exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2009-249

Mandriva Linux Security Advisory 2009-249
Posted Dec 7, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-249 - A heap-based buffer overflow flaw was found in the way newt processes content that is to be displayed in a text dialog box. A local attacker could issue a specially-crafted text dialog box display request (direct or via a custom application), leading to a denial of service (application crash) or, potentially, arbitrary code execution with the privileges of the user running the application using the newt library. This update provides a solution to this vulnerability. Packages for 2008.0 are being provided due to extended support for Corporate products.

tags | advisory, denial of service, overflow, arbitrary, local, code execution
systems | linux, mandriva
advisories | CVE-2009-2905
SHA-256 | 26b658d0a05250bbe7b160ea6507527db8763b67a61be417a6a94d04698278b4

Mandriva Linux Security Advisory 2009-249

Change Mirror Download

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2009:249-1
http://www.mandriva.com/security/
_______________________________________________________________________

Package : newt
Date : December 5, 2009
Affected: 2008.0
_______________________________________________________________________

Problem Description:

A vulnerability was discovered and corrected in newt:

A heap-based buffer overflow flaw was found in the way newt processes
content that is to be displayed in a text dialog box. A local attacker
could issue a specially-crafted text dialog box display request
(direct or via a custom application), leading to a denial of service
(application crash) or, potentially, arbitrary code execution with the
privileges of the user running the application using the newt library
(CVE-2009-2905).

This update provides a solution to this vulnerability.

Update:

Packages for 2008.0 are being provided due to extended support for
Corporate products.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2905
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2008.0:
654a1c3c587c6a5a14e6f4d23e890483 2008.0/i586/libnewt0.52-0.52.6-3.1mdv2008.0.i586.rpm
f0942a5df8fa536a02126f4034d3e53f 2008.0/i586/libnewt0.52-devel-0.52.6-3.1mdv2008.0.i586.rpm
0ce830ecabb85460249e58f53d1fe2c9 2008.0/i586/newt-0.52.6-3.1mdv2008.0.i586.rpm
228d192869250f150207ce14e8374fec 2008.0/SRPMS/newt-0.52.6-3.1mdv2008.0.src.rpm

Mandriva Linux 2008.0/X86_64:
889b8c64d20e91ae4e05d0c7945cd45e 2008.0/x86_64/lib64newt0.52-0.52.6-3.1mdv2008.0.x86_64.rpm
57e8e2c4cffe147722dbc4a0054459c9 2008.0/x86_64/lib64newt0.52-devel-0.52.6-3.1mdv2008.0.x86_64.rpm
d960d8c779078deea2e6c33b70b9685d 2008.0/x86_64/newt-0.52.6-3.1mdv2008.0.x86_64.rpm
228d192869250f150207ce14e8374fec 2008.0/SRPMS/newt-0.52.6-3.1mdv2008.0.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFLGl7ZmqjQ0CJFipgRAnviAJ9auPOyGciiDPdEAd6yvoiZKNlcZQCfWw8B
UPOkLw5FvPeXtYNk1GTBBeU=
=VpMX
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

November 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    16 Files
  • 2
    Nov 2nd
    17 Files
  • 3
    Nov 3rd
    17 Files
  • 4
    Nov 4th
    11 Files
  • 5
    Nov 5th
    0 Files
  • 6
    Nov 6th
    0 Files
  • 7
    Nov 7th
    3 Files
  • 8
    Nov 8th
    59 Files
  • 9
    Nov 9th
    12 Files
  • 10
    Nov 10th
    6 Files
  • 11
    Nov 11th
    11 Files
  • 12
    Nov 12th
    1 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    9 Files
  • 15
    Nov 15th
    33 Files
  • 16
    Nov 16th
    53 Files
  • 17
    Nov 17th
    11 Files
  • 18
    Nov 18th
    14 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    26 Files
  • 22
    Nov 22nd
    22 Files
  • 23
    Nov 23rd
    10 Files
  • 24
    Nov 24th
    9 Files
  • 25
    Nov 25th
    11 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    20 Files
  • 29
    Nov 29th
    9 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close