MDVSA-2009:249-1
- Package name
- newt
- Date
- 2009-12-05
- Advisory ID
- MDVSA-2009:249-1
- Affected versions
- 2008.0 i586 , 2008.0 x86_64
Problem description
A vulnerability was discovered and corrected in newt:
A heap-based buffer overflow flaw was found in the way newt processes
content that is to be displayed in a text dialog box. A local attacker
could issue a specially-crafted text dialog box display request
(direct or via a custom application), leading to a denial of service
(application crash) or, potentially, arbitrary code execution with the
privileges of the user running the application using the newt library
(CVE-2009-2905).
This update provides a solution to this vulnerability.
Update:
Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers
Updated packages
2008.0 i586
654a1c3c587c6a5a14e6f4d23e890483 2008.0/i586/libnewt0.52-0.52.6-3.1mdv2008.0.i586.rpm f0942a5df8fa536a02126f4034d3e53f 2008.0/i586/libnewt0.52-devel-0.52.6-3.1mdv2008.0.i586.rpm 0ce830ecabb85460249e58f53d1fe2c9 2008.0/i586/newt-0.52.6-3.1mdv2008.0.i586.rpm 228d192869250f150207ce14e8374fec 2008.0/SRPMS/newt-0.52.6-3.1mdv2008.0.src.rpm
2008.0 x86_64
889b8c64d20e91ae4e05d0c7945cd45e 2008.0/x86_64/lib64newt0.52-0.52.6-3.1mdv2008.0.x86_64.rpm 57e8e2c4cffe147722dbc4a0054459c9 2008.0/x86_64/lib64newt0.52-devel-0.52.6-3.1mdv2008.0.x86_64.rpm d960d8c779078deea2e6c33b70b9685d 2008.0/x86_64/newt-0.52.6-3.1mdv2008.0.x86_64.rpm 228d192869250f150207ce14e8374fec 2008.0/SRPMS/newt-0.52.6-3.1mdv2008.0.src.rpm