Skip to navigation

Security Advisory openmotif security update

Advisory: RHSA-2005:412-05
Type: Security Advisory
Severity: Moderate
Issued on: 2005-05-11
Last updated on: 2005-05-11
Affected Products: Red Hat Desktop (v. 3)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 2.1)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux ES (v. 2.1)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 2.1)
Red Hat Enterprise Linux WS (v. 3)
Red Hat Enterprise Linux WS (v. 4)
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
CVEs (cve.mitre.org): CVE-2005-0605

Details

Updated openmotif packages that fix a flaw in the Xpm image library are now
available.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

OpenMotif provides libraries which implement the Motif industry standard
graphical user interface.

An integer overflow flaw was found in libXpm, which is used to decode XPM
(X PixMap) images. A vulnerable version of this library was
found within OpenMotif. An attacker could create a carefully crafted XPM
file which would cause an application to crash or potentially execute
arbitrary code if opened by a victim. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2005-0605 to
this issue.

Users of OpenMotif are advised to upgrade to these erratum packages, which
contains a backported security patch to the embedded libXpm library.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

Updated packages

Red Hat Desktop (v. 3)
IA-32:
openmotif-2.2.3-5.RHEL3.2.i386.rpm
File outdated by:  RHBA-2006:0293		     MD5: 47c7fb4596b78c973deb7c2988808f96
openmotif-devel-2.2.3-5.RHEL3.2.i386.rpm
File outdated by:  RHBA-2006:0293		     MD5: c2bdacac09caeb13bc916b9e6213b24f
openmotif21-2.1.30-9.RHEL3.6.i386.rpm
File outdated by:  RHBA-2006:0431		     MD5: 901cfdff883c390159e7510c7beb108d
 
x86_64:
openmotif-2.2.3-5.RHEL3.2.i386.rpm
File outdated by:  RHBA-2006:0293		     MD5: 47c7fb4596b78c973deb7c2988808f96
openmotif-2.2.3-5.RHEL3.2.x86_64.rpm
File outdated by:  RHBA-2006:0293		     MD5: 72999fcdd0aa116594141125f1758bcc
openmotif-devel-2.2.3-5.RHEL3.2.x86_64.rpm
File outdated by:  RHBA-2006:0293		     MD5: 20dfdd4cb2f316fd525dbeff39546260
openmotif21-2.1.30-9.RHEL3.6.i386.rpm
File outdated by:  RHBA-2006:0431		     MD5: 901cfdff883c390159e7510c7beb108d
 
Red Hat Desktop (v. 4)
IA-32:
openmotif-2.2.3-9.RHEL4.1.i386.rpm
File outdated by:  RHBA-2009:0993		     MD5: 023cc76d475a1a73f62103b8179ad27e
openmotif-devel-2.2.3-9.RHEL4.1.i386.rpm
File outdated by:  RHBA-2009:0993		     MD5: d7eade810dfacc7de2ab529600974405
openmotif21-2.1.30-11.RHEL4.4.i386.rpm
File outdated by:  RHBA-2006:0432		     MD5: 47fa2a0391dd9117626c946888bbc675
 
x86_64:
openmotif-2.2.3-9.RHEL4.1.i386.rpm
File outdated by:  RHBA-2009:0993		     MD5: 023cc76d475a1a73f62103b8179ad27e
openmotif-2.2.3-9.RHEL4.1.x86_64.rpm
File outdated by:  RHBA-2009:0993		     MD5: bc3cfce66bea5a3b3900b4e7d07b3b90
openmotif-devel-2.2.3-9.RHEL4.1.x86_64.rpm
File outdated by:  RHBA-2009:0993		     MD5: e657eee7a31222a98c1f6b5da0c2d234
openmotif21-2.1.30-11.RHEL4.4.i386.rpm
File outdated by:  RHBA-2006:0432		     MD5: 47fa2a0391dd9117626c946888bbc675
 
