WindowMaker security update
| Advisory: | RHSA-2003:009-09 |
|---|---|
| Type: | Security Advisory |
| Severity: | Moderate |
| Issued on: | 2003-01-07 |
| Last updated on: | 2003-06-19 |
| Affected Products: | Red Hat Enterprise Linux AS (v. 2.1) Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor |
| CVEs (cve.mitre.org): |
CVE-2002-1277 |
Details
Updated packages are available to fix a vulnerability in Window Maker.
[Updated 06 Feb 2003]
Fixed packages for Advanced Workstation 2.1 have been added.
[Updated 31 Mar 2003]
New erratum packages are available to fix a bug in the original security
patch.
[Updated 18 Jun 2003]
The last update did not include the Advanced Workstation 2.1 packages,
these have now been added back.
Window Maker is an X11 window manager that emulates the look and feel
of the NeXTSTEP graphical user interface.
Al Viro found a buffer overflow in Window Maker 0.80.0 and earlier which
may allow remote attackers to execute arbitrary code through a certain
image file that is not properly handled when Window Maker uses width and
height information to allocate a buffer. A user can exploit this
vulnerability, for example, by opening a malicious theme.
Users of Window Maker are advised to upgrade to these updated packages
which contain a patch to correct this vulnerability.
Solution
relevant to your system have been applied.
This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:
up2date
This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.
Updated packages
| Red Hat Enterprise Linux AS (v. 2.1) | |
| SRPMS: | |
| ftp://updates.redhat.com/rhn/public/2703533/WindowMaker/0.65.1-4.2/SRPMS/WindowMaker-0.65.1-4.2.src.rpm Missing file |
MD5: c81326cf2bf1ed00968f60842225ffc4 |
| ftp://updates.redhat.com/rhn/repository/NULL/WindowMaker/0.65.1-4.2/SRPMS/WindowMaker-0.65.1-4.2.src.rpm Missing file |
MD5: c81326cf2bf1ed00968f60842225ffc4 |
| IA-32: | |
| ftp://updates.redhat.com/rhn/repository/NULL/WindowMaker/0.65.1-4.2/i386/WindowMaker-0.65.1-4.2.i386.rpm Missing file |
MD5: 1cf969b59251094843f235a759e09b8f |
| ftp://updates.redhat.com/rhn/repository/NULL/WindowMaker-libs/0.65.1-4.2/i386/WindowMaker-libs-0.65.1-4.2.i386.rpm Missing file |
MD5: 646a3270b0539eee6c0467e9365a2667 |
| IA-64: | |
| ftp://updates.redhat.com/rhn/repository/NULL/WindowMaker/0.65.1-4.2/ia64/WindowMaker-0.65.1-4.2.ia64.rpm Missing file |
MD5: 478b8828775158e5be177425b9fdb954 |
| ftp://updates.redhat.com/rhn/repository/NULL/WindowMaker-libs/0.65.1-4.2/ia64/WindowMaker-libs-0.65.1-4.2.ia64.rpm Missing file |
MD5: bc4b5e3167c4b158773efcc06bc54ae1 |
| Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor | |
| SRPMS: | |
| ftp://updates.redhat.com/rhn/public/2703533/WindowMaker/0.65.1-4.2/SRPMS/WindowMaker-0.65.1-4.2.src.rpm Missing file |
MD5: c81326cf2bf1ed00968f60842225ffc4 |
| ftp://updates.redhat.com/rhn/repository/NULL/WindowMaker/0.65.1-4.2/SRPMS/WindowMaker-0.65.1-4.2.src.rpm Missing file |
MD5: c81326cf2bf1ed00968f60842225ffc4 |
| IA-64: | |
| ftp://updates.redhat.com/rhn/repository/NULL/WindowMaker/0.65.1-4.2/ia64/WindowMaker-0.65.1-4.2.ia64.rpm Missing file |
MD5: 478b8828775158e5be177425b9fdb954 |
| ftp://updates.redhat.com/rhn/repository/NULL/WindowMaker-libs/0.65.1-4.2/ia64/WindowMaker-libs-0.65.1-4.2.ia64.rpm Missing file |
MD5: bc4b5e3167c4b158773efcc06bc54ae1 |
Bugs fixed (see bugzilla for more information)
81266 - Al Viro found a buffer overflow in Window Maker
86077 - updated WindowMaker messes up title bar
References
Keywords
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package
The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/
