iSCSI server)
+ Added iSNS server: isns-utils
- radeon_tp
- Trusted Computing Group (TCG) / Trusted Platform
Module (TPM) Support
+ Included the TCG stack
+ Included the Trousers TSS stack
+ Added trust computing/trust platform module in kernel
and tpm-tools
+ Boot-loader support will be considered for inclusion
in a future release
- Systemtap utrace support for user space tracing
- frysk
Accessing the Software
----------------------
Red Hat Enterprise Linux 5.2 is available to existing
Red Hat Enterprise Linux subscribers via RHN. The
channels will automatically appear in your account.
Installable binary and source ISO images are available
via Red Hat Network at:
https://rhn.redhat.com/network/software/download_isos_full.pxt
You will be required to log in using a valid RHN account
with active entitlements.
Red Hat Enterprise Linux 5.2 errata are available at:
https://rhn.redhat.com/
Installation-related Known Issues
---------------------------------
The following are known installation related issues in the
release:
Bug 435475: RFE: [Performance] For some IA64 hw, yum update
slower than previous releases
Bug 442780: dhcpv6: inconsistent provides: libdhcp6client.so.1
vs libdhcp6client-1.0.so.2
Bug 442791: machine locks up during installation on 82Q963/965
Bug 443653: %preun scriptlet failed during upgrade from U1
(using anaconda)
Bug 444969: /usr/bin/elfspe-register: line 6:
/proc/sys/fs/binfmt_misc /register: No such file
or directory
Bug 445005: mislabeled files (up to 80+) during install
Bug 445591: rhn based upgrade of rhel 5.1 to rhel 5.2 fails
due to module conflicts
Additional Information
----------------------
Installation and upgrading best practices can be found
at:
http://kbase.redhat.com/faq/FAQ_103_12730
See Power Management improvements in CPU Frequency Power
Governors at:
http://www.redhat.com/f/pdf/RHEL_Governers_WP.pdf
Additional information is provided below on Documentation,
Bug Reporting, and Mailing Lists.
Enjoy the Red Hat Enterprise Linux 5.2 release.
Sincerely,
The Red Hat Enterprise Linux Team
----------------------------------------------------------------------
Documentation
-------------
Release notes for this release are available on the
Red Hat Enterprise Linux 5 site at:
http://www.redhat.com/docs/manuals/enterprise/
The Release Notes are also on your Red Hat Enterprise
Linux 5 installed system in the redhat-release-notes
package.
Bug Reporting
-------------
Red Hat Enterprise Linux 5.2 customers who have assigned
Technical Account Managers (TAMs) should report all bugs
with this release using your current Issue Tracker
account.
All other users should report bugs using Red Hat's
Bugzilla. To report and query for bugs in this release,
you need a Bugzilla account with access to the "Red Hat
Enterprise Linux 5" product.
To report a bug via Bugzilla:
1. Login to the Bugzilla home page at:
http://bugzilla.redhat.com
If you don't have an existing account, simply create
one at:
https://bugzilla.redhat.com/bugzilla/createaccount.cgi
2. On the Bugzilla home page, click on
"Enter a new bug report".
3. Choose Product "Red Hat Enterprise Linux 5".
4. Choose Version "5.2".
5. Choose the component against which you wish to report a
problem, such as kernel, glibc, etc. If you do not know
the component or want to file a bug against the general
product, choose "distribution" as the component.
6. Choose the platform, such as: "All", "x86_64", etc.
7. Provide the information about the problem you're
reporting by entering information in the appropriate
fields. In the Summary field, provide a clear and
descriptive abstract of the issue. In the Description
field, provide the full package versions of any
components you are experiencing problems using.
8. Check to make sure that all information is accurate and
click the "Commit" button to submit your problem report.
Mailing Lists
-------------
Red Hat has a public mailing list for communication during
this and all future Red Hat Enterprise Linux 5 programs.
* rhelv5-announce redhat com
A low-volume, moderated, announcement-only mailing
list. Red Hat will use this list to communicate
one-way information about RHEL 5 programs, such as
notifications when releases are available or
solicitations for feedback. Subscribe at:
https://listman.redhat.com/mailman/listinfo/rhelv5-announce
* rhelv5-list redhat com
A public general discussion mailing list for users
of Red Hat Enterprise Linux 5 releases. Subscribe
at:
https://www.redhat.com/mailman/listinfo/rhelv5-list
_______________________________________________
rhelv5-beta-list mailing list
rhelv5-beta-list@redhat.com
https://www.redhat.com/mailman/listinfo/rhelv5-beta-list
贴子内容摘自:http://www.press.redhat.com/2008/05/21/ … lifecycle/
Hi, all.
