LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Red Hat alert RHSA-2005:412-01 (openmotif)



From:
    	      bugzilla@redhat.com


To:
    	      enterprise-watch-list@redhat.com


Subject:
    	      [RHSA-2005:412-01] Moderate: openmotif security update


Date:
    	      Wed, 11 May 2005 11:29 -0400


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Moderate: openmotif security update
Advisory ID:       RHSA-2005:412-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2005-412.html
Issue date:        2005-05-11
Updated on:        2005-05-11
Product:           Red Hat Enterprise Linux
CVE Names:         CAN-2005-0605
- ---------------------------------------------------------------------

1. Summary:

Updated openmotif packages that fix a flaw in the Xpm image library are now
available.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

OpenMotif provides libraries which implement the Motif industry standard
graphical user interface.  

An integer overflow flaw was found in libXpm, which is used to decode XPM
(X PixMap) images.  A vulnerable version of this library was
found within OpenMotif.  An attacker could create a carefully crafted XPM
file which would cause an application to crash or potentially execute
arbitrary code if opened by a victim.  The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2005-0605 to
this issue.

Users of OpenMotif are advised to upgrade to these erratum packages, which
contains a backported security patch to the embedded libXpm library.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  Use Red Hat
Network to download and update your packages.  To launch the Red Hat
Update Agent, use the following command:

    up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

    http://www.redhat.com/docs/manuals/enterprise/

5. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/ope...
fc696f8839bf611ea0f3ea23fa2abbc1  openmotif-2.1.30-13.21AS.5.src.rpm

i386:
82d4d85be0efd5e4611dcfd31cb2c782  openmotif-2.1.30-13.21AS.5.i386.rpm
a635c37af852402dd36090c8c4b74097  openmotif-devel-2.1.30-13.21AS.5.i386.rpm

ia64:
23a97afe7a12979b59436b7331e737e2  openmotif-2.1.30-13.21AS.5.ia64.rpm
435170af1e8f72455a9a3ea0b99d991d  openmotif-devel-2.1.30-13.21AS.5.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/ope...
fc696f8839bf611ea0f3ea23fa2abbc1  openmotif-2.1.30-13.21AS.5.src.rpm

ia64:
23a97afe7a12979b59436b7331e737e2  openmotif-2.1.30-13.21AS.5.ia64.rpm
435170af1e8f72455a9a3ea0b99d991d  openmotif-devel-2.1.30-13.21AS.5.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/ope...
fc696f8839bf611ea0f3ea23fa2abbc1  openmotif-2.1.30-13.21AS.5.src.rpm

i386:
82d4d85be0efd5e4611dcfd31cb2c782  openmotif-2.1.30-13.21AS.5.i386.rpm
a635c37af852402dd36090c8c4b74097  openmotif-devel-2.1.30-13.21AS.5.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/ope...
fc696f8839bf611ea0f3ea23fa2abbc1  openmotif-2.1.30-13.21AS.5.src.rpm

i386:
82d4d85be0efd5e4611dcfd31cb2c782  openmotif-2.1.30-13.21AS.5.i386.rpm
a635c37af852402dd36090c8c4b74097  openmotif-devel-2.1.30-13.21AS.5.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/openm...
3cd7bf76e1135f650e80ca6522412c69  openmotif-2.2.3-5.RHEL3.2.src.rpm
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/openm...
fc9c3cdfe2888fbb732ebe1e2a4af65f  openmotif21-2.1.30-9.RHEL3.6.src.rpm

i386:
47c7fb4596b78c973deb7c2988808f96  openmotif-2.2.3-5.RHEL3.2.i386.rpm
c2bdacac09caeb13bc916b9e6213b24f  openmotif-devel-2.2.3-5.RHEL3.2.i386.rpm
901cfdff883c390159e7510c7beb108d  openmotif21-2.1.30-9.RHEL3.6.i386.rpm

ia64:
ab4961edbf87f51127e6f491a4da9eea  openmotif-2.2.3-5.RHEL3.2.ia64.rpm
47c7fb4596b78c973deb7c2988808f96  openmotif-2.2.3-5.RHEL3.2.i386.rpm
ee6f6ea8384e1d6e75e31a30167a44e0  openmotif-devel-2.2.3-5.RHEL3.2.ia64.rpm
0a0454015608b488ddb3c55d3278a14e  openmotif21-2.1.30-9.RHEL3.6.ia64.rpm
901cfdff883c390159e7510c7beb108d  openmotif21-2.1.30-9.RHEL3.6.i386.rpm

ppc:
aa579c6cd9b990c200649c8e486080a6  openmotif-2.2.3-5.RHEL3.2.ppc.rpm
b20b1e8f68630389cb394bfb7c40155f  openmotif-2.2.3-5.RHEL3.2.ppc64.rpm
5ce626584cb7aa546f5fcd10f6c56a19  openmotif-devel-2.2.3-5.RHEL3.2.ppc.rpm

