Dear SCO Customer, Support Level Supplement (SLS) OSS634A, the Graphical Environment Supplement for OpenServer 5.0.5, addresses several known issues with the Graphical Environment components of SCO OpenServer 5.0.5 and the SCO OpenServer Development System. SLS OSS634A corrects these problems: 1. There are several buffer overflow bugs in the X11 libraries. This results in system security vulnerabilities in X clients that have system privilege. Associated SCO Tracking Numbers: SCO-559-1111 SCO-559-1112 SCO-559-1113 2. The X server has a buffer overflow bug that results in a system security vulnerability. Associated SCO Tracking Number: SCO-559-1110 3. System Security Enhancement SSE050C contains a corrupted copy of the file /usr/lib/libX11.a. Associated SCO Tracking Number: SCO-559-1127 4. System Security Enhancement SSE069C contains a corrupted copy of the file /usr/lib/libX11.a. Associated SCO Tracking Number: SCO-559-1098 SLS OSS634A contains these files: /usr/bin/X11/Xsco /usr/lib/libX11.a /usr/lib/libX11.so.5.0 /usr/lib/libXt.a /usr/lib/libXt.so.5.0 Software Notes and Recommendations ---------------------------------- SLS OSS634A should only be installed on: SCO OpenServer Release 5.0.5 with Release Supplement RS505a installed. This SLS supersedes System Security Enhancement SSE069C. Note: some X applications may require recompilation before the changes in OSS634A take effect. Installation Instructions ------------------------- 1. Download the OSS634A media image file (ftp://ftp.sco.com/SLS/oss634),place the file in the /tmp directory and rename the file by typing the command: mv /tmp/oss634a /tmp/VOL.000.000 2. Run the Software Manager with the command: # scoadmin software or double-click on the Software Manager icon in the desktop. 3. Pull down the "Software" menu and select "Install New". 4. When prompted for the host from which to install, choose the local machine and then "Continue". 5. In the "Select Media" menu, pull down the "Media Device" menu. Select "Media Images", then choose "Continue". 6. When prompted for the "Image Directory", enter "/tmp" (or the directory where you placed the VOL file in step 1) and choose "OK". 7. When prompted to select software to install, make sure that the "OSS634A" entry is highlighted. Choose "Install". 8. Note that OSS634a patches 3 separate components on your system, one of which is a part of the OpenServer Development System. If you do not have the OpenServer Development System installed on your machine you will get an "Install Patch Error" indicating that the XLIB component of OSS634a cannot be installed on your system. Choose "Continue" to proceed with the install. 9. Installation of SLS OSS634A is now complete. To exit the Software Manager, select "Exit" from the "Host" menu. Removal Instructions -------------------- Note: Patches must be rolled back in the reverse order in which they were installed on a per-component basis. That is, if SLS OSS634A is not the most recent patch applied to the Graphics component of the product, you will have to roll back all patches applied after SLS OSS634A, prior to rollback of SLS OSS634A. To remove SLS OSS634A from SCO OpenServer 5.0.5, take these steps: 1. Log in as root. 2. Execute the command: # scoadmin software or double-click on the Software Manager icon in the desktop. 3. Highlight "OSS634A: Graphical Environment Supplement for OpenServer 5.0.5". 4. Pull down the "Software" menu and select "Remove Software". 5. Once the removal finishes, quit the Software Manager. Removal of SLS OSS634A is now complete. If you have questions regarding this SLS, or the product on which it is installed, please contact your software supplier.