=========================================================================== SCO Security Bulletin 99.24 23rd-December-1999 Security holes in xauto --------------------------------------------------------------------------- I. Description Buffer overflows have been found in /usr/X/bin/xauto. II. Impact Without this patch, unauthorized users may gain privileges. This problem has been reported to internet mailing lists, so this patch should be applied immediately. III. Releases This SSE contains binaries for: UnixWare 7.0.0 - UnixWare 7.1.1 UnixWare 2 IV. Solution SCO is providing an interim patch to address this issue in the form of a System Security Enhancement (SSE) package. SSE047 contains replacement binaries for UnixWare 7.0.0 - UnixWare 7.1.1, and UnixWare 2. It is available for Internet download via anonymous ftp. You can download the SSE package as follows: Anonymous ftp (World Wide Web URL): ftp://ftp.sco.COM/SSE/sse047.ltr (cover letter, ASCII text) ftp://ftp.sco.COM/SSE/sse047.tar (new binaries) Checksums (sum -r): 03917 3 sse047.ltr 08473 240 sse047.tar V. Updates This bulletin is available for anonymous ftp download from ftp://ftp.sco.COM/SSE/security_bulletins/SB.99-24a, and will be updated as new information becomes available. The latest information on security vulnerabilities and fixes from SCO is available on the world-wide web at http://www.sco.com/security/ VI. Further Information: If you have further questions, contact your support provider. If you need to contact SCO, please send electronic mail to support@sco.COM, or contact SCO as follows. USA/Canada: 6am-5pm Pacific Time (PST/PDT) ----------- 1-800-347-4381 (voice) 1-408-427-5443 (fax) Pacific Rim, Asia, and Latin American customers: 6am-5pm Pacific ------------------------------------------------ Time (PST/PDT) 1-408-425-4726 (voice) 1-408-427-5443 (fax) Europe, Middle East, Africa: 9am-5:30pm UK Time (GMT/BST) ---------------------------- +44 (0)1923 816344 (voice) +44 (0)1923 817781 (fax)