这是 RHEL 每个大版本的生命周期,可以参考一下:
1. Full Support
* New hardware support
* Enhanced software functionality (selected)
* Bug fixes (medium, high, or urgent priority levels)
* Security patches (important or critical impact levels)
2. Transition
* New hardware support (very limited)
* Bug fixes (high or urgent priority levels)
* Security patches (important or critical impact levels)
3. Maintenance
* Bug fixes (only those few deemed mission critical)
* Security patches (important or critical impact levels)
来自 Red Hat(R) 邮件列表的新闻:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Low: vsftpd security and bug fix update
Advisory ID: RHSA-2008:0295-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0295.html
Issue date: 2008-05-21
CVE Names: CVE-2007-5962
=====================================================================
1. Summary:
An updated vsftpd package that fixes a security issue and several bugs is
now available for Red Hat Enterprise Linux 5.
This update has been rated as having low security impact by the Red Hat
Security Response Team.
2. Relevant releases/architectures:
RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64
3. Description:
The vsftpd package includes a Very Secure File Transfer Protocol (FTP)
daemon.
A memory leak was discovered in the vsftpd daemon. An attacker who is able
to connect to an FTP service, either as an authenticated or anonymous user,
could cause vsftpd to allocate all available memory if the "deny_file"
option was enabled in vsftpd.conf. (CVE-2007-5962)
As well, this updated package fixes following bugs:
* a race condition could occur even when the "lock_upload_files" option is
set. When uploading two files simultaneously, the result was a combination
of the two files. This resulted in uploaded files becoming corrupted. In
these updated packages, uploading two files simultaneously will result in a
file that is identical to the last uploaded file.
* when the "userlist_enable" option is used, failed log in attempts as a
result of the user not being in the list of allowed users, or being in the
list of denied users, will not be logged. In these updated packages, a new
"userlist_log=YES" option can be configured in vsftpd.conf, which will log
failed log in attempts in these situations.
* vsftpd did not support usernames that started with an underscore or a
period character. Usernames starting with an underscore or a period are
supported in these updated packages.
* using wildcards in conjunction with the "ls" command did not return all
the file names it should. For example, if you FTPed into a directory
containing three files -- A1, A21 and A11 -- and ran the "ls *1" command,
only the file names A1 and A21 were returned. These updated packages use
greedier code that continues to speculatively scan for items even after
matches have been found.
* when the "user_config_dir" option is enabled in vsftpd.conf, and the
user-specific configuration file did not exist, the following error
occurred after a user entered their password during the log in process:
500 OOPS: reading non-root config file
This has been resolved in this updated package.
All vsftpd users are advised to upgrade to this updated package, which
resolves these issues.
