Issued:
2006-04-04
Updated:
2006-04-04

RHSA-2006:0272 - openmotif security update

Synopsis

openmotif security update

Type/Severity

Security Advisory Moderate

Topic

Updated openmotif packages that fix a security issue are now available.

This update has been rated as having moderate security impact by the Red Hat Security Response Team.

Description

OpenMotif provides libraries which implement the Motif industry standard graphical user interface.

A number of buffer overflow flaws were discovered in OpenMotif's libUil library. It is possible for an attacker to execute arbitrary code as a victim who has been tricked into executing a program linked against OpenMotif, which then loads a malicious User Interface Language (UIL) file. (CVE-2005-3964)

Users of OpenMotif are advised to upgrade to these erratum packages, which contain a backported security patch to correct this issue.

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate RPMs being upgraded on your system.

Affected Products

ProductVersionArch
Red Hat Enterprise Linux for Power, big endian4ppc
Red Hat Enterprise Linux for Power, big endian3ppc
Red Hat Enterprise Linux for IBM z Systems4s390x
Red Hat Enterprise Linux for IBM z Systems4s390
Red Hat Enterprise Linux for IBM z Systems3s390x
Red Hat Enterprise Linux for IBM z Systems3s390
Red Hat Enterprise Linux Workstation4x86_64
Red Hat Enterprise Linux Workstation4ia64
Red Hat Enterprise Linux Workstation4i386
Red Hat Enterprise Linux Workstation3x86_64
Red Hat Enterprise Linux Workstation3ia64
Red Hat Enterprise Linux Workstation3i386
Red Hat Enterprise Linux Workstation2ia64
Red Hat Enterprise Linux Workstation2i386
Red Hat Enterprise Linux Server4x86_64
Red Hat Enterprise Linux Server4ia64
Red Hat Enterprise Linux Server4i386
Red Hat Enterprise Linux Server3x86_64
Red Hat Enterprise Linux Server3ia64
Red Hat Enterprise Linux Server3i386
Red Hat Enterprise Linux Server2ia64
Red Hat Enterprise Linux Server2i386
Red Hat Enterprise Linux Desktop4x86_64
Red Hat Enterprise Linux Desktop4i386
Red Hat Enterprise Linux Desktop3x86_64
Red Hat Enterprise Linux Desktop3i386

Updated Packages

  • openmotif-devel-2.2.3-5.RHEL3.3.ia64.rpm
  • openmotif21-2.1.30-11.RHEL4.5.ia64.rpm
  • openmotif-devel-2.2.3-5.RHEL3.3.s390x.rpm
  • openmotif-2.2.3-5.RHEL3.3.i386.rpm
  • openmotif-devel-2.2.3-10.RHEL4.1.ia64.rpm
  • openmotif-devel-2.2.3-5.RHEL3.3.s390.rpm
  • openmotif-devel-2.1.30-13.21AS.6.ia64.rpm
  • openmotif-devel-2.1.30-13.21AS.6.i386.rpm
  • openmotif-devel-2.2.3-10.RHEL4.1.x86_64.rpm
  • openmotif-2.1.30-13.21AS.6.i386.rpm
  • openmotif-2.2.3-5.RHEL3.3.s390x.rpm
  • openmotif-2.2.3-5.RHEL3.3.ia64.rpm
  • openmotif-2.2.3-10.RHEL4.1.ia64.rpm
  • openmotif-devel-2.2.3-5.RHEL3.3.i386.rpm
  • openmotif-2.2.3-10.RHEL4.1.ppc64.rpm
  • openmotif-2.2.3-5.RHEL3.3.ppc.rpm
  • openmotif-2.2.3-5.RHEL3.3.x86_64.rpm
  • openmotif21-2.1.30-9.RHEL3.7.ia64.rpm
  • openmotif-2.1.30-13.21AS.6.ia64.rpm
  • openmotif21-2.1.30-11.RHEL4.5.i386.rpm
  • openmotif-devel-2.2.3-10.RHEL4.1.ppc.rpm
  • openmotif-devel-2.2.3-5.RHEL3.3.ppc.rpm
  • openmotif-2.2.3-10.RHEL4.1.ppc.rpm
  • openmotif-devel-2.2.3-10.RHEL4.1.i386.rpm
  • openmotif-devel-2.2.3-10.RHEL4.1.s390x.rpm
  • openmotif-2.2.3-5.RHEL3.3.s390.rpm
  • openmotif-2.2.3-10.RHEL4.1.s390x.rpm
  • openmotif-devel-2.2.3-5.RHEL3.3.x86_64.rpm
  • openmotif-2.2.3-10.RHEL4.1.s390.rpm
  • openmotif-devel-2.2.3-10.RHEL4.1.s390.rpm
  • openmotif21-2.1.30-9.RHEL3.7.i386.rpm
  • openmotif-2.2.3-10.RHEL4.1.i386.rpm
  • openmotif-2.2.3-5.RHEL3.3.ppc64.rpm
  • openmotif-2.2.3-10.RHEL4.1.x86_64.rpm

Fixes

CVEs

References

Additional information