Skip to navigation

Security Advisory WindowMaker security update

Advisory: RHSA-2003:009-09
Type: Security Advisory
Severity: Moderate
Issued on: 2003-01-07
Last updated on: 2003-06-19
Affected Products: Red Hat Enterprise Linux AS (v. 2.1)
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
CVEs (cve.mitre.org): CVE-2002-1277

Details

Updated packages are available to fix a vulnerability in Window Maker.

[Updated 06 Feb 2003]
Fixed packages for Advanced Workstation 2.1 have been added.

[Updated 31 Mar 2003]
New erratum packages are available to fix a bug in the original security
patch.

[Updated 18 Jun 2003]
The last update did not include the Advanced Workstation 2.1 packages,
these have now been added back.

Window Maker is an X11 window manager that emulates the look and feel
of the NeXTSTEP graphical user interface.

Al Viro found a buffer overflow in Window Maker 0.80.0 and earlier which
may allow remote attackers to execute arbitrary code through a certain
image file that is not properly handled when Window Maker uses width and
height information to allocate a buffer. A user can exploit this
vulnerability, for example, by opening a malicious theme.

Users of Window Maker are advised to upgrade to these updated packages
which contain a patch to correct this vulnerability.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Updated packages

Red Hat Enterprise Linux AS (v. 2.1)

SRPMS:
ftp://updates.redhat.com/rhn/public/2703533/WindowMaker/0.65.1-4.2/SRPMS/WindowMaker-0.65.1-4.2.src.rpm
Missing file
    MD5: c81326cf2bf1ed00968f60842225ffc4
ftp://updates.redhat.com/rhn/repository/NULL/WindowMaker/0.65.1-4.2/SRPMS/WindowMaker-0.65.1-4.2.src.rpm
Missing file
    MD5: c81326cf2bf1ed00968f60842225ffc4
 
IA-32:
ftp://updates.redhat.com/rhn/repository/NULL/WindowMaker/0.65.1-4.2/i386/WindowMaker-0.65.1-4.2.i386.rpm
Missing file
    MD5: 1cf969b59251094843f235a759e09b8f
ftp://updates.redhat.com/rhn/repository/NULL/WindowMaker-libs/0.65.1-4.2/i386/WindowMaker-libs-0.65.1-4.2.i386.rpm
Missing file
    MD5: 646a3270b0539eee6c0467e9365a2667
 
IA-64:
ftp://updates.redhat.com/rhn/repository/NULL/WindowMaker/0.65.1-4.2/ia64/WindowMaker-0.65.1-4.2.ia64.rpm
Missing file
    MD5: 478b8828775158e5be177425b9fdb954
ftp://updates.redhat.com/rhn/repository/NULL/WindowMaker-libs/0.65.1-4.2/ia64/WindowMaker-libs-0.65.1-4.2.ia64.rpm
Missing file
    MD5: bc4b5e3167c4b158773efcc06bc54ae1
 
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor

SRPMS:
ftp://updates.redhat.com/rhn/public/2703533/WindowMaker/0.65.1-4.2/SRPMS/WindowMaker-0.65.1-4.2.src.rpm
Missing file
    MD5: c81326cf2bf1ed00968f60842225ffc4
ftp://updates.redhat.com/rhn/repository/NULL/WindowMaker/0.65.1-4.2/SRPMS/WindowMaker-0.65.1-4.2.src.rpm
Missing file
    MD5: c81326cf2bf1ed00968f60842225ffc4
 
IA-64:
ftp://updates.redhat.com/rhn/repository/NULL/WindowMaker/0.65.1-4.2/ia64/WindowMaker-0.65.1-4.2.ia64.rpm
Missing file
    MD5: 478b8828775158e5be177425b9fdb954
ftp://updates.redhat.com/rhn/repository/NULL/WindowMaker-libs/0.65.1-4.2/ia64/WindowMaker-libs-0.65.1-4.2.ia64.rpm
Missing file
    MD5: bc4b5e3167c4b158773efcc06bc54ae1
 

Bugs fixed (see bugzilla for more information)

81266 - Al Viro found a buffer overflow in Window Maker
86077 - updated WindowMaker messes up title bar


References


Keywords

flaw:buf, theme, WindowMaker, wmaker


These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/