Red Hat Enterprise Linux AS (v. 2.1)
IA-32:
openmotif-2.1.30-13.21AS.5.i386.rpm
File outdated by:  RHSA-2006:0272		     MD5: 82d4d85be0efd5e4611dcfd31cb2c782
openmotif-devel-2.1.30-13.21AS.5.i386.rpm
File outdated by:  RHSA-2006:0272		     MD5: a635c37af852402dd36090c8c4b74097
 
IA-64:
openmotif-2.1.30-13.21AS.5.ia64.rpm
File outdated by:  RHSA-2006:0272		     MD5: 23a97afe7a12979b59436b7331e737e2
openmotif-devel-2.1.30-13.21AS.5.ia64.rpm
File outdated by:  RHSA-2006:0272		     MD5: 435170af1e8f72455a9a3ea0b99d991d
 
Red Hat Enterprise Linux AS (v. 3)
IA-32:
openmotif-2.2.3-5.RHEL3.2.i386.rpm
File outdated by:  RHBA-2006:0293		     MD5: 47c7fb4596b78c973deb7c2988808f96
openmotif-devel-2.2.3-5.RHEL3.2.i386.rpm
File outdated by:  RHBA-2006:0293		     MD5: c2bdacac09caeb13bc916b9e6213b24f
openmotif21-2.1.30-9.RHEL3.6.i386.rpm
File outdated by:  RHBA-2006:0431		     MD5: 901cfdff883c390159e7510c7beb108d
 
IA-64:
openmotif-2.2.3-5.RHEL3.2.i386.rpm
File outdated by:  RHBA-2006:0293		     MD5: 47c7fb4596b78c973deb7c2988808f96
openmotif-2.2.3-5.RHEL3.2.ia64.rpm
File outdated by:  RHBA-2006:0293		     MD5: ab4961edbf87f51127e6f491a4da9eea
openmotif-devel-2.2.3-5.RHEL3.2.ia64.rpm
File outdated by:  RHBA-2006:0293		     MD5: ee6f6ea8384e1d6e75e31a30167a44e0
openmotif21-2.1.30-9.RHEL3.6.i386.rpm
File outdated by:  RHBA-2006:0431		     MD5: 901cfdff883c390159e7510c7beb108d
openmotif21-2.1.30-9.RHEL3.6.ia64.rpm
File outdated by:  RHBA-2006:0431		     MD5: 0a0454015608b488ddb3c55d3278a14e
 
PPC:
openmotif-2.2.3-5.RHEL3.2.ppc.rpm
File outdated by:  RHBA-2006:0293		     MD5: aa579c6cd9b990c200649c8e486080a6
openmotif-2.2.3-5.RHEL3.2.ppc64.rpm
File outdated by:  RHBA-2006:0293		     MD5: b20b1e8f68630389cb394bfb7c40155f
openmotif-devel-2.2.3-5.RHEL3.2.ppc.rpm
File outdated by:  RHBA-2006:0293		     MD5: 5ce626584cb7aa546f5fcd10f6c56a19
 
s390:
openmotif-2.2.3-5.RHEL3.2.s390.rpm
File outdated by:  RHBA-2006:0293		     MD5: 08b1bea796c5d86b014b567edb5087cc
openmotif-devel-2.2.3-5.RHEL3.2.s390.rpm
File outdated by:  RHBA-2006:0293		     MD5: cc2134a36b90a4359698f6c1999c1425
 
s390x:
openmotif-2.2.3-5.RHEL3.2.s390.rpm
File outdated by:  RHBA-2006:0293		     MD5: 08b1bea796c5d86b014b567edb5087cc
openmotif-2.2.3-5.RHEL3.2.s390x.rpm
File outdated by:  RHBA-2006:0293		     MD5: bd621dc1992af0815be37a0f63d446e8
openmotif-devel-2.2.3-5.RHEL3.2.s390x.rpm
File outdated by:  RHBA-2006:0293		     MD5: 86c61331a3388af93c39cd5e823595cd
 
