doesmu & libtermcap


    RedHat 4.2, 5.0, 5.1


    Security problems have been found in dosemu and libtermcap.  These
    security problems allow  users on your  local system to  gain root
    access, and should be fixed as soon as possible.


    Patches for Red Hat 5.0 and 5.1:

        rpm -Uvh
        rpm -Uvh
        rpm -Uvh
        rpm -Uvh

    Patches for Red Hat 4.2:

        rpm -Uvh
        rpm -Uvh
        rpm -Uvh
        rpm -Uvh

    Beware the fix to libtermcap.  Sure, it closes the root hole,  but
    it  also  keeps  users  from   running  most  programs  that   use
    libtermcap.  The patch includes

               return NULL;

    The setfsuid(getuid())  will always  succeed (so  the test  is not
    necessary), but it  returns the previous  fsuid on success.   That
    will only be  0 when the  program is setuid-root  or being run  by
    root, so for most programs run  by normal users, the call to  open
    the termcap file fails.  Change the patch to just be


    and it will work fine.  The same goes for the setfsgid() call.