Oval Definition:oval:com.redhat.rhsa:def:20040537
Revision Date:2004-12-02Version:502
Title:RHSA-2004:537: openmotif security update (Important)
Description:OpenMotif provides libraries which implement the Motif industry standard graphical user interface.

During a source code audit, Chris Evans and others discovered several stack overflow flaws and an integer overflow flaw in the libXpm library used to decode XPM (X PixMap) images. A vulnerable version of this library was found within OpenMotif. An attacker could create a carefully crafted XPM file which would cause an application to crash or potentially execute arbitrary code if opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2004-0687, CAN-2004-0688, and CAN-2004-0914 to these issues.

Users of OpenMotif are advised to upgrade to these erratum packages, which contain backported security patches to the embedded libXpm library.
Family:unixClass:patch
Status:Reference(s):CVE-2004-0687
CVE-2004-0688
CVE-2004-0914
RHSA-2004:537-01
Platform(s):Red Hat Enterprise Linux 3
Product(s):
Definition Synopsis
  • Red Hat Enterprise Linux 3 is installed
  • AND Package Information
  • openmotif-devel is earlier than 0:2.2.3-4.RHEL3.4
  • AND openmotif-devel is signed with Red Hat master key
  • OR
  • openmotif is earlier than 0:2.2.3-4.RHEL3.4
  • AND openmotif is signed with Red Hat master key
  • OR
  • openmotif21 is earlier than 0:2.1.30-9.RHEL3.4
  • AND openmotif21 is signed with Red Hat master key
  • BACK