Red Hat releases updated libtermcap

---------------------------------------------------------------------
                   Red Hat, Inc. Security Advisory

Synopsis:               Buffer overflow in libtermcap tgetent()
Advisory ID:            RHSA-1999:028-01
Issue date:             1999-08-17
Updated on:
Keywords:               termcap xterm
Cross references:
---------------------------------------------------------------------

1. Topic:

A buffer overflow has been fixed in the tgetent() function of
libtermcap.

2. Bug IDs fixed (http://developer.redhat.com/bugzilla/):

4538

3. Relevant releases/architectures:

Red Hat Linux 4.2, 5.2, 6.0, all architectures

4. Obsoleted by:

5. Conflicts with:

6. RPMs required:

Red Hat Linux 4.2:

Intel:
ftp://ftp.redhat.com/redhat/updates/4.2/i386/libtermcap-2.0.8-14.4.2.i386.rpm

ftp://ftp.redhat.com/redhat/updates/4.2/i386/libtermcap-devel-2.0.8-14.4.2.i386.rpm

Alpha:
ftp://ftp.redhat.com/redhat/updates/4.2/alpha/libtermcap-2.0.8-14.4.2.alpha.rpm

ftp://ftp.redhat.com/redhat/updates/4.2/alpha/libtermcap-devel-2.0.8-14.4.2.alpha.rpm

Sparc:
ftp://ftp.redhat.com/redhat/updates/4.2/sparc/libtermcap-2.0.8-14.4.2.sparc.rpm

ftp://ftp.redhat.com/redhat/updates/4.2/sparc/libtermcap-devel-2.0.8-14.4.2.sparc.rpm

Source packages:
ftp://ftp.redhat.com/redhat/updates/4.2/SRPMS/libtermcap-2.0.8-14.4.2.src.rpm

Red Hat Linux 5.2:

Intel:
ftp://ftp.redhat.com/redhat/updates/5.2/i386/libtermcap-2.0.8-14.5.2.i386.rpm

ftp://ftp.redhat.com/redhat/updates/5.2/i386/libtermcap-devel-2.0.8-14.5.2.i386.rpm

Alpha:
ftp://ftp.redhat.com/redhat/updates/5.2/alpha/libtermcap-2.0.8-14.5.2.alpha.rpm

ftp://ftp.redhat.com/redhat/updates/5.2/alpha/libtermcap-devel-2.0.8-14.5.2.alpha.rpm

Sparc:
ftp://ftp.redhat.com/redhat/updates/5.2/sparc/libtermcap-2.0.8-14.5.2.sparc.rpm

ftp://ftp.redhat.com/redhat/updates/5.2/sparc/libtermcap-devel-2.0.8-14.5.2.sparc.rpm

Source packages:
ftp://ftp.redhat.com/redhat/updates/5.2/SRPMS/libtermcap-2.0.8-14.5.2.src.rpm

Red Hat Linux 6.0:

Intel:
ftp://ftp.redhat.com/redhat/updates/6.0/i386/libtermcap-2.0.8-15.i386.rpm

ftp://ftp.redhat.com/redhat/updates/6.0/i386/libtermcap-devel-2.0.8-15.i386.rpm

Alpha:
ftp://ftp.redhat.com/redhat/updates/6.0/alpha/libtermcap-2.0.8-15.alpha.rpm

ftp://ftp.redhat.com/redhat/updates/6.0/alpha/libtermcap-devel-2.0.8-15.alpha.rpm

Sparc:
ftp://ftp.redhat.com/redhat/updates/6.0/sparc/libtermcap-2.0.8-15.sparc.rpm

ftp://ftp.redhat.com/redhat/updates/6.0/sparc/libtermcap-devel-2.0.8-15.sparc.rpm

Source packages:
ftp://ftp.redhat.com/redhat/updates/6.0/SRPMS/libtermcap-2.0.8-15.src.rpm

7. Problem description:

A buffer overflow existed in libtermcap’s tgetent() function,
which could cause the user to execute arbitrary code if they were
able to supply their own termcap file.

Under Red Hat Linux 5.2 and 4.2, this could lead to local users
gaining root privileges, as xterm (as well as other possibly setuid
programs) are linked against libtermcap. Under Red Hat Linux 6.0,
xterm is not setuid root.

Thanks go to Kevin Vajk and the Linux Security Audit team for
noting and providing a fix for this vulnerability.

8. Solution:

For each RPM for your particular architecture, run:

rpm -Uvh <filename>

where filename is the name of the RPM.