s390:
08b1bea796c5d86b014b567edb5087cc  openmotif-2.2.3-5.RHEL3.2.s390.rpm
cc2134a36b90a4359698f6c1999c1425  openmotif-devel-2.2.3-5.RHEL3.2.s390.rpm

s390x:
bd621dc1992af0815be37a0f63d446e8  openmotif-2.2.3-5.RHEL3.2.s390x.rpm
08b1bea796c5d86b014b567edb5087cc  openmotif-2.2.3-5.RHEL3.2.s390.rpm
86c61331a3388af93c39cd5e823595cd  openmotif-devel-2.2.3-5.RHEL3.2.s390x.rpm

x86_64:
72999fcdd0aa116594141125f1758bcc  openmotif-2.2.3-5.RHEL3.2.x86_64.rpm
47c7fb4596b78c973deb7c2988808f96  openmotif-2.2.3-5.RHEL3.2.i386.rpm
20dfdd4cb2f316fd525dbeff39546260  openmotif-devel-2.2.3-5.RHEL3.2.x86_64.rpm
901cfdff883c390159e7510c7beb108d  openmotif21-2.1.30-9.RHEL3.6.i386.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/...
3cd7bf76e1135f650e80ca6522412c69  openmotif-2.2.3-5.RHEL3.2.src.rpm
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/...
fc9c3cdfe2888fbb732ebe1e2a4af65f  openmotif21-2.1.30-9.RHEL3.6.src.rpm

i386:
47c7fb4596b78c973deb7c2988808f96  openmotif-2.2.3-5.RHEL3.2.i386.rpm
c2bdacac09caeb13bc916b9e6213b24f  openmotif-devel-2.2.3-5.RHEL3.2.i386.rpm
901cfdff883c390159e7510c7beb108d  openmotif21-2.1.30-9.RHEL3.6.i386.rpm

x86_64:
72999fcdd0aa116594141125f1758bcc  openmotif-2.2.3-5.RHEL3.2.x86_64.rpm
47c7fb4596b78c973deb7c2988808f96  openmotif-2.2.3-5.RHEL3.2.i386.rpm
20dfdd4cb2f316fd525dbeff39546260  openmotif-devel-2.2.3-5.RHEL3.2.x86_64.rpm
901cfdff883c390159e7510c7beb108d  openmotif21-2.1.30-9.RHEL3.6.i386.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/openm...
3cd7bf76e1135f650e80ca6522412c69  openmotif-2.2.3-5.RHEL3.2.src.rpm
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/openm...
fc9c3cdfe2888fbb732ebe1e2a4af65f  openmotif21-2.1.30-9.RHEL3.6.src.rpm

i386:
47c7fb4596b78c973deb7c2988808f96  openmotif-2.2.3-5.RHEL3.2.i386.rpm
c2bdacac09caeb13bc916b9e6213b24f  openmotif-devel-2.2.3-5.RHEL3.2.i386.rpm
901cfdff883c390159e7510c7beb108d  openmotif21-2.1.30-9.RHEL3.6.i386.rpm

ia64:
47c7fb4596b78c973deb7c2988808f96  openmotif-2.2.3-5.RHEL3.2.i386.rpm
ab4961edbf87f51127e6f491a4da9eea  openmotif-2.2.3-5.RHEL3.2.ia64.rpm
ee6f6ea8384e1d6e75e31a30167a44e0  openmotif-devel-2.2.3-5.RHEL3.2.ia64.rpm
0a0454015608b488ddb3c55d3278a14e  openmotif21-2.1.30-9.RHEL3.6.ia64.rpm
901cfdff883c390159e7510c7beb108d  openmotif21-2.1.30-9.RHEL3.6.i386.rpm

x86_64:
72999fcdd0aa116594141125f1758bcc  openmotif-2.2.3-5.RHEL3.2.x86_64.rpm
47c7fb4596b78c973deb7c2988808f96  openmotif-2.2.3-5.RHEL3.2.i386.rpm
20dfdd4cb2f316fd525dbeff39546260  openmotif-devel-2.2.3-5.RHEL3.2.x86_64.rpm
901cfdff883c390159e7510c7beb108d  openmotif21-2.1.30-9.RHEL3.6.i386.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/openm...
3cd7bf76e1135f650e80ca6522412c69  openmotif-2.2.3-5.RHEL3.2.src.rpm
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/openm...
fc9c3cdfe2888fbb732ebe1e2a4af65f  openmotif21-2.1.30-9.RHEL3.6.src.rpm

