-----BEGIN PGP SIGNED MESSAGE-----

______________________________________________________________________________
		   Caldera Systems, Inc.  Security Advisory

Subject:		buffer overflow in termcap library
Advisory number: 	CSSA-1999:020.0
Issue date: 		1999 August, 18
Cross reference: 
______________________________________________________________________________


1. Problem Description

   The Linux Security Auditing Project recently discovered a
   buffer overflow in the termcap library, which could be exploited
   to gain root access if e.g. setuid applications like xterm
   were linked against it.

2. Vulnerable Versions

   Caldera OpenLinux 2.2 is not vulnerable to this problem, since
   all applications that require termcap functionality are linked
   against the ncurses library instead, which does not have the
   problem discovered in libtermcap.
      
3. Solutions

   Caldera OpenLinux 2.2 is not vulnerable
      
4. Location of Fixed Packages

   The COL packages are not vulnerable

5. Installing Fixed Packages

   Packages included in the distribution already fixed
      
6. Verification

   -
   
7. References

   This and other Caldera security resources are located at:

   http://www.calderasystems.com/news/security/index.html
  
   This security fix closes Caldera's internal Problem Report 5071
   
8. Disclaimer

   Caldera Systems, Inc. is not responsible for the misuse of any of the
   information we provide on this website and/or through our security
   advisories. Our advisories are a service to our customers intended to
   promote secure installation and use of Caldera OpenLinux.

______________________________________________________________________________


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQCVAwUBN7qQpOn+9R4958LpAQGTkwP7BLgWQdZac5uWhxcZXEOYxtnPjYzhaRde
bcdUT9fLFn39Zz0KuU3qGHzG8HnsVyXOJ6/5BdkcQF+R6JitFgkJmhoR9C4WgA8T
FbSqS5dj9packlbYyq0qvm+fYkQrB2g0HJWtP4ev4bWXdeSRyEXUsg3WzrXcOoHE
s+KH2PCzRCs=
=kQXl
-----END PGP SIGNATURE-----