Issued:
2005-05-24
Updated:
2005-05-24

RHSA-2005:473 - lesstif security update

Synopsis

lesstif security update

Type/Severity

Security Advisory Moderate

Topic

Updated lesstif packages that fix flaws in the Xpm library are now available for Red Hat Enterprise Linux 2.1.

This update has been rated as having Moderate security impact by the Red Hat Security Response Team.

Description

LessTif provides libraries which implement the Motif industry standard graphical user interface.

An integer overflow flaw was found in libXpm; a vulnerable version of this library is found within LessTif. An attacker could create a malicious XPM file that would execute arbitrary code if opened by a victim using an application linked to LessTif. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0605 to this issue.

Users of LessTif should upgrade to these updated packages, which contain a backported patch to correct this issue.

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate RPMs being upgraded on your system.

Affected Products

ProductVersionArch
Red Hat Enterprise Linux Workstation2ia64
Red Hat Enterprise Linux Workstation2i386
Red Hat Enterprise Linux Server2ia64
Red Hat Enterprise Linux Server2i386

Updated Packages

  • lesstif-devel-0.93.15-4.AS21.5.i386.rpm
  • lesstif-0.93.15-4.AS21.5.i386.rpm
  • lesstif-0.93.15-4.AS21.5.ia64.rpm
  • lesstif-devel-0.93.15-4.AS21.5.ia64.rpm

Fixes

CVEs

(none)

References

(none)

Additional information