[2766] in SIPB_Linux_Development

home help back first fref pref prev next nref lref last post

update libtermcap

daemon@ATHENA.MIT.EDU (Kevin Fu)
Wed Aug 18 18:27:18 1999

To: linux-dev@MIT.EDU
Date: Wed, 18 Aug 1999 18:27:04 EDT
From: Kevin Fu <fubob@MIT.EDU>

someone with bits should update sipb-nfs:/redhat and the linux locker
with the security fix for libtermcap and notify
linux-announce@mit.edu.

--------
Kevin E. Fu (fubob@mit.edu)
PGP key: finger fubob@monk.mit.edu

>Date: Tue, 17 Aug 1999 12:04:42 -0400
>From: Bill Nottingham <notting@redhat.com>
>To: redhat-watch-list@redhat.com
>Cc: bugtraq@securityfocus.com, linux-securit@redhat.com
>Subject: [RHSA-1999:028-01] Buffer overflow in libtermcap tgetent()
>
>---------------------------------------------------------------------
>		   Red Hat, Inc. Security Advisory
>
>Synopsis:		Buffer overflow in libtermcap tgetent()
>Advisory ID:		RHSA-1999:028-01
>Issue date:		1999-08-17
>Updated on:		
>Keywords:		termcap xterm
>Cross references:
>---------------------------------------------------------------------
>
>1. Topic:
>
>A buffer overflow has been fixed in the tgetent() function of
>libtermcap.
>
>2. Bug IDs fixed (http://developer.redhat.com/bugzilla/):
>
>4538
>
>3. Relevant releases/architectures:
>
>Red Hat Linux 4.2, 5.2, 6.0, all architectures
>
>4. Obsoleted by:
>
>5. Conflicts with:
>
>6. RPMs required:
>
>Red Hat Linux 4.2:
>
>Intel:
>  ftp://ftp.redhat.com/redhat/updates/4.2/i386/libtermcap-2.0.8-14.4.2.i386.rpm
>  ftp://ftp.redhat.com/redhat/updates/4.2/i386/libtermcap-devel-2.0.8-14.4.2.i386.rpm
>
>Alpha:
>  ftp://ftp.redhat.com/redhat/updates/4.2/alpha/libtermcap-2.0.8-14.4.2.alpha.rpm
>  ftp://ftp.redhat.com/redhat/updates/4.2/alpha/libtermcap-devel-2.0.8-14.4.2.alpha.rpm
>
>Sparc:
>  ftp://ftp.redhat.com/redhat/updates/4.2/sparc/libtermcap-2.0.8-14.4.2.sparc.rpm
>  ftp://ftp.redhat.com/redhat/updates/4.2/sparc/libtermcap-devel-2.0.8-14.4.2.sparc.rpm
>
>Source packages:
>  ftp://ftp.redhat.com/redhat/updates/4.2/SRPMS/libtermcap-2.0.8-14.4.2.src.rpm
>
>Red Hat Linux 5.2:
>
>Intel:
>  ftp://ftp.redhat.com/redhat/updates/5.2/i386/libtermcap-2.0.8-14.5.2.i386.rpm
>  ftp://ftp.redhat.com/redhat/updates/5.2/i386/libtermcap-devel-2.0.8-14.5.2.i386.rpm
>
>Alpha:
>  ftp://ftp.redhat.com/redhat/updates/5.2/alpha/libtermcap-2.0.8-14.5.2.alpha.rpm
>  ftp://ftp.redhat.com/redhat/updates/5.2/alpha/libtermcap-devel-2.0.8-14.5.2.alpha.rpm
>
>Sparc:
>  ftp://ftp.redhat.com/redhat/updates/5.2/sparc/libtermcap-2.0.8-14.5.2.sparc.rpm
>  ftp://ftp.redhat.com/redhat/updates/5.2/sparc/libtermcap-devel-2.0.8-14.5.2.sparc.rpm
>
>Source packages:
>  ftp://ftp.redhat.com/redhat/updates/5.2/SRPMS/libtermcap-2.0.8-14.5.2.src.rpm
>
>Red Hat Linux 6.0:
>
>Intel:
>  ftp://ftp.redhat.com/redhat/updates/6.0/i386/libtermcap-2.0.8-15.i386.rpm
>  ftp://ftp.redhat.com/redhat/updates/6.0/i386/libtermcap-devel-2.0.8-15.i386.rpm
>
>Alpha:
>  ftp://ftp.redhat.com/redhat/updates/6.0/alpha/libtermcap-2.0.8-15.alpha.rpm
>  ftp://ftp.redhat.com/redhat/updates/6.0/alpha/libtermcap-devel-2.0.8-15.alpha.rpm
>
>Sparc:
>  ftp://ftp.redhat.com/redhat/updates/6.0/sparc/libtermcap-2.0.8-15.sparc.rpm
>  ftp://ftp.redhat.com/redhat/updates/6.0/sparc/libtermcap-devel-2.0.8-15.sparc.rpm
