Dear SCO Customer, Support Level Supplement (SLS) OSS629A, the SCO HTTP Security Supplement, addresses a potential security exploit of scohttpd. This SLS resolves the issue and provides additional security. Software Notes and Recommendations ---------------------------------- SLS OSS629A is intended for use on these products: SCO OpenServer Release 5.0.5 SCO OpenServer Release 5.0.6 Installation Instructions ------------------------- 1. Download the OSS629A media image file (oss629a file), place the file in the /tmp directory and rename the file by typing these commands: mv /tmp/oss629a /tmp/VOL.000.000 2. Run the Software Manager with the command: # scoadmin software or double-click on the Software Manager icon in the desktop. 3. Pull down the "Software" menu and select "Install New." 4. When prompted for the host from which to install, choose the local machine and then "Continue." 5. In the "Select Media" menu, pull down the "Media Device" menu. Select "Media Images", then choose "Continue." 6. When prompted for the "Image Directory", enter "/tmp" (or the directory where you placed the VOL file in step 1) and choose "OK." 7. When prompted to select software to install, double-click on the folder icon to expand the view. You will see two components ("MANUTIL" and SCOHTTPD"). Since these components must be installed one at a time, click on the first component to select it and then choose "Install." Repeat steps 3 through 7 to install the second component, and be sure to select the second component when you repeat this step. 8. Installation of SLS OSS629A is now complete. To exit the Software Manager, select "Exit" from the "Host" menu. Removal Instructions -------------------- Note: Patches must be rolled back in the reverse order in which they were installed on a per-component basis. That is, if OSS629A, the SCO HTTP Security Supplement is not the most recent patch applied to the UNIX component of the product, you will have to roll back all patches applied after OSS629A prior to rollback of OSS629A. To remove SLS OSS629A, take these steps: 1. Log in as root. 2. Execute the command: # scoadmin software or double-click on the Software Manager icon in the desktop. 3. Highlight "OSS629A: SCO HTTP Security Supplement." 4. Pull down the "Software" menu and select "Remove Software." 5. Once the removal finishes, quit the Software Manager. Removal of SLS OSS629A is now complete. If you have questions regarding this SLS, or the product on which it is installed, please contact your software supplier.