From listmaster@locutus.calderasystems.com Wed Aug 18 17:41:52 1999 From: listmaster@locutus.calderasystems.com Resent-From: mea culpa To: announce@lists.calderasystems.com Resent-To: jericho@attrition.org Date: 18 Aug 1999 16:00:29 -0000 Reply-To: info@calderasystems.com Subject: Security Advisory 20 -----BEGIN PGP SIGNED MESSAGE----- ______________________________________________________________________________ Caldera Systems, Inc. Security Advisory Subject: buffer overflow in termcap library Advisory number: CSSA-1999:020.0 Issue date: 1999 August, 18 Cross reference: ______________________________________________________________________________ 1. Problem Description The Linux Security Auditing Project recently discovered a buffer overflow in the termcap library, which could be exploited to gain root access if e.g. setuid applications like xterm were linked against it. 2. Vulnerable Versions Caldera OpenLinux 2.2 is not vulnerable to this problem, since all applications that require termcap functionality are linked against the ncurses library instead, which does not have the problem discovered in libtermcap. 3. Solutions Caldera OpenLinux 2.2 is not vulnerable 4. Location of Fixed Packages The COL packages are not vulnerable 5. Installing Fixed Packages Packages included in the distribution already fixed 6. Verification - 7. References This and other Caldera security resources are located at: http://www.calderasystems.com/news/security/index.html This security fix closes Caldera's internal Problem Report 5071 8. Disclaimer Caldera Systems, Inc. is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of Caldera OpenLinux. ______________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQCVAwUBN7qQpOn+9R4958LpAQGTkwP7BLgWQdZac5uWhxcZXEOYxtnPjYzhaRde bcdUT9fLFn39Zz0KuU3qGHzG8HnsVyXOJ6/5BdkcQF+R6JitFgkJmhoR9C4WgA8T FbSqS5dj9packlbYyq0qvm+fYkQrB2g0HJWtP4ev4bWXdeSRyEXUsg3WzrXcOoHE s+KH2PCzRCs= =kQXl -----END PGP SIGNATURE----- -- Note: To learn how to use this list server, email a "help" command to majordomo@lists.calderasystems.com.