Security Advisory Moderate: newt security update

Advisory: RHSA-2009:1463-1
Type: Security Advisory
Severity: Moderate
Issued on: 2009-09-24
Last updated on: 2009-09-24
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Desktop (v. 3)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux AS (v. 4.8.z)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux ES (v. 4.8.z)
Red Hat Enterprise Linux EUS (v. 5.4.z server)
Red Hat Enterprise Linux WS (v. 3)
Red Hat Enterprise Linux WS (v. 4)
OVAL: com.redhat.rhsa-20091463.xml
CVEs (cve.mitre.org): CVE-2009-2905

Details

Updated newt packages that fix one security issue are now available for Red
Hat Enterprise Linux 3, 4, and 5.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

Newt is a programming library for color text mode, widget-based user
interfaces. Newt can be used to add stacked windows, entry widgets,
checkboxes, radio buttons, labels, plain text fields, scrollbars, and so
on, to text mode user interfaces.

A heap-based buffer overflow flaw was found in the way newt processes
content that is to be displayed in a text dialog box. A local attacker
could issue a specially-crafted text dialog box display request (direct or
via a custom application), leading to a denial of service (application
crash) or, potentially, arbitrary code execution with the privileges of the
user running the application using the newt library. (CVE-2009-2905)

Users of newt should upgrade to these updated packages, which contain a
backported patch to correct this issue. After installing the updated
packages, all applications using the newt library must be restarted for the
update to take effect.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Updated packages

RHEL Desktop Workstation (v. 5 client)
SRPMS:
newt-0.52.2-12.el5_4.1.src.rpm     6c3546c9cf5b79ab9c9ed21fa4861d7a
 
IA-32:
newt-devel-0.52.2-12.el5_4.1.i386.rpm     027ed590e4a620043ea600259d0f2bd4
 
x86_64:
newt-devel-0.52.2-12.el5_4.1.i386.rpm     027ed590e4a620043ea600259d0f2bd4
newt-devel-0.52.2-12.el5_4.1.x86_64.rpm     3eac67411072b43285b8d29e68d53057
 
Red Hat Desktop (v. 3)
SRPMS:
newt-0.51.5-2.el3.src.rpm     461e6f6e5dc153b6e589d81278299aff
 
IA-32:
newt-0.51.5-2.el3.i386.rpm     a53a71df8812da0a53117e6309bdcb4b
newt-devel-0.51.5-2.el3.i386.rpm     cd7ed7319889bfbae96ec4d49bd81fef
 
x86_64:
newt-0.51.5-2.el3.i386.rpm     a53a71df8812da0a53117e6309bdcb4b
newt-0.51.5-2.el3.x86_64.rpm     7e3a85847e6e2cd0722d492f8f4d259f
newt-devel-0.51.5-2.el3.x86_64.rpm     ae14a72c5ce33f2904cc5fb9951689ac
 
Red Hat Desktop (v. 4)
SRPMS:
newt-0.51.6-10.el4_8.1.src.rpm     de6e64f40c68718ea54c3f0f8c4d5a6a
 
IA-32:
newt-0.51.6-10.el4_8.1.i386.rpm     73e93e5a5b2b910ac41f3c99d7ae655b
newt-devel-0.51.6-10.el4_8.1.i386.rpm     768c36e418389f07cfa794150d710116
 
x86_64:
newt-0.51.6-10.el4_8.1.i386.rpm     73e93e5a5b2b910ac41f3c99d7ae655b
newt-0.51.6-10.el4_8.1.x86_64.rpm     00ca31c4c34e6a43dda44ccaeffc4e17
newt-devel-0.51.6-10.el4_8.1.x86_64.rpm     a04e1b5cd8d4ec773e9cf6c3bde451cb
 
Red Hat Enterprise Linux (v. 5 server)
SRPMS:
newt-0.52.2-12.el5_4.1.src.rpm     6c3546c9cf5b79ab9c9ed21fa4861d7a
 
IA-32:
newt-0.52.2-12.el5_4.1.i386.rpm     1dbcf7b9cca5adb08d800eabd6be8fb6
newt-devel-0.52.2-12.el5_4.1.i386.rpm     027ed590e4a620043ea600259d0f2bd4
 
IA-64:
newt-0.52.2-12.el5_4.1.ia64.rpm     59624e38e96ec18e39b262095a402995
newt-devel-0.52.2-12.el5_4.1.ia64.rpm     3a24352ce675cc9bff0eb5f75a8679cf
 