i386:
47c7fb4596b78c973deb7c2988808f96  openmotif-2.2.3-5.RHEL3.2.i386.rpm
c2bdacac09caeb13bc916b9e6213b24f  openmotif-devel-2.2.3-5.RHEL3.2.i386.rpm
901cfdff883c390159e7510c7beb108d  openmotif21-2.1.30-9.RHEL3.6.i386.rpm

ia64:
ab4961edbf87f51127e6f491a4da9eea  openmotif-2.2.3-5.RHEL3.2.ia64.rpm
47c7fb4596b78c973deb7c2988808f96  openmotif-2.2.3-5.RHEL3.2.i386.rpm
ee6f6ea8384e1d6e75e31a30167a44e0  openmotif-devel-2.2.3-5.RHEL3.2.ia64.rpm
0a0454015608b488ddb3c55d3278a14e  openmotif21-2.1.30-9.RHEL3.6.ia64.rpm
901cfdff883c390159e7510c7beb108d  openmotif21-2.1.30-9.RHEL3.6.i386.rpm

x86_64:
72999fcdd0aa116594141125f1758bcc  openmotif-2.2.3-5.RHEL3.2.x86_64.rpm
47c7fb4596b78c973deb7c2988808f96  openmotif-2.2.3-5.RHEL3.2.i386.rpm
20dfdd4cb2f316fd525dbeff39546260  openmotif-devel-2.2.3-5.RHEL3.2.x86_64.rpm
901cfdff883c390159e7510c7beb108d  openmotif21-2.1.30-9.RHEL3.6.i386.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/openm...
33a7a4ad7fe6ec6960f4ec09972954c8  openmotif-2.2.3-9.RHEL4.1.src.rpm
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/openm...
36c7d95bc2d6cedec3ada3eeb575def1  openmotif21-2.1.30-11.RHEL4.4.src.rpm

i386:
023cc76d475a1a73f62103b8179ad27e  openmotif-2.2.3-9.RHEL4.1.i386.rpm
d7eade810dfacc7de2ab529600974405  openmotif-devel-2.2.3-9.RHEL4.1.i386.rpm
47fa2a0391dd9117626c946888bbc675  openmotif21-2.1.30-11.RHEL4.4.i386.rpm

ia64:
908695c253844642ad38070cf17f7a58  openmotif-2.2.3-9.RHEL4.1.ia64.rpm
023cc76d475a1a73f62103b8179ad27e  openmotif-2.2.3-9.RHEL4.1.i386.rpm
8168147910ce21b4bc5f89dfb22dae83  openmotif-devel-2.2.3-9.RHEL4.1.ia64.rpm
776371f184502bcf8b28d73701e580d5  openmotif21-2.1.30-11.RHEL4.4.ia64.rpm
47fa2a0391dd9117626c946888bbc675  openmotif21-2.1.30-11.RHEL4.4.i386.rpm

ppc:
c332f25632c26bf2b5d55960bc93f9c1  openmotif-2.2.3-9.RHEL4.1.ppc.rpm
4f98953c059ffe207e12159128927006  openmotif-2.2.3-9.RHEL4.1.ppc64.rpm
5c96da3bcfbc5cfd01a60bc0a3ee8e0c  openmotif-devel-2.2.3-9.RHEL4.1.ppc.rpm

s390:
4f764a6ad8dc046b16b578c71a9dd733  openmotif-2.2.3-9.RHEL4.1.s390.rpm
e9f3bd11e16b08fb2d87d052f90923bc  openmotif-devel-2.2.3-9.RHEL4.1.s390.rpm

s390x:
4e2615987a0ab95371f0d979db6eff0d  openmotif-2.2.3-9.RHEL4.1.s390x.rpm
4f764a6ad8dc046b16b578c71a9dd733  openmotif-2.2.3-9.RHEL4.1.s390.rpm
52affcfcf476d51deaa3fd775aa5646b  openmotif-devel-2.2.3-9.RHEL4.1.s390x.rpm

x86_64:
bc3cfce66bea5a3b3900b4e7d07b3b90  openmotif-2.2.3-9.RHEL4.1.x86_64.rpm
023cc76d475a1a73f62103b8179ad27e  openmotif-2.2.3-9.RHEL4.1.i386.rpm
e657eee7a31222a98c1f6b5da0c2d234  openmotif-devel-2.2.3-9.RHEL4.1.x86_64.rpm
47fa2a0391dd9117626c946888bbc675  openmotif21-2.1.30-11.RHEL4.4.i386.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/...
33a7a4ad7fe6ec6960f4ec09972954c8  openmotif-2.2.3-9.RHEL4.1.src.rpm
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/...
36c7d95bc2d6cedec3ada3eeb575def1  openmotif21-2.1.30-11.RHEL4.4.src.rpm

i386:
023cc76d475a1a73f62103b8179ad27e  openmotif-2.2.3-9.RHEL4.1.i386.rpm
d7eade810dfacc7de2ab529600974405  openmotif-devel-2.2.3-9.RHEL4.1.i386.rpm
47fa2a0391dd9117626c946888bbc675  openmotif21-2.1.30-11.RHEL4.4.i386.rpm