x86_64:
openmotif-2.2.3-5.RHEL3.2.i386.rpm
File outdated by:  RHBA-2006:0293		     MD5: 47c7fb4596b78c973deb7c2988808f96
openmotif-2.2.3-5.RHEL3.2.x86_64.rpm
File outdated by:  RHBA-2006:0293		     MD5: 72999fcdd0aa116594141125f1758bcc
openmotif-devel-2.2.3-5.RHEL3.2.x86_64.rpm
File outdated by:  RHBA-2006:0293		     MD5: 20dfdd4cb2f316fd525dbeff39546260
openmotif21-2.1.30-9.RHEL3.6.i386.rpm
File outdated by:  RHBA-2006:0431		     MD5: 901cfdff883c390159e7510c7beb108d
 
Red Hat Enterprise Linux AS (v. 4)
IA-32:
openmotif-2.2.3-9.RHEL4.1.i386.rpm
File outdated by:  RHBA-2009:0993		     MD5: 023cc76d475a1a73f62103b8179ad27e
openmotif-devel-2.2.3-9.RHEL4.1.i386.rpm
File outdated by:  RHBA-2009:0993		     MD5: d7eade810dfacc7de2ab529600974405
openmotif21-2.1.30-11.RHEL4.4.i386.rpm
File outdated by:  RHBA-2006:0432		     MD5: 47fa2a0391dd9117626c946888bbc675
 
IA-64:
openmotif-2.2.3-9.RHEL4.1.i386.rpm
File outdated by:  RHBA-2009:0993		     MD5: 023cc76d475a1a73f62103b8179ad27e
openmotif-2.2.3-9.RHEL4.1.ia64.rpm
File outdated by:  RHBA-2009:0993		     MD5: 908695c253844642ad38070cf17f7a58
openmotif-devel-2.2.3-9.RHEL4.1.ia64.rpm
File outdated by:  RHBA-2009:0993		     MD5: 8168147910ce21b4bc5f89dfb22dae83
openmotif21-2.1.30-11.RHEL4.4.i386.rpm
File outdated by:  RHBA-2006:0432		     MD5: 47fa2a0391dd9117626c946888bbc675
openmotif21-2.1.30-11.RHEL4.4.ia64.rpm
File outdated by:  RHBA-2006:0432		     MD5: 776371f184502bcf8b28d73701e580d5
 
PPC:
openmotif-2.2.3-9.RHEL4.1.ppc.rpm
File outdated by:  RHBA-2009:0993		     MD5: c332f25632c26bf2b5d55960bc93f9c1
openmotif-2.2.3-9.RHEL4.1.ppc64.rpm
File outdated by:  RHBA-2009:0993		     MD5: 4f98953c059ffe207e12159128927006
openmotif-devel-2.2.3-9.RHEL4.1.ppc.rpm
File outdated by:  RHBA-2009:0993		     MD5: 5c96da3bcfbc5cfd01a60bc0a3ee8e0c
 
s390:
openmotif-2.2.3-9.RHEL4.1.s390.rpm
File outdated by:  RHBA-2009:0993		     MD5: 4f764a6ad8dc046b16b578c71a9dd733
openmotif-devel-2.2.3-9.RHEL4.1.s390.rpm
File outdated by:  RHBA-2009:0993		     MD5: e9f3bd11e16b08fb2d87d052f90923bc
 
s390x:
openmotif-2.2.3-9.RHEL4.1.s390.rpm
File outdated by:  RHBA-2009:0993		     MD5: 4f764a6ad8dc046b16b578c71a9dd733
openmotif-2.2.3-9.RHEL4.1.s390x.rpm
File outdated by:  RHBA-2009:0993		     MD5: 4e2615987a0ab95371f0d979db6eff0d
openmotif-devel-2.2.3-9.RHEL4.1.s390x.rpm
File outdated by:  RHBA-2009:0993		     MD5: 52affcfcf476d51deaa3fd775aa5646b
 