PPC:
newt-0.52.2-12.el5_4.1.ppc.rpm     92e7a9918c19aa28defea2fb9005594a
newt-0.52.2-12.el5_4.1.ppc64.rpm     dce580123a633622398a69eedf27d040
newt-devel-0.52.2-12.el5_4.1.ppc.rpm     d70e3f3b6fcc5e039b58ea6243ff4043
newt-devel-0.52.2-12.el5_4.1.ppc64.rpm     e8563b9d65ead9db4e4b1c4a4660624a
 
s390x:
newt-0.52.2-12.el5_4.1.s390.rpm     8e9210d8aa341e94aa52eedde6ce96c7
newt-0.52.2-12.el5_4.1.s390x.rpm     bd99fe05c42b6a3d50224ae7bd4bead1
newt-devel-0.52.2-12.el5_4.1.s390.rpm     c709b0826bb6f52a6f707bfc29c6173e
newt-devel-0.52.2-12.el5_4.1.s390x.rpm     60064572fa10e87bd47784939369a8a9
 
x86_64:
newt-0.52.2-12.el5_4.1.i386.rpm     1dbcf7b9cca5adb08d800eabd6be8fb6
newt-0.52.2-12.el5_4.1.x86_64.rpm     7649231006d96ba6fce8ffadd6562f83
newt-devel-0.52.2-12.el5_4.1.i386.rpm     027ed590e4a620043ea600259d0f2bd4
newt-devel-0.52.2-12.el5_4.1.x86_64.rpm     3eac67411072b43285b8d29e68d53057
 
Red Hat Enterprise Linux AS (v. 3)
SRPMS:
newt-0.51.5-2.el3.src.rpm     461e6f6e5dc153b6e589d81278299aff
 
IA-32:
newt-0.51.5-2.el3.i386.rpm     a53a71df8812da0a53117e6309bdcb4b
newt-devel-0.51.5-2.el3.i386.rpm     cd7ed7319889bfbae96ec4d49bd81fef
 
IA-64:
newt-0.51.5-2.el3.i386.rpm     a53a71df8812da0a53117e6309bdcb4b
newt-0.51.5-2.el3.ia64.rpm     173cb34e6b4271d4192f64dd201b4afe
newt-devel-0.51.5-2.el3.ia64.rpm     55fa4c773e2921d80d62a510788d85e5
 
PPC:
newt-0.51.5-2.el3.ppc.rpm     cea37b89061683a46bf5175a79a92664
newt-0.51.5-2.el3.ppc64.rpm     a9056f175feed1658ddcad26cbbe30d2
newt-devel-0.51.5-2.el3.ppc.rpm     e35b0e434f8a8dda516db350012a3fda
 
s390:
newt-0.51.5-2.el3.s390.rpm     6e012666a4c86b346cef761aec61978a
newt-devel-0.51.5-2.el3.s390.rpm     c59634ed3f606380e9d54a79f9e28b25
 
s390x:
newt-0.51.5-2.el3.s390.rpm     6e012666a4c86b346cef761aec61978a
newt-0.51.5-2.el3.s390x.rpm     f35cbdeebef163c61a83a8d8cbf6bec9
newt-devel-0.51.5-2.el3.s390x.rpm     b9482e114c08d7b656a6fdcefff31fef
 
x86_64:
newt-0.51.5-2.el3.i386.rpm     a53a71df8812da0a53117e6309bdcb4b
newt-0.51.5-2.el3.x86_64.rpm     7e3a85847e6e2cd0722d492f8f4d259f
newt-devel-0.51.5-2.el3.x86_64.rpm     ae14a72c5ce33f2904cc5fb9951689ac
 
Red Hat Enterprise Linux AS (v. 4)
SRPMS:
newt-0.51.6-10.el4_8.1.src.rpm     de6e64f40c68718ea54c3f0f8c4d5a6a
 
IA-32:
newt-0.51.6-10.el4_8.1.i386.rpm     73e93e5a5b2b910ac41f3c99d7ae655b
newt-devel-0.51.6-10.el4_8.1.i386.rpm     768c36e418389f07cfa794150d710116
 
IA-64:
newt-0.51.6-10.el4_8.1.i386.rpm     73e93e5a5b2b910ac41f3c99d7ae655b
newt-0.51.6-10.el4_8.1.ia64.rpm     c0cf48211e46a56a47763a1b75980c89
newt-devel-0.51.6-10.el4_8.1.ia64.rpm     a76f0b2c6e5d2d918e1fb3e25293264b
 