4. Solution:
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188
5. Bugs fixed (http://bugzilla.redhat.com/):
240553 - vsftpd has a create/lock race condition which corrupts uploads
392181 - vsftpd file listing issue with wildcard
392231 - Uploaded file corrupted when two connections from same client uploading same file simultaneously
397011 - CVE-2007-5962 vsftpd: memory leak when deny_file option is set
400921 - OOPS: reading non-root config file
6. Package List:
RHEL Desktop Workstation (v. 5 client):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/vsftpd-2.0.5-12.el5.src.rpm
i386:
vsftpd-2.0.5-12.el5.i386.rpm
vsftpd-debuginfo-2.0.5-12.el5.i386.rpm
x86_64:
vsftpd-2.0.5-12.el5.x86_64.rpm
vsftpd-debuginfo-2.0.5-12.el5.x86_64.rpm
Red Hat Enterprise Linux (v. 5 server):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/vsftpd-2.0.5-12.el5.src.rpm
i386:
vsftpd-2.0.5-12.el5.i386.rpm
vsftpd-debuginfo-2.0.5-12.el5.i386.rpm
ia64:
vsftpd-2.0.5-12.el5.ia64.rpm
vsftpd-debuginfo-2.0.5-12.el5.ia64.rpm
ppc:
vsftpd-2.0.5-12.el5.ppc.rpm
vsftpd-debuginfo-2.0.5-12.el5.ppc.rpm
s390x:
vsftpd-2.0.5-12.el5.s390x.rpm
vsftpd-debuginfo-2.0.5-12.el5.s390x.rpm
x86_64:
vsftpd-2.0.5-12.el5.x86_64.rpm
vsftpd-debuginfo-2.0.5-12.el5.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package
7. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5962
http://www.redhat.com/security/updates/classification/#low
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/
Copyright 2008 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFINDGOXlSAg2UNWIIRAvAdAJ9VO+ddDYvcoY8hppyJwzmTHdoGtQCgr6Jg
lM2d7tmmxF0YKVNo4WLrvWw=
=XWhK
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
来自 Red Hat(R) 邮件列表的信息:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Low: mysql security and bug fix update
Advisory ID: RHSA-2008:0364-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0364.html
Issue date: 2008-05-20
Updated on: 2008-05-21
CVE Names: CVE-2006-0903 CVE-2006-4031 CVE-2006-4227
CVE-2006-7232 CVE-2007-1420 CVE-2007-2583
CVE-2007-2691 CVE-2007-2692 CVE-2007-3781
CVE-2007-3782
=====================================================================
1. Summary:
Updated mysql packages that fix various security issues and several bugs
are now available for Red Hat Enterprise Linux 5.
This update has been rated as having low security impact by the Red Hat
Security Response Team.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64
3. Description:
MySQL is a multi-user, multi-threaded SQL database server. MySQL is a
client/server implementation consisting of a server daemon (mysqld), and
many different client programs and libraries.
MySQL did not require privileges such as "SELECT" for the source table in a
"CREATE TABLE LIKE" statement. An authenticated user could obtain sensitive
information, such as the table structure. (CVE-2007-3781)
A flaw was discovered in MySQL that allowed an authenticated user to gain
update privileges for a table in another database, via a view that refers
to the external table. (CVE-2007-3782)
MySQL did not require the "DROP" privilege for "RENAME TABLE" statements.
An authenticated user could use this flaw to rename arbitrary tables.
(CVE-2007-2691)
A flaw was discovered in the mysql_change_db function when returning from
SQL SECURITY INVOKER stored routines. An authenticated user could use this
flaw to gain database privileges. (CVE-2007-2692)
MySQL allowed an authenticated user to bypass logging mechanisms via SQL
queries that contain the NULL character, which were not properly handled by
the mysql_real_query function. (CVE-2006-0903)
MySQL allowed an authenticated user to access a table through a previously
created MERGE table, even after the user's privileges were revoked from
the original table, which might violate intended security policy. This is
addressed by allowing the MERGE storage engine to be disabled, which can
be done by running mysqld with the "--skip-merge" option. (CVE-2006-4031)
MySQL evaluated arguments in the wrong security context, which allowed an
authenticated user to gain privileges through a routine that had been made
available using "GRANT EXECUTE". (CVE-2006-4227)
Multiple flaws in MySQL allowed an authenticated user to cause the MySQL
daemon to crash via crafted SQL queries. This only caused a temporary
denial of service, as the MySQL daemon is automatically restarted after the
crash. (CVE-2006-7232, CVE-2007-1420, CVE-2007-2583)
As well, these updated packages fix the following bugs:
* a separate counter was used for "insert delayed" statements, which caused
rows to be discarded. In these updated packages, "insert delayed"
statements no longer use a separate counter, which resolves this issue.
* due to a bug in the Native POSIX Thread Library, in certain situations,
"flush tables" caused a deadlock on tables that had a read lock. The mysqld
daemon had to be killed forcefully. Now, "COND_refresh" has been replaced
with "COND_global_read_lock", which resolves this issue.
* mysqld crashed if a query for an unsigned column type contained a
negative value for a "WHERE [column] NOT IN" subquery.
* in master and slave server situations, specifying "on duplicate key
update" for "insert" statements did not update slave servers.
* in the mysql client, empty strings were displayed as "NULL". For
example, running "insert into [table-name] values (' ');" resulted in a
"NULL" entry being displayed when querying the table using "select * from
[table-name];".
* a bug in the optimizer code resulted in certain queries executing much
slower than expected.
* on 64-bit PowerPC architectures, MySQL did not calculate the thread stack
size correctly, which could have caused MySQL to crash when overly-complex
queries were used.
Note: these updated packages upgrade MySQL to version 5.0.45. For a full
list of bug fixes and enhancements, refer to the MySQL release notes:
http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0.html
All mysql users are advised to upgrade to these updated packages, which
resolve these issues.
4. Solution:
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188
5. Bugs fixed (http://bugzilla.redhat.com/):
194613 - CVE-2006-0903 Mysql log file obfuscation
202246 - CVE-2006-4031 MySQL improper permission revocation
216427 - CVE-2006-4227 mysql improper suid argument evaluation
232603 - CVE-2007-1420 Single MySQL worker can be crashed (NULL deref) with certain SELECT statements
240813 - CVE-2007-2583 mysql: DoS via statement with crafted IF clause
241688 - CVE-2007-2691 mysql DROP privilege not enforced when renaming tables
241689 - CVE-2007-2692 mysql SECURITY INVOKER functions do not drop privileges
248553 - CVE-2007-3781 CVE-2007-3782 New release of MySQL fixes security bugs
254012 - Mysql bug 20048: 5.0.22 FLUSH TABLES WITH READ LOCK bug; need upgrade to 5.0.23
256501 - mysql 5.0.22 still has a lot of bugs ; need upgrade
349121 - MySQL client will display empty strings as NULL (fixed in 5.0.23)
434264 - CVE-2006-7232 mysql: daemon crash via EXPLAIN on queries on information schema
435391 - mysql does not calculate thread stack size correctly for RHEL5
6. Package List:
Red Hat Enterprise Linux Desktop (v. 5 client):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/mysql-5.0.45-7.el5.src.rpm
i386:
mysql-5.0.45-7.el5.i386.rpm
mysql-debuginfo-5.0.45-7.el5.i386.rpm
x86_64:
mysql-5.0.45-7.el5.i386.rpm
mysql-5.0.45-7.el5.x86_64.rpm
mysql-debuginfo-5.0.45-7.el5.i386.rpm
mysql-debuginfo-5.0.45-7.el5.x86_64.rpm
RHEL Desktop Workstation (v. 5 client):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/mysql-5.0.45-7.el5.src.rpm
i386:
mysql-bench-5.0.45-7.el5.i386.rpm
mysql-debuginfo-5.0.45-7.el5.i386.rpm
mysql-devel-5.0.45-7.el5.i386.rpm
mysql-server-5.0.45-7.el5.i386.rpm
mysql-test-5.0.45-7.el5.i386.rpm
x86_64:
mysql-bench-5.0.45-7.el5.x86_64.rpm
mysql-debuginfo-5.0.45-7.el5.i386.rpm
mysql-debuginfo-5.0.45-7.el5.x86_64.rpm
mysql-devel-5.0.45-7.el5.i386.rpm
mysql-devel-5.0.45-7.el5.x86_64.rpm
mysql-server-5.0.45-7.el5.x86_64.rpm
mysql-test-5.0.45-7.el5.x86_64.rpm
Red Hat Enterprise Linux (v. 5 server):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/mysql-5.0.45-7.el5.src.rpm
i386:
mysql-5.0.45-7.el5.i386.rpm
mysql-bench-5.0.45-7.el5.i386.rpm
mysql-debuginfo-5.0.45-7.el5.i386.rpm
mysql-devel-5.0.45-7.el5.i386.rpm
mysql-server-5.0.45-7.el5.i386.rpm
mysql-test-5.0.45-7.el5.i386.rpm
ia64:
mysql-5.0.45-7.el5.i386.rpm
mysql-5.0.45-7.el5.ia64.rpm
mysql-bench-5.0.45-7.el5.ia64.rpm
mysql-debuginfo-5.0.45-7.el5.i386.rpm
mysql-debuginfo-5.0.45-7.el5.ia64.rpm
mysql-devel-5.0.45-7.el5.ia64.rpm
mysql-server-5.0.45-7.el5.ia64.rpm
mysql-test-5.0.45-7.el5.ia64.rpm
ppc:
mysql-5.0.45-7.el5.ppc.rpm
mysql-5.0.45-7.el5.ppc64.rpm
mysql-bench-5.0.45-7.el5.ppc.rpm
mysql-debuginfo-5.0.45-7.el5.ppc.rpm
mysql-debuginfo-5.0.45-7.el5.ppc64.rpm
mysql-devel-5.0.45-7.el5.ppc.rpm
mysql-devel-5.0.45-7.el5.ppc64.rpm
mysql-server-5.0.45-7.el5.ppc.rpm
mysql-server-5.0.45-7.el5.ppc64.rpm
mysql-test-5.0.45-7.el5.ppc.rpm
s390x:
mysql-5.0.45-7.el5.s390.rpm
mysql-5.0.45-7.el5.s390x.rpm
mysql-bench-5.0.45-7.el5.s390x.rpm
mysql-debuginfo-5.0.45-7.el5.s390.rpm
mysql-debuginfo-5.0.45-7.el5.s390x.rpm
mysql-devel-5.0.45-7.el5.s390.rpm
mysql-devel-5.0.45-7.el5.s390x.rpm
mysql-server-5.0.45-7.el5.s390x.rpm
mysql-test-5.0.45-7.el5.s390x.rpm
x86_64:
mysql-5.0.45-7.el5.i386.rpm
mysql-5.0.45-7.el5.x86_64.rpm
mysql-bench-5.0.45-7.el5.x86_64.rpm
mysql-debuginfo-5.0.45-7.el5.i386.rpm
mysql-debuginfo-5.0.45-7.el5.x86_64.rpm
mysql-devel-5.0.45-7.el5.i386.rpm
mysql-devel-5.0.45-7.el5.x86_64.rpm
mysql-server-5.0.45-7.el5.x86_64.rpm
mysql-test-5.0.45-7.el5.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package
7. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0903
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4031
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4227
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7232
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1420
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2583
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2691
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2692
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3781
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3782
http://www.redhat.com/security/updates/classification/#low
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/
Copyright 2008 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFINDIQXlSAg2UNWIIRAhSDAKCa1Uw5WVz5C0KGevCBV25X9G/GBgCfcKaD
fEYwviVL9nFgEYQ3wbBPU0Y=
=ZmS0
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
来自 Red Hat(R) 邮件列表的安全报告:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Low: dovecot security and bug fix update
Advisory ID: RHSA-2008:0297-02
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0297.html
Issue date: 2008-05-20
Updated on: 2008-05-21
CVE Names: CVE-2007-2231 CVE-2007-4211 CVE-2007-6598
CVE-2008-1199
=====================================================================
1. Summary:
An updated dovecot package that fixes several security issues and various
bugs is now available for Red Hat Enterprise Linux 5.
This update has been rated as having low security impact by the Red Hat
Security Response Team.
2. Relevant releases/architectures:
RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64
3. Description:
Dovecot is an IMAP server for Linux and UNIX-like systems, primarily
written with security in mind.
A flaw was discovered in the way Dovecot handled the "mail_extra_groups"
option. An authenticated attacker with local shell access could leverage
this flaw to read, modify, or delete other users mail that is stored on
the mail server. (CVE-2008-1199)
This issue did not affect the default Red Hat Enterprise Linux 5 Dovecot
configuration. This update adds two new configuration options --
"mail_privileged_group" and "mail_access_groups" -- to minimize the usage
of additional privileges.
A directory traversal flaw was discovered in Dovecot's zlib plug-in. An
authenticated user could use this flaw to view other compressed mailboxes
with the permissions of the Dovecot process. (CVE-2007-2231)
A flaw was found in the Dovecot ACL plug-in. User with only insert
permissions for a mailbox could use the "COPY" and "APPEND" commands to set
additional message flags. (CVE-2007-4211)
A flaw was found in a way Dovecot cached LDAP query results in certain
configurations. This could possibly allow authenticated users to log in as
a different user who has the same password. (CVE-2007-6598)
As well, this updated package fixes the following bugs:
* configuring "userdb" and "passdb" to use LDAP caused Dovecot to hang. A
segmentation fault may have occurred. In this updated package, using an
LDAP backend for "userdb" and "passdb" no longer causes Dovecot to hang.
* the Dovecot "login_process_size" limit was configured for 32-bit systems.
On 64-bit systems, when Dovecot was configured to use either IMAP or POP3,
the log in processes crashed with out-of-memory errors. Errors such as the
following were logged:
pop3-login: pop3-login: error while loading shared libraries:
libsepol.so.1: failed to map segment from shared object: Cannot allocate
memory
In this updated package, the "login_process_size" limit is correctly
configured on 64-bit systems, which resolves this issue.
Note: this updated package upgrades dovecot to version 1.0.7. For
further details, refer to the Dovecot changelog:
http://koji.fedoraproject.org/koji/buildinfo?buildID=23397
Users of dovecot are advised to upgrade to this updated package, which
resolves these issues.
4. Solution:
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188
5. Bugs fixed (http://bugzilla.redhat.com/):
238439 - CVE-2007-2231 Directory traversal in dovecot with zlib plugin
245249 - Dovecot hangs while using ldap backend.
251007 - CVE-2007-4211 Dovecot possible privilege ascalation in ACL plugin
253363 - Dovecot pop3-login/imap-login crash with OOM error
331441 - Please consider upgrading Dovecot to 1.0rc23 at least
380401 - tracker bug for 1.0.7 rebase
427575 - CVE-2007-6598: dovecot LDAP+auth cache user login mixup
436927 - CVE-2008-1199 dovecot: insecure mail_extra_groups option
6. Package List:
RHEL Desktop Workstation (v. 5 client):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/dovecot-1.0.7-2.el5.src.rpm
i386:
dovecot-1.0.7-2.el5.i386.rpm
dovecot-debuginfo-1.0.7-2.el5.i386.rpm
x86_64:
dovecot-1.0.7-2.el5.x86_64.rpm
dovecot-debuginfo-1.0.7-2.el5.x86_64.rpm
Red Hat Enterprise Linux (v. 5 server):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/dovecot-1.0.7-2.el5.src.rpm
i386:
dovecot-1.0.7-2.el5.i386.rpm
dovecot-debuginfo-1.0.7-2.el5.i386.rpm
ia64:
dovecot-1.0.7-2.el5.ia64.rpm
dovecot-debuginfo-1.0.7-2.el5.ia64.rpm
ppc:
dovecot-1.0.7-2.el5.ppc.rpm
dovecot-debuginfo-1.0.7-2.el5.ppc.rpm
s390x:
dovecot-1.0.7-2.el5.s390x.rpm
dovecot-debuginfo-1.0.7-2.el5.s390x.rpm
x86_64:
dovecot-1.0.7-2.el5.x86_64.rpm
dovecot-debuginfo-1.0.7-2.el5.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package
7. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2231
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4211
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6598
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1199
http://www.redhat.com/security/updates/classification/#low
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/
Copyright 2008 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFINDGqXlSAg2UNWIIRAsOeAJwKM3PYlb29LhOkcBx0olvLEhVqFgCeNBkT
tjyub6/ivPbuDLqT6Y06D/Y=
=peHK
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
有朋友反应当邮箱容量满了之后,用户在 WebMail 程序里无法删除收件箱里的邮件。
这里涉及到通过 IMAP 协议来操作邮箱的具体细节(来自 Dovecot 的参考文档):
1. 给邮件增加 \Deleted 标记,表示已删除;
2. 使用 EXPUNGE 命令实际删除邮件;
这两个 IMAP 命令在邮箱容量满了之后仍然可以正确操作,可以正确删除邮件。
但是许多邮件客户端软件,例如:Roundcubemail,Thunderbird,都使用 'move-to-trash' 的方式来删除邮件。具体的步骤是:
1. 将 Inbox(收件夹)、Sent(已发邮件)等邮件夹里的邮件复制到 Trash(回收站) 邮件夹;
2. 将邮件打上 \Deleted 标记;
3. 将邮件从 Inbox, Sent 目录删除;
4. (也许后期再使用 'Clean Trash(清空回收站)'的功能删除回收站里的邮件)
所以如果你的邮箱容量已满,就无法将收件箱里的邮件复制到回收站,导致无法删除邮件。
解决办法(任选其一):
* 在客户端使用 POP3 将邮件收下来,清空邮箱(这时候使用 IMAP 是不行的,必须是 POP3, POP3S)。
* 服务器端配置 Dovecot 乎略回收站的邮箱容量。
这是有风险的。因为用户可以把回收站当做是无限制的网络磁盘。
配置方法:# # 在 /etc/dovecot.conf 中配置 plugin quota: # # 注意:这里的 storage=10240 是全局默认值,但是如果你已经在 LDAP/MySQL 里 # 设置了虚拟用户的邮箱容量,将使用 LDAP/MySQL 里的值。 # plugin { quota = maildir:storage=10240:ignore=Trash }
问题已确认,并且已经在新版本中修正了这个问题。感谢 eddiechen :loveliness:
如果需要新版本,可以发邮件给我,我直接发给你 :loveliness:
问题起因:
由于在代码中有一个“逻辑与”的错误判断,导致如果用户没有选择 dovecot 的 SSL 支持(即 pop3s 或 imaps),会导致 rhms 不去配置 dovecot 的主配置文件:/etc/dovecot.conf。
Thanks again
将垃圾邮箱内的邮件创建一个报告发送出来。
这个比较容易实现。
页面再加个链接,将垃圾箱内的邮件转移到收件箱(通过pop imap可收取)或者转移垃圾箱,定期自动清除
这个比较困难。
*) 默认不删除用户的垃圾邮箱里的邮件;
*) 垃圾邮件占有的空间算在用户空间里。
如果用户的垃圾邮箱里有用户误删的邮件怎么办?他过两天还能找回来么?
当然,这个功能可以实现,例如,用一个每晚定时执行的脚本去删除用户垃圾邮箱里的邮件。
垃圾邮件占有的空间如果不算在用户空间里,用户就可以把它当做是无限制的网络磁盘了。你的服务器能承担这样的风险么?如果可以,在 Dovecot 里可以设置这个功能。
参考:
http://wiki.dovecot.org/Quota#head-5a5a … 2b00387af2
Hi, all.
由于个人精力有限,不可能面面俱到,所以在此列出我个人觉得 rhms 应该多加测试的项目和功能,希望能够得到大家的帮助和反馈。
在此先谢谢大家。:loveliness:
* 邮箱容量告警(Requested by muniao);
贴帖子的时候用 code 标记将你的代码暴汗起来,排版会美观一些。:lol
目前我只有一个用 PXE 网络安装部署 RHEL 的文档:
http://code.google.com/p/redhatsolution … ion_Server
可以的呀,支持开源项目。
你希望将这个版放在哪个分区呢? :loveliness:
Hi, all.
此贴用于收集整理 rhms-0.4.3.1 版本的 bug 以及问题解答。期待大家的反馈。:loveliness:
Q: 在 PostfixAdmin 中新建用户时出现发送邮件错误(Reported by Edison, Thanks):
May 20 16:36:54 rh3 postfix/smtpd[1938]: NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 553 5.7.1 <postmaster@a.cn>: Sender address rejected: not logged in; from=<postmaster@a.cn> to=<b@a.cn> proto=ESMTP helo=<rh3>
这是由于在新建用户时,选中了最底下的一个选项:“新建邮箱”,导致 PostfixAdmin 会以当前登录的用户的用户名为发件人,发送一封欢迎邮件给新用户。
这里涉及到几个问题:
*) 怎样才算是新建了一个用户?
用户存在与否,以 MySQL/LDAP 里是否有这个条目为准。
如果数据库里有这个用户的信息,即表示这个用户是实际存在的。
*) 这里的“新建邮箱”是什么意思?
这里的“新建邮箱”,是通过发送邮件给新用户,由 Postfix 收下邮件后将邮件转交给 MDA 这一层的工具,
再由 MDA 工具在文件系统上创建实际的邮箱目录。例如你的收件夹、垃圾箱等;
*) 为什么发送邮件被拒绝?
rhms 对发件人、收件人做了严格的控制。例如:
+ 邮件头中的 From 地址必须是 SASL 验证的用户名。这可以避免你的用户冒充别人发送垃圾邮件。
+ 邮件头中的 To 地址必须是你本地实际有的用户。这可以避免收下垃圾邮件。
对于发件人、收件人限制,请参考 Postfix 的 main.cf 配置文件中的 'smtpd_sender_login_maps'
以及 smtpd_recipient_restrictions 参数;
如何解决这样的问题?有两种方法可以避免,请任选一种:
1) 新建用户时不要勾上“新建邮箱”这个选项;
2) 将 PostfixAdmin 目录下的 create_mailbox.php 文件的第 85 行注释掉:
//if (isset ($_POST['fMail'])) $fMail = escape_string ($_POST['fMail']);
Q: 在 PostfixAdmin 中新建用户时设置邮箱容量大小为 10M,而实际却变成是 100M。(Reported by 木鸟. Thanks ^_^)
这是 rhms 配置 PostfixAdmin 的 bug。
修正方法:
打开 PostfixAdmin 的配置文件:/var/www/postfixadmin-2.2.0/config.inc.php,找到以下参数:
$CONF['quota_multiplier'] = 10240;
将这里的 10240 改为 1024 即可。
Hi, all.
