COMMAND

    kbd & svgalib

SYSTEMS AFFECTED

    RedHat

PROBLEM

    /tmp exploits have been found in svgalib and kbd.  New versions of
    both of these packages are  available for Red Hat Linux.   svgalib
    is only  available for  i386 platforms,  and kbd  is only availble
    for Intel and  SPARC (it was  not included in  Red Hat 4.2  on the
    SPARC).  Credit goes to Mark A. Spencer and Alan Cox.

SOLUTION

    Apply following:

    Red Hat 5.0
    -------------
    i386:
        rpm -Uvh ftp://ftp.redhat.com/updates/5.0/i386/kbd-0.94-6.i386.rpm
        rpm -Uvh ftp://ftp.redhat.com/updates/5.0/i386/svgalib-1.2.11-4.i386.rpm

    alpha:
        rpm -Uvh ftp://ftp.redhat.com/updates/5.0/alpha/kbd-0.94-6.alpha.rpm

    Red Hat 4.2
    -------------
    i386:
    rpm -Uvh ftp://ftp.redhat.com/updates/4.2/i386/kbd-0.91-10.i386.rpm
    rpm -Uvh ftp://ftp.redhat.com/updates/4.2/i386/svgalib-1.2.10-3.i386.rpm

    alpha:
    rpm -Uvh ftp://ftp.redhat.com/updates/4.2/alpha/kbd-0.91-10.alpha.rpm