PPC:
newt-0.51.6-10.el4_8.1.ppc.rpm     827d060d0641e37bddbb9f4284977375
newt-0.51.6-10.el4_8.1.ppc64.rpm     a4ff28756e46fea7c0ce6232653d8c2d
newt-devel-0.51.6-10.el4_8.1.ppc.rpm     7d2ffc27053e48c0a20c69c2fbe6386b
 
s390:
newt-0.51.6-10.el4_8.1.s390.rpm     f61ec375bd26c84a34454471c527a744
newt-devel-0.51.6-10.el4_8.1.s390.rpm     28cb2a12d2b8619efa3f9582d636ef9c
 
s390x:
newt-0.51.6-10.el4_8.1.s390.rpm     f61ec375bd26c84a34454471c527a744
newt-0.51.6-10.el4_8.1.s390x.rpm     5121d4fee68136d4ade0d147d1caab1f
newt-devel-0.51.6-10.el4_8.1.s390x.rpm     6cf48a0e594eb91534a17c27307e8627
 
x86_64:
newt-0.51.6-10.el4_8.1.i386.rpm     73e93e5a5b2b910ac41f3c99d7ae655b
newt-0.51.6-10.el4_8.1.x86_64.rpm     00ca31c4c34e6a43dda44ccaeffc4e17
newt-devel-0.51.6-10.el4_8.1.x86_64.rpm     a04e1b5cd8d4ec773e9cf6c3bde451cb
 
Red Hat Enterprise Linux AS (v. 4.8.z)
SRPMS:
newt-0.51.6-10.el4_8.1.src.rpm     de6e64f40c68718ea54c3f0f8c4d5a6a
 
IA-32:
newt-0.51.6-10.el4_8.1.i386.rpm     73e93e5a5b2b910ac41f3c99d7ae655b
newt-devel-0.51.6-10.el4_8.1.i386.rpm     768c36e418389f07cfa794150d710116
 
IA-64:
newt-0.51.6-10.el4_8.1.i386.rpm     73e93e5a5b2b910ac41f3c99d7ae655b
newt-0.51.6-10.el4_8.1.ia64.rpm     c0cf48211e46a56a47763a1b75980c89
newt-devel-0.51.6-10.el4_8.1.ia64.rpm     a76f0b2c6e5d2d918e1fb3e25293264b
 
PPC:
newt-0.51.6-10.el4_8.1.ppc.rpm     827d060d0641e37bddbb9f4284977375
newt-0.51.6-10.el4_8.1.ppc64.rpm     a4ff28756e46fea7c0ce6232653d8c2d
newt-devel-0.51.6-10.el4_8.1.ppc.rpm     7d2ffc27053e48c0a20c69c2fbe6386b
 
s390:
newt-0.51.6-10.el4_8.1.s390.rpm     f61ec375bd26c84a34454471c527a744
newt-devel-0.51.6-10.el4_8.1.s390.rpm     28cb2a12d2b8619efa3f9582d636ef9c
 
s390x:
newt-0.51.6-10.el4_8.1.s390.rpm     f61ec375bd26c84a34454471c527a744
newt-0.51.6-10.el4_8.1.s390x.rpm     5121d4fee68136d4ade0d147d1caab1f
newt-devel-0.51.6-10.el4_8.1.s390x.rpm     6cf48a0e594eb91534a17c27307e8627
 
x86_64:
newt-0.51.6-10.el4_8.1.i386.rpm     73e93e5a5b2b910ac41f3c99d7ae655b
newt-0.51.6-10.el4_8.1.x86_64.rpm     00ca31c4c34e6a43dda44ccaeffc4e17
newt-devel-0.51.6-10.el4_8.1.x86_64.rpm     a04e1b5cd8d4ec773e9cf6c3bde451cb
 
Red Hat Enterprise Linux Desktop (v. 5 client)
SRPMS:
newt-0.52.2-12.el5_4.1.src.rpm     6c3546c9cf5b79ab9c9ed21fa4861d7a
 
IA-32:
newt-0.52.2-12.el5_4.1.i386.rpm     1dbcf7b9cca5adb08d800eabd6be8fb6
 
x86_64:
newt-0.52.2-12.el5_4.1.i386.rpm     1dbcf7b9cca5adb08d800eabd6be8fb6
newt-0.52.2-12.el5_4.1.x86_64.rpm     7649231006d96ba6fce8ffadd6562f83
 