x86_64:
openmotif-2.2.3-9.RHEL4.1.i386.rpm
File outdated by:  RHBA-2009:0993		     MD5: 023cc76d475a1a73f62103b8179ad27e
openmotif-2.2.3-9.RHEL4.1.x86_64.rpm
File outdated by:  RHBA-2009:0993		     MD5: bc3cfce66bea5a3b3900b4e7d07b3b90
openmotif-devel-2.2.3-9.RHEL4.1.x86_64.rpm
File outdated by:  RHBA-2009:0993		     MD5: e657eee7a31222a98c1f6b5da0c2d234
openmotif21-2.1.30-11.RHEL4.4.i386.rpm
File outdated by:  RHBA-2006:0432		     MD5: 47fa2a0391dd9117626c946888bbc675
 
Red Hat Enterprise Linux ES (v. 2.1)
IA-32:
openmotif-2.1.30-13.21AS.5.i386.rpm
File outdated by:  RHSA-2006:0272		     MD5: 82d4d85be0efd5e4611dcfd31cb2c782
openmotif-devel-2.1.30-13.21AS.5.i386.rpm
File outdated by:  RHSA-2006:0272		     MD5: a635c37af852402dd36090c8c4b74097
 
Red Hat Enterprise Linux ES (v. 3)
IA-32:
openmotif-2.2.3-5.RHEL3.2.i386.rpm
File outdated by:  RHBA-2006:0293		     MD5: 47c7fb4596b78c973deb7c2988808f96
openmotif-devel-2.2.3-5.RHEL3.2.i386.rpm
File outdated by:  RHBA-2006:0293		     MD5: c2bdacac09caeb13bc916b9e6213b24f
openmotif21-2.1.30-9.RHEL3.6.i386.rpm
File outdated by:  RHBA-2006:0431		     MD5: 901cfdff883c390159e7510c7beb108d
 
IA-64:
openmotif-2.2.3-5.RHEL3.2.i386.rpm
File outdated by:  RHBA-2006:0293		     MD5: 47c7fb4596b78c973deb7c2988808f96
openmotif-2.2.3-5.RHEL3.2.ia64.rpm
File outdated by:  RHBA-2006:0293		     MD5: ab4961edbf87f51127e6f491a4da9eea
openmotif-devel-2.2.3-5.RHEL3.2.ia64.rpm
File outdated by:  RHBA-2006:0293		     MD5: ee6f6ea8384e1d6e75e31a30167a44e0
openmotif21-2.1.30-9.RHEL3.6.i386.rpm
File outdated by:  RHBA-2006:0431		     MD5: 901cfdff883c390159e7510c7beb108d
openmotif21-2.1.30-9.RHEL3.6.ia64.rpm
File outdated by:  RHBA-2006:0431		     MD5: 0a0454015608b488ddb3c55d3278a14e
 
x86_64:
openmotif-2.2.3-5.RHEL3.2.i386.rpm
File outdated by:  RHBA-2006:0293		     MD5: 47c7fb4596b78c973deb7c2988808f96
openmotif-2.2.3-5.RHEL3.2.x86_64.rpm
File outdated by:  RHBA-2006:0293		     MD5: 72999fcdd0aa116594141125f1758bcc
openmotif-devel-2.2.3-5.RHEL3.2.x86_64.rpm
File outdated by:  RHBA-2006:0293		     MD5: 20dfdd4cb2f316fd525dbeff39546260
openmotif21-2.1.30-9.RHEL3.6.i386.rpm
File outdated by:  RHBA-2006:0431		     MD5: 901cfdff883c390159e7510c7beb108d
 