我们已经修复了目前得到反馈的所有 bug 和错误,所以今天发布
rhms-0.4.3.1 稳定版,欢迎大家下载测试和使用。
下载地址:
http://code.google.com/p/rhms/downloads/list
主要的修正:
*) 修正了 Roundcubemail 无法发送大于 2M 附件的问题;
*) 修正了使用用户名登录 Roundcubemail 后,身份被误认为是 username@127.0.0.1
的问题;
*) 修正了在非英文语言环境下 perl 打印不支持字符集的问题;
*) 修正了 policyd 里的单封邮件大小于预设的值不一致的问题;
具体的修正方法可以查看论坛帖子:
http://www.osspinc.com/bbs/viewthread.p … a=page%3D1
另外,我们为 rhms 开设了论坛,并启用了新的论坛 Logo 和 rhms logo:
*) 论坛(欢迎大家一起交流开源解决方案):
http://www.osspinc.com/bbs/
*) 论坛 Logo(感谢 ztjevan <at> gmail):
*) rhms Logo(感谢 EdisonWang2007 <at> gmail):
********************
*** WHAT IS NEXT ***
********************
虽然 rhms 还不够完善,但是我们仍然期望 rhms-0.4.3.1 能够满足您的基本
需求,欢迎志同道合的朋友加入我们。
以下是我们马上要进行的改进:
*) 为 rhms 增加 mbox 格式的支持;
*) 增加 OpenWebMail 作为可选的 WebMail 程序;
*) 为 Dovecot 增加 managesieve 插件;
欢迎有兴趣的朋友一起参与、帮忙测试和反馈。我们期待您的加入:
*) Project: http://rhms.googlecode.com/
*) Forum: http://www.osspinc.com/bbs/
--
Best Regards.
Zhang Huangbin
- OpenBSD 4.2 -release, i386.
- RHEL 5.1 Client
Hi, all.
今天正是启用了新的论坛 logo(论坛的左上角的图片),由 ztjevan 制作。
在此严重感谢 ztjevan :loveliness:
Hi, all.
Roundcubemail 的作者之一 Alec 开发了一个用于配合 Dovecot-sieve 实现用户自定义黑白名单的插件,欢迎大家下载测试。
注意:不要在实际运行的环境中测试。
插件下载页面及使用说明:http://alec.pl/roundcube/managesieve/
升级 Foxmail 能解决么?
原帖由 ztjevan 于 2008-5-16 14:50 发表
如果我不用DOVECOT来做传输可以吗?直接用POSTFIX来处理。。
另。我看在另一个提示
quota=maildir:storage=1024000S uid=89 gid=89
我用的是mbox格式 。有影响吗?
有影响。这个是用于 maildir 格式的。
mbox 的应该改一下。
* Postfix 里的 home_mailbox 参数需要改为 mbox 格式。例如:
home_mailbox = Mailbox
另外还需要增加参数:
mailbox_delivery_lock = fcntl, dotlock
virtual_mailbox_lock = fcntl
* LDAP 里的 mailMessageStore 里的值最后不能有 '/';例如:
test.com/www
* Dovecot 主配置文件里的 mail_location 参数必须改为 mbox 格式。例如:
mail_location = mbox:/%Lh/%Ld/%Ln
另外还需要添加一些参数:
mbox_very_dirty_syncs = yes
mbox_read_locks = fcntl
mbox_write_locks = dotlock fcntl
* Dovecot 的 ldap 查询参数里必须改为 mbox 格式:
待查。
日志里没看出什么问题呀,Dovecot 通过 LDAP 查询到了用户 www@test.com
iRedMail 开源邮件服务解决方案 » 由 ZhangHuangbin 发表的文章
Powered by PunBB, supported by Informer Technologies, Inc.
Currently installed 3 official extensions. Copyright © 2003–2010 PunBB.
页面生成时间 0.212 秒, 共执行查询 56 条