Red Hat Enterprise Linux ES (v. 3)
SRPMS:
newt-0.51.5-2.el3.src.rpm     461e6f6e5dc153b6e589d81278299aff
 
IA-32:
newt-0.51.5-2.el3.i386.rpm     a53a71df8812da0a53117e6309bdcb4b
newt-devel-0.51.5-2.el3.i386.rpm     cd7ed7319889bfbae96ec4d49bd81fef
 
IA-64:
newt-0.51.5-2.el3.i386.rpm     a53a71df8812da0a53117e6309bdcb4b
newt-0.51.5-2.el3.ia64.rpm     173cb34e6b4271d4192f64dd201b4afe
newt-devel-0.51.5-2.el3.ia64.rpm     55fa4c773e2921d80d62a510788d85e5
 
x86_64:
newt-0.51.5-2.el3.i386.rpm     a53a71df8812da0a53117e6309bdcb4b
newt-0.51.5-2.el3.x86_64.rpm     7e3a85847e6e2cd0722d492f8f4d259f
newt-devel-0.51.5-2.el3.x86_64.rpm     ae14a72c5ce33f2904cc5fb9951689ac
 
Red Hat Enterprise Linux ES (v. 4)
SRPMS:
newt-0.51.6-10.el4_8.1.src.rpm     de6e64f40c68718ea54c3f0f8c4d5a6a
 
IA-32:
newt-0.51.6-10.el4_8.1.i386.rpm     73e93e5a5b2b910ac41f3c99d7ae655b
newt-devel-0.51.6-10.el4_8.1.i386.rpm     768c36e418389f07cfa794150d710116
 
IA-64:
newt-0.51.6-10.el4_8.1.i386.rpm     73e93e5a5b2b910ac41f3c99d7ae655b
newt-0.51.6-10.el4_8.1.ia64.rpm     c0cf48211e46a56a47763a1b75980c89
newt-devel-0.51.6-10.el4_8.1.ia64.rpm     a76f0b2c6e5d2d918e1fb3e25293264b
 
x86_64:
newt-0.51.6-10.el4_8.1.i386.rpm     73e93e5a5b2b910ac41f3c99d7ae655b
newt-0.51.6-10.el4_8.1.x86_64.rpm     00ca31c4c34e6a43dda44ccaeffc4e17
newt-devel-0.51.6-10.el4_8.1.x86_64.rpm     a04e1b5cd8d4ec773e9cf6c3bde451cb
 
Red Hat Enterprise Linux ES (v. 4.8.z)
SRPMS:
newt-0.51.6-10.el4_8.1.src.rpm     de6e64f40c68718ea54c3f0f8c4d5a6a
 
IA-32:
newt-0.51.6-10.el4_8.1.i386.rpm     73e93e5a5b2b910ac41f3c99d7ae655b
newt-devel-0.51.6-10.el4_8.1.i386.rpm     768c36e418389f07cfa794150d710116
 
IA-64:
newt-0.51.6-10.el4_8.1.i386.rpm     73e93e5a5b2b910ac41f3c99d7ae655b
newt-0.51.6-10.el4_8.1.ia64.rpm     c0cf48211e46a56a47763a1b75980c89
newt-devel-0.51.6-10.el4_8.1.ia64.rpm     a76f0b2c6e5d2d918e1fb3e25293264b
 
x86_64:
newt-0.51.6-10.el4_8.1.i386.rpm     73e93e5a5b2b910ac41f3c99d7ae655b
newt-0.51.6-10.el4_8.1.x86_64.rpm     00ca31c4c34e6a43dda44ccaeffc4e17
newt-devel-0.51.6-10.el4_8.1.x86_64.rpm     a04e1b5cd8d4ec773e9cf6c3bde451cb
 
Red Hat Enterprise Linux EUS (v. 5.4.z server)
SRPMS:
newt-0.52.2-12.el5_4.1.src.rpm     6c3546c9cf5b79ab9c9ed21fa4861d7a
 
IA-32:
newt-0.52.2-12.el5_4.1.i386.rpm     1dbcf7b9cca5adb08d800eabd6be8fb6
newt-devel-0.52.2-12.el5_4.1.i386.rpm     027ed590e4a620043ea600259d0f2bd4
 
