From RockWiki

If you grabbed one of the binary Crystal CDs at the Chemnitzer Linux Tage 2006, you may have noticed some things behave strangely or just don't work, and some packages have recently been updated to solve security issues.

Here's what I found:

Contents 1 Security Issues 1.1 Firefox Remote Exploitable 1.2 Security Update for OpenSSH 1.3 GnuPG Security Update 2 Base System Problems 2.1 Delays after IDE Module Init 2.2 su Reports Errors as root, Fails as User 2.3 User can't change password 2.4 ALSA output requires audio group 3 Package Build Problems 3.1 Tmpfs enabled for rocket emerge

Security Issues

Firefox Remote Exploitable

The FireFox Version 1.5 shipped on the CD has a remote exploitable security hole, which was fixed in firefox 1.5.0.1. Please re-build FireFox with patch 2006020218074725914 applied.

Security Update for OpenSSH

OpenSSH has been updated for security reasons. Please re-build OpenSSH with patch 2006021415133609242 applied.

GnuPG Security Update

GnuPG has been upated for security reasons. Please re-build GnuPG and binaries statically linked with it after applying patch 2006021517055512495.

Base System Problems

Delays after IDE Module Init

On my notebook, which happens to have an Intel chipset, I have delays while booting and fairly slow hard disk access times once the Kernel identified my chipset. I rolled my own kernel, which fixed the problem - I blindly suspect dmcrypt, but I can't prove it. If you are satisfied with your hard disk speed, disregard this topic.

su Reports Errors as root, Fails as User

The su utility reports an error when called by root, and fails when called by a user, regardless of whether the correct password was entered. The problem is logged in /var/log/messages/:

PAM unable to dlopen(/lib/security/pam_unix_auth.so)
PAM unable to dlopen(/lib/security/pam_unix_acct.so)

The fix is to edit /etc/pam.d/su and change the lines

auth            required        pam_unix_auth.so
account         required        pam_unix_acct.so

to

auth            required        pam_unix.so
account         required        pam_unix.so

and you're done.

User can't change password

Another symptom accompanying and sharing a cause with the above problem: if you call passwd as user, the attempt to change your password fails instantly. It works as root.

P.S.: passwd as user works with the following /etc/pam.d/passwd file:

#%PAM-1.0
# /etc/pam.d/passwd - sample PAM config file for the `passwd' service
password        required        pam_unix.so

ALSA output requires audio group

For some reason yet to be determined, the ALSA shipped on this CD requires the addition of an 'audio' group, my quick & ugly fix was groupadd audio, but I'll come up with a cleaner solution. *Replace me with a real fix!*

Package Build Problems

Tmpfs enabled for rocket emerge

When building this distribution, tmpfs was enabled to speed up the build. Unfortunately, there is a bug in the build system, so this functionality is not disabled if you use rocket emerge. Please run rocket configsrc first, then change to /usr/src/rock-src and run ./scripts/Config -cfg rocket. Now disable the use of tmpfs, and save the config. After that you can use rocket emerge.