-----BEGIN PGP SIGNED MESSAGE----- Subject: Caldera Security Advisory SA-1998.30: SVGAlib security problem Topic: SVGAlib security problem Advisory issue date: August 7 1998 I. Problem Description This is another stderr output problem. In this case, the file that gets written to is /dev/mem. II. Impact Description: Users may be able to cause a system to crash. Vulnerable Systems: OpenLinux 1.0, 1.1, & 1.2 systems using an svglib package prior to svgalib-1.3.0-1. III. Solution Workaround: Remove the svgalib package. Correction: The proper solution is to upgrade to the svgalib-1.3.0-1 packages. They can be found on Caldera's FTP site at: ftp://ftp.caldera.com/pub/OpenLinux/updates/1.2/011/RPMS The corresponding source code can be found at: ftp://ftp.caldera.com/pub/OpenLinux/updates/1.2/011/SRPMS The MD5 checksums (from the "md5sum" command) for these packages are: 9dfb4386b12e5ddbd74580e3ab302f6b RPMS/svgalib-1.3.0-1.i386.rpm 169fd3f1a570ef46f4472eb55f5be9f2 SRPMS/svgalib-1.3.0-1.src.rpm Upgrade with the following commands: rpm -q svglib-devel && rpm -U RPMS/svgalibi-devel-1.3.0-1.i386.rpm rpm -q svglib-devel-static && rpm -U RPMS/svgalib-devel-static-1.3.0-1.i386.rpm rpm -q svglib && rpm -U RPMS/svgalib-1.3.0-1.i386.rpm IV. References This and other Caldera security resources are located at: http://www.caldera.com/news/security/index.html Additional documentation on this problem can be found in This security fix closes Caldera's internal Problem Report 4070. V. PGP Signature This message was signed with the PGP key for security@caldera.com. This key can be obtained from: ftp://ftp.caldera.com/pub/pgp-keys/ Or on an OpenLinux CDROM under: /OpenLinux/pgp-keys/ $Id: SA-1998.30.txt,v 1.3 1998/08/07 14:12:46 rf Exp $ -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQCVAwUBNcsLXun+9R4958LpAQEI5QQAvIEgMCLMWxv+i15YojdL5mtHpw/KBW+p CI43CRdJ4JDzwY35agyYoar/De6KKnAPGPIDWfCY89nELR5E+H1qYxY8P3kVujr0 nVPiYt4yvSCsGBpccX2/kbmGRe8joHvM08PGhw+YPkGDroUX01CjwXfnIeq7AZgf zfzjLtGR8XY= =LSNu -----END PGP SIGNATURE-----