x86_64:
bc3cfce66bea5a3b3900b4e7d07b3b90  openmotif-2.2.3-9.RHEL4.1.x86_64.rpm
023cc76d475a1a73f62103b8179ad27e  openmotif-2.2.3-9.RHEL4.1.i386.rpm
e657eee7a31222a98c1f6b5da0c2d234  openmotif-devel-2.2.3-9.RHEL4.1.x86_64.rpm
47fa2a0391dd9117626c946888bbc675  openmotif21-2.1.30-11.RHEL4.4.i386.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/openm...
33a7a4ad7fe6ec6960f4ec09972954c8  openmotif-2.2.3-9.RHEL4.1.src.rpm
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/openm...
36c7d95bc2d6cedec3ada3eeb575def1  openmotif21-2.1.30-11.RHEL4.4.src.rpm

i386:
023cc76d475a1a73f62103b8179ad27e  openmotif-2.2.3-9.RHEL4.1.i386.rpm
d7eade810dfacc7de2ab529600974405  openmotif-devel-2.2.3-9.RHEL4.1.i386.rpm
47fa2a0391dd9117626c946888bbc675  openmotif21-2.1.30-11.RHEL4.4.i386.rpm

ia64:
908695c253844642ad38070cf17f7a58  openmotif-2.2.3-9.RHEL4.1.ia64.rpm
023cc76d475a1a73f62103b8179ad27e  openmotif-2.2.3-9.RHEL4.1.i386.rpm
8168147910ce21b4bc5f89dfb22dae83  openmotif-devel-2.2.3-9.RHEL4.1.ia64.rpm
776371f184502bcf8b28d73701e580d5  openmotif21-2.1.30-11.RHEL4.4.ia64.rpm
47fa2a0391dd9117626c946888bbc675  openmotif21-2.1.30-11.RHEL4.4.i386.rpm

x86_64:
bc3cfce66bea5a3b3900b4e7d07b3b90  openmotif-2.2.3-9.RHEL4.1.x86_64.rpm
023cc76d475a1a73f62103b8179ad27e  openmotif-2.2.3-9.RHEL4.1.i386.rpm
e657eee7a31222a98c1f6b5da0c2d234  openmotif-devel-2.2.3-9.RHEL4.1.x86_64.rpm
47fa2a0391dd9117626c946888bbc675  openmotif21-2.1.30-11.RHEL4.4.i386.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/openm...
33a7a4ad7fe6ec6960f4ec09972954c8  openmotif-2.2.3-9.RHEL4.1.src.rpm
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/openm...
36c7d95bc2d6cedec3ada3eeb575def1  openmotif21-2.1.30-11.RHEL4.4.src.rpm

i386:
023cc76d475a1a73f62103b8179ad27e  openmotif-2.2.3-9.RHEL4.1.i386.rpm
d7eade810dfacc7de2ab529600974405  openmotif-devel-2.2.3-9.RHEL4.1.i386.rpm
47fa2a0391dd9117626c946888bbc675  openmotif21-2.1.30-11.RHEL4.4.i386.rpm

ia64:
908695c253844642ad38070cf17f7a58  openmotif-2.2.3-9.RHEL4.1.ia64.rpm
023cc76d475a1a73f62103b8179ad27e  openmotif-2.2.3-9.RHEL4.1.i386.rpm
8168147910ce21b4bc5f89dfb22dae83  openmotif-devel-2.2.3-9.RHEL4.1.ia64.rpm
776371f184502bcf8b28d73701e580d5  openmotif21-2.1.30-11.RHEL4.4.ia64.rpm
47fa2a0391dd9117626c946888bbc675  openmotif21-2.1.30-11.RHEL4.4.i386.rpm

x86_64:
bc3cfce66bea5a3b3900b4e7d07b3b90  openmotif-2.2.3-9.RHEL4.1.x86_64.rpm
023cc76d475a1a73f62103b8179ad27e  openmotif-2.2.3-9.RHEL4.1.i386.rpm
e657eee7a31222a98c1f6b5da0c2d234  openmotif-devel-2.2.3-9.RHEL4.1.x86_64.rpm
47fa2a0391dd9117626c946888bbc675  openmotif21-2.1.30-11.RHEL4.4.i386.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

6. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0605

7. Contact:

The Red Hat security contact is <secalert@redhat.com>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFCgiTMXlSAg2UNWIIRAt9GAKC8Ncb1F30EJgunFRD6eNQKCIKS1wCeOEOW
4YCiWKEBFaKb0gc1Y4+Q/y4=
=v9b2
-----END PGP SIGNATURE-----


-- 
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-...
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds