Red Hat Local Security Checks : RedHat Security Advisory RHSA-2009:1463

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.64946

Category: Red Hat Local Security Checks

Title: RedHat Security Advisory RHSA-2009:1463

Summary: The remote host is missing updates announced in;advisory RHSA-2009:1463.;;Newt is a programming library for color text mode, widget-based user;interfaces. Newt can be used to add stacked windows, entry widgets,;checkboxes, radio buttons, labels, plain text fields, scrollbars, and so;on, to text mode user interfaces.;;A heap-based buffer overflow flaw was found in the way newt processes;content that is to be displayed in a text dialog box. A local attacker;could issue a specially-crafted text dialog box display request (direct or;via a custom application), leading to a denial of service (application;crash) or, potentially, arbitrary code execution with the privileges of the;user running the application using the newt library. (CVE-2009-2905);;Users of newt should upgrade to these updated packages, which contain a;backported patch to correct this issue. After installing the updated;packages, all applications using the newt library must be restarted for the;update to take effect.

Description: Summary:
The remote host is missing updates announced in
advisory RHSA-2009:1463.

Newt is a programming library for color text mode, widget-based user
interfaces. Newt can be used to add stacked windows, entry widgets,
checkboxes, radio buttons, labels, plain text fields, scrollbars, and so
on, to text mode user interfaces.

A heap-based buffer overflow flaw was found in the way newt processes
content that is to be displayed in a text dialog box. A local attacker
could issue a specially-crafted text dialog box display request (direct or
via a custom application), leading to a denial of service (application
crash) or, potentially, arbitrary code execution with the privileges of the
user running the application using the newt library. (CVE-2009-2905)

Users of newt should upgrade to these updated packages, which contain a
backported patch to correct this issue. After installing the updated
packages, all applications using the newt library must be restarted for the
update to take effect.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

CVSS Score:
4.6

CVSS Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2009-2905
36515
http://www.securityfocus.com/bid/36515
37922
http://secunia.com/advisories/37922
38794
http://secunia.com/advisories/38794
38833
http://secunia.com/advisories/38833
ADV-2010-0528
http://www.vupen.com/english/advisories/2010/0528
DSA-1894
http://www.debian.org/security/2009/dsa-1894
RHSA-2009:1463
https://rhn.redhat.com/errata/RHSA-2009-1463.html
SUSE-SR:2009:017
http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html
USN-837-1
http://www.ubuntu.com/usn/USN-837-1
[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates
http://lists.vmware.com/pipermail/security-announce/2010/000082.html
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
http://security.debian.org/pool/updates/main/n/newt/newt_0.52.2-10+etch1.diff.gz
http://support.avaya.com/css/P8/documents/100067251
https://bugzilla.redhat.com/show_bug.cgi?id=523955
oval:org.mitre.oval:def:8556
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8556
oval:org.mitre.oval:def:9664
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9664

Copyright Copyright (C) 2009 E-Soft Inc.

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.64946
Category:	Red Hat Local Security Checks
Title:	RedHat Security Advisory RHSA-2009:1463
Summary:	The remote host is missing updates announced in;advisory RHSA-2009:1463.;;Newt is a programming library for color text mode, widget-based user;interfaces. Newt can be used to add stacked windows, entry widgets,;checkboxes, radio buttons, labels, plain text fields, scrollbars, and so;on, to text mode user interfaces.;;A heap-based buffer overflow flaw was found in the way newt processes;content that is to be displayed in a text dialog box. A local attacker;could issue a specially-crafted text dialog box display request (direct or;via a custom application), leading to a denial of service (application;crash) or, potentially, arbitrary code execution with the privileges of the;user running the application using the newt library. (CVE-2009-2905);;Users of newt should upgrade to these updated packages, which contain a;backported patch to correct this issue. After installing the updated;packages, all applications using the newt library must be restarted for the;update to take effect.
Description:	Summary: The remote host is missing updates announced in advisory RHSA-2009:1463. Newt is a programming library for color text mode, widget-based user interfaces. Newt can be used to add stacked windows, entry widgets, checkboxes, radio buttons, labels, plain text fields, scrollbars, and so on, to text mode user interfaces. A heap-based buffer overflow flaw was found in the way newt processes content that is to be displayed in a text dialog box. A local attacker could issue a specially-crafted text dialog box display request (direct or via a custom application), leading to a denial of service (application crash) or, potentially, arbitrary code execution with the privileges of the user running the application using the newt library. (CVE-2009-2905) Users of newt should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, all applications using the newt library must be restarted for the update to take effect. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date CVSS Score: 4.6 CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-2905 36515 http://www.securityfocus.com/bid/36515 37922 http://secunia.com/advisories/37922 38794 http://secunia.com/advisories/38794 38833 http://secunia.com/advisories/38833 ADV-2010-0528 http://www.vupen.com/english/advisories/2010/0528 DSA-1894 http://www.debian.org/security/2009/dsa-1894 RHSA-2009:1463 https://rhn.redhat.com/errata/RHSA-2009-1463.html SUSE-SR:2009:017 http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html USN-837-1 http://www.ubuntu.com/usn/USN-837-1 [security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates http://lists.vmware.com/pipermail/security-announce/2010/000082.html http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://security.debian.org/pool/updates/main/n/newt/newt_0.52.2-10+etch1.diff.gz http://support.avaya.com/css/P8/documents/100067251 https://bugzilla.redhat.com/show_bug.cgi?id=523955 oval:org.mitre.oval:def:8556 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8556 oval:org.mitre.oval:def:9664 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9664
Copyright	Copyright (C) 2009 E-Soft Inc.