>
>Source packages:
>  ftp://ftp.redhat.com/redhat/updates/6.0/SRPMS/libtermcap-2.0.8-15.src.rpm
>
>
>7. Problem description:
>
>A buffer overflow existed in libtermcap's tgetent() function,
>which could cause the user to execute arbitrary code if they
>were able to supply their own termcap file.
>
>Under Red Hat Linux 5.2 and 4.2, this could lead to local users
>gaining root privileges, as xterm (as well as other possibly
>setuid programs) are linked against libtermcap. Under Red Hat
>Linux 6.0, xterm is not setuid root.
>
>Thanks go to Kevin Vajk and the Linux Security Audit team for
>noting and providing a fix for this vulnerability.
>
>8. Solution:
>
>For each RPM for your particular architecture, run:
> 
>rpm -Uvh <filename>
> 
>where filename is the name of the RPM.
>
>9. Verification:
>
>MD5 sum                           Package Name
>--------------------------------------------------------------------------
>31b5612edbb97c66600ac65c81c85fc2  i386/libtermcap-2.0.8-14.4.2.i386.rpm
>8c26efd7648e92f23e9d2b5e7f48d3a4  i386/libtermcap-devel-2.0.8-14.4.2.i386.rpm
>e6a3cb5ad06d6b64a40321b01d18931b  alpha/libtermcap-2.0.8-14.4.2.alpha.rpm
>15c288bd178504542be3b2cee077713a  alpha/libtermcap-devel-2.0.8-14.4.2.alpha.rpm
>8fb7ce4743c14b4163c4871dada51b63  sparc/libtermcap-2.0.8-14.4.2.sparc.rpm
>bc7a74a44201b37fa6cf3515bd20a2bd  sparc/libtermcap-devel-2.0.8-14.4.2.sparc.rpm
>eb117c8f9f926b7fe75f6ebbdf3d2a6b  SRPMS/libtermcap-2.0.8-14.4.2.src.rpm
>
>9811a7c7665a18a46e9c876163628ba6  i386/libtermcap-2.0.8-14.5.2.i386.rpm
>91248a539ee5fb708d194403c61ee14c  i386/libtermcap-devel-2.0.8-14.5.2.i386.rpm
>50a9dcb2fea451b03b743c46ea478418  alpha/libtermcap-2.0.8-14.5.2.alpha.rpm
>a98bbcd7a3e8ab0b41983318aea5e919  alpha/libtermcap-devel-2.0.8-14.5.2.alpha.rpm
>4c2f8d832512fabbe5dbcb89fc782159  sparc/libtermcap-2.0.8-14.5.2.sparc.rpm
>b65b6267eed90d8149a9e52462b3cf10  sparc/libtermcap-devel-2.0.8-14.5.2.sparc.rpm
>19caa6ab708d3a3f6af8eddafb5f53f2  SRPMS/libtermcap-2.0.8-14.5.2.src.rpm
>
>4995cf0a7c181abe56565d82f12c7819  i386/libtermcap-2.0.8-15.i386.rpm
>59d18de3f22abe5674575961b1390177  i386/libtermcap-devel-2.0.8-15.i386.rpm
>611cdfb7f167242e7d3b2eaac866705a  alpha/libtermcap-2.0.8-15.alpha.rpm
>76098235237b5f051ad1266193d7b259  alpha/libtermcap-devel-2.0.8-15.alpha.rpm
>846ad7a73b25d3eceab1949322337e14  sparc/libtermcap-2.0.8-15.sparc.rpm
>6ddde808ec8b5bc7960851ef3188a6dd  sparc/libtermcap-devel-2.0.8-15.sparc.rpm
>6a29851494601540d642ff557bd590d6  SRPMS/libtermcap-2.0.8-15.src.rpm
>
>These packages are PGP signed by Red Hat Inc. for security.  Our key
>is available at:
> 
>http://www.redhat.com/corp/contact.html
> 
>You can verify each package with the following command:
> 
>rpm --checksig  <filename>
> 
>If you only wish to verify that each package has not been corrupted or
>tampered with, examine only the md5sum with the following command:
> 
>rpm --checksig --nopgp <filename>
>
>10. References:
>
>
>
>-- 
>         To unsubscribe: mail redhat-watch-list-request@redhat.com with 
>                       "unsubscribe" as the Subject.
>
>-- 
>To unsubscribe:
>mail -s unsubscribe redhat-announce-list-request@redhat.com < /dev/null
>
>

home help back first fref pref prev next nref lref last post