Red Hat Enterprise Linux ES (v. 4)
IA-32:
openmotif-2.2.3-9.RHEL4.1.i386.rpm
File outdated by:  RHBA-2009:0993		     MD5: 023cc76d475a1a73f62103b8179ad27e
openmotif-devel-2.2.3-9.RHEL4.1.i386.rpm
File outdated by:  RHBA-2009:0993		     MD5: d7eade810dfacc7de2ab529600974405
openmotif21-2.1.30-11.RHEL4.4.i386.rpm
File outdated by:  RHBA-2006:0432		     MD5: 47fa2a0391dd9117626c946888bbc675
 
IA-64:
openmotif-2.2.3-9.RHEL4.1.i386.rpm
File outdated by:  RHBA-2009:0993		     MD5: 023cc76d475a1a73f62103b8179ad27e
openmotif-2.2.3-9.RHEL4.1.ia64.rpm
File outdated by:  RHBA-2009:0993		     MD5: 908695c253844642ad38070cf17f7a58
openmotif-devel-2.2.3-9.RHEL4.1.ia64.rpm
File outdated by:  RHBA-2009:0993		     MD5: 8168147910ce21b4bc5f89dfb22dae83
openmotif21-2.1.30-11.RHEL4.4.i386.rpm
File outdated by:  RHBA-2006:0432		     MD5: 47fa2a0391dd9117626c946888bbc675
openmotif21-2.1.30-11.RHEL4.4.ia64.rpm
File outdated by:  RHBA-2006:0432		     MD5: 776371f184502bcf8b28d73701e580d5
 
x86_64:
openmotif-2.2.3-9.RHEL4.1.i386.rpm
File outdated by:  RHBA-2009:0993		     MD5: 023cc76d475a1a73f62103b8179ad27e
openmotif-2.2.3-9.RHEL4.1.x86_64.rpm
File outdated by:  RHBA-2009:0993		     MD5: bc3cfce66bea5a3b3900b4e7d07b3b90
openmotif-devel-2.2.3-9.RHEL4.1.x86_64.rpm
File outdated by:  RHBA-2009:0993		     MD5: e657eee7a31222a98c1f6b5da0c2d234
openmotif21-2.1.30-11.RHEL4.4.i386.rpm
File outdated by:  RHBA-2006:0432		     MD5: 47fa2a0391dd9117626c946888bbc675
 
Red Hat Enterprise Linux WS (v. 2.1)
IA-32:
openmotif-2.1.30-13.21AS.5.i386.rpm
File outdated by:  RHSA-2006:0272		     MD5: 82d4d85be0efd5e4611dcfd31cb2c782
openmotif-devel-2.1.30-13.21AS.5.i386.rpm
File outdated by:  RHSA-2006:0272		     MD5: a635c37af852402dd36090c8c4b74097
 
Red Hat Enterprise Linux WS (v. 3)
IA-32:
openmotif-2.2.3-5.RHEL3.2.i386.rpm
File outdated by:  RHBA-2006:0293		     MD5: 47c7fb4596b78c973deb7c2988808f96
openmotif-devel-2.2.3-5.RHEL3.2.i386.rpm
File outdated by:  RHBA-2006:0293		     MD5: c2bdacac09caeb13bc916b9e6213b24f
openmotif21-2.1.30-9.RHEL3.6.i386.rpm
File outdated by:  RHBA-2006:0431		     MD5: 901cfdff883c390159e7510c7beb108d
 
IA-64:
openmotif-2.2.3-5.RHEL3.2.i386.rpm
File outdated by:  RHBA-2006:0293		     MD5: 47c7fb4596b78c973deb7c2988808f96
openmotif-2.2.3-5.RHEL3.2.ia64.rpm
File outdated by:  RHBA-2006:0293		     MD5: ab4961edbf87f51127e6f491a4da9eea
openmotif-devel-2.2.3-5.RHEL3.2.ia64.rpm
File outdated by:  RHBA-2006:0293		     MD5: ee6f6ea8384e1d6e75e31a30167a44e0
openmotif21-2.1.30-9.RHEL3.6.i386.rpm
File outdated by:  RHBA-2006:0431		     MD5: 901cfdff883c390159e7510c7beb108d
openmotif21-2.1.30-9.RHEL3.6.ia64.rpm
File outdated by:  RHBA-2006:0431		     MD5: 0a0454015608b488ddb3c55d3278a14e
 
