Dear SCO Customer, 
       
Support Level Supplement (SLS) ptf7684a, the UnixWare 7.1.x  
Verity Security Supplement, addresses the following problems: 
           
1. The Verity search engine can allow remote users to view 
   world-readable system files on a UnixWare 7 server that 
   is running scohelp(X1). 
       
2. The Verity search engine is vulnerable to buffer overflows 

               
Contents 
-------- 

        /usr/ns-home/httpd-scohelphttp/search97/bin/vtopic 
        /usr/ns-home/httpd-scohelphttp/search97/securebin/cgiparse 
        /usr/ns-home/httpd-scohelphttp/search97/securebin/vtopic 

   
Software Notes and Recommendations  
----------------------------------  
           
SLS ptf7684a should only be installed on:  
           
        UnixWare 7 Release 7.1.0, 7.1.1 
           
NOTE:  This supplement has been superseded by
the UnixWare 7.1.1 Maintenance Pack for UnixWare 7.1.1 platforms
only.  The UnixWare 7.1.1 Maintenance Pack is available from:

        ftp://ftp.caldera.com/pub/unixware7/uw711pk

If your system is running any libraries or commands that are
contained in this SLS, then these programs will continue to run 
with the old versions of these libraries or commands until the 
the system is rebooted. 
            
Note that when all necessary patches have been installed, it is 
recommended that you reboot the system at the earliest opportunity. 
This will ensure that no programs continue to run with the old 
libraries or commands. 

                  
Installation Instructions 
------------------------- 
                     
1. Download the ptf7684a.Z file to the /tmp directory on your machine.  
                     
2. As root, uncompress the file and add the package to your system 
   using these commands: 
           
        $ su 
        Password: <type your root password> 
        # uncompress /tmp/ptf7684a.Z 
        # pkgadd -d /tmp/ptf7684a 
        # rm /tmp/ptf7684a 
    
Alternatively, this SLS package may be installed in quiet mode, 
that is, without displaying the release notes and asking for  
installation confirmation.  To do this, use these commands: 
           
        $ su 
        Password: <type your root password> 
        # uncompress /tmp/ptf7684a.Z 
        # pkgadd -qd /tmp/ptf7684a all 
        # rm /tmp/ptf7684a 
                      
3. There is no need to reboot the system after installing this package.  
           
The release notes displayed prior to installation can be found in: 
           
        /var/sadm/pkg/ptf7684/install/ptf7684.txt 
              

Removal Instructions
-------------------- 
           
1. As root, remove the package using these commands: 

        $ su
        Password: <type your root password> 
        # pkgrm ptf7684 
           
Note: You can safely ignore the following error message displayed during 
      removal of SLS ptf7684a: 
           
        installf: ERROR: relative pathname <> not permitted. 
           
2. There is no need to reboot the system after removing this package. 
                      
If you have questions regarding this SLS, or the product on which 
it is installed, please contact your software supplier.