IA-64:
newt-0.52.2-12.el5_4.1.ia64.rpm     59624e38e96ec18e39b262095a402995
newt-devel-0.52.2-12.el5_4.1.ia64.rpm     3a24352ce675cc9bff0eb5f75a8679cf
 
PPC:
newt-0.52.2-12.el5_4.1.ppc.rpm     92e7a9918c19aa28defea2fb9005594a
newt-0.52.2-12.el5_4.1.ppc64.rpm     dce580123a633622398a69eedf27d040
newt-devel-0.52.2-12.el5_4.1.ppc.rpm     d70e3f3b6fcc5e039b58ea6243ff4043
newt-devel-0.52.2-12.el5_4.1.ppc64.rpm     e8563b9d65ead9db4e4b1c4a4660624a
 
s390x:
newt-0.52.2-12.el5_4.1.s390.rpm     8e9210d8aa341e94aa52eedde6ce96c7
newt-0.52.2-12.el5_4.1.s390x.rpm     bd99fe05c42b6a3d50224ae7bd4bead1
newt-devel-0.52.2-12.el5_4.1.s390.rpm     c709b0826bb6f52a6f707bfc29c6173e
newt-devel-0.52.2-12.el5_4.1.s390x.rpm     60064572fa10e87bd47784939369a8a9
 
x86_64:
newt-0.52.2-12.el5_4.1.i386.rpm     1dbcf7b9cca5adb08d800eabd6be8fb6
newt-0.52.2-12.el5_4.1.x86_64.rpm     7649231006d96ba6fce8ffadd6562f83
newt-devel-0.52.2-12.el5_4.1.i386.rpm     027ed590e4a620043ea600259d0f2bd4
newt-devel-0.52.2-12.el5_4.1.x86_64.rpm     3eac67411072b43285b8d29e68d53057
 
Red Hat Enterprise Linux WS (v. 3)
SRPMS:
newt-0.51.5-2.el3.src.rpm     461e6f6e5dc153b6e589d81278299aff
 
IA-32:
newt-0.51.5-2.el3.i386.rpm     a53a71df8812da0a53117e6309bdcb4b
newt-devel-0.51.5-2.el3.i386.rpm     cd7ed7319889bfbae96ec4d49bd81fef
 
IA-64:
newt-0.51.5-2.el3.i386.rpm     a53a71df8812da0a53117e6309bdcb4b
newt-0.51.5-2.el3.ia64.rpm     173cb34e6b4271d4192f64dd201b4afe
newt-devel-0.51.5-2.el3.ia64.rpm     55fa4c773e2921d80d62a510788d85e5
 
x86_64:
newt-0.51.5-2.el3.i386.rpm     a53a71df8812da0a53117e6309bdcb4b
newt-0.51.5-2.el3.x86_64.rpm     7e3a85847e6e2cd0722d492f8f4d259f
newt-devel-0.51.5-2.el3.x86_64.rpm     ae14a72c5ce33f2904cc5fb9951689ac
 
Red Hat Enterprise Linux WS (v. 4)
SRPMS:
newt-0.51.6-10.el4_8.1.src.rpm     de6e64f40c68718ea54c3f0f8c4d5a6a
 
IA-32:
newt-0.51.6-10.el4_8.1.i386.rpm     73e93e5a5b2b910ac41f3c99d7ae655b
newt-devel-0.51.6-10.el4_8.1.i386.rpm     768c36e418389f07cfa794150d710116
 
IA-64:
newt-0.51.6-10.el4_8.1.i386.rpm     73e93e5a5b2b910ac41f3c99d7ae655b
newt-0.51.6-10.el4_8.1.ia64.rpm     c0cf48211e46a56a47763a1b75980c89
newt-devel-0.51.6-10.el4_8.1.ia64.rpm     a76f0b2c6e5d2d918e1fb3e25293264b
 
x86_64:
newt-0.51.6-10.el4_8.1.i386.rpm     73e93e5a5b2b910ac41f3c99d7ae655b
newt-0.51.6-10.el4_8.1.x86_64.rpm     00ca31c4c34e6a43dda44ccaeffc4e17
newt-devel-0.51.6-10.el4_8.1.x86_64.rpm     a04e1b5cd8d4ec773e9cf6c3bde451cb
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

523955 - CVE-2009-2905 newt: heap-overflow in textbox when text reflowing


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2905
http://www.redhat.com/security/updates/classification/#moderate

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/