x86_64:
openmotif-2.2.3-5.RHEL3.2.i386.rpm
File outdated by:  RHBA-2006:0293		     MD5: 47c7fb4596b78c973deb7c2988808f96
openmotif-2.2.3-5.RHEL3.2.x86_64.rpm
File outdated by:  RHBA-2006:0293		     MD5: 72999fcdd0aa116594141125f1758bcc
openmotif-devel-2.2.3-5.RHEL3.2.x86_64.rpm
File outdated by:  RHBA-2006:0293		     MD5: 20dfdd4cb2f316fd525dbeff39546260
openmotif21-2.1.30-9.RHEL3.6.i386.rpm
File outdated by:  RHBA-2006:0431		     MD5: 901cfdff883c390159e7510c7beb108d
 
Red Hat Enterprise Linux WS (v. 4)
IA-32:
openmotif-2.2.3-9.RHEL4.1.i386.rpm
File outdated by:  RHBA-2009:0993		     MD5: 023cc76d475a1a73f62103b8179ad27e
openmotif-devel-2.2.3-9.RHEL4.1.i386.rpm
File outdated by:  RHBA-2009:0993		     MD5: d7eade810dfacc7de2ab529600974405
openmotif21-2.1.30-11.RHEL4.4.i386.rpm
File outdated by:  RHBA-2006:0432		     MD5: 47fa2a0391dd9117626c946888bbc675
 
IA-64:
openmotif-2.2.3-9.RHEL4.1.i386.rpm
File outdated by:  RHBA-2009:0993		     MD5: 023cc76d475a1a73f62103b8179ad27e
openmotif-2.2.3-9.RHEL4.1.ia64.rpm
File outdated by:  RHBA-2009:0993		     MD5: 908695c253844642ad38070cf17f7a58
openmotif-devel-2.2.3-9.RHEL4.1.ia64.rpm
File outdated by:  RHBA-2009:0993		     MD5: 8168147910ce21b4bc5f89dfb22dae83
openmotif21-2.1.30-11.RHEL4.4.i386.rpm
File outdated by:  RHBA-2006:0432		     MD5: 47fa2a0391dd9117626c946888bbc675
openmotif21-2.1.30-11.RHEL4.4.ia64.rpm
File outdated by:  RHBA-2006:0432		     MD5: 776371f184502bcf8b28d73701e580d5
 
x86_64:
openmotif-2.2.3-9.RHEL4.1.i386.rpm
File outdated by:  RHBA-2009:0993		     MD5: 023cc76d475a1a73f62103b8179ad27e
openmotif-2.2.3-9.RHEL4.1.x86_64.rpm
File outdated by:  RHBA-2009:0993		     MD5: bc3cfce66bea5a3b3900b4e7d07b3b90
openmotif-devel-2.2.3-9.RHEL4.1.x86_64.rpm
File outdated by:  RHBA-2009:0993		     MD5: e657eee7a31222a98c1f6b5da0c2d234
openmotif21-2.1.30-11.RHEL4.4.i386.rpm
File outdated by:  RHBA-2006:0432		     MD5: 47fa2a0391dd9117626c946888bbc675
 
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
IA-64:
openmotif-2.1.30-13.21AS.5.ia64.rpm
File outdated by:  RHSA-2006:0272		     MD5: 23a97afe7a12979b59436b7331e737e2
openmotif-devel-2.1.30-13.21AS.5.ia64.rpm
File outdated by:  RHSA-2006:0272		     MD5: 435170af1e8f72455a9a3ea0b99d991d
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

151641 - CAN-2005-0605 libxpm issue


References

https://www.redhat.com/security/data/cve/CVE-2005-0605.html

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/