Rapid7 Vulnerability & Exploit Database

RHSA-2009:1463: newt security update

Back to Search

RHSA-2009:1463: newt security update

Severity
5
CVSS
(AV:L/AC:L/Au:N/C:P/I:P/A:P)
Published
09/29/2009
Created
07/25/2018
Added
10/14/2009
Modified
07/04/2017

Description

Newt is a programming library for color text mode, widget-based userinterfaces. Newt can be used to add stacked windows, entry widgets,checkboxes, radio buttons, labels, plain text fields, scrollbars, and soon, to text mode user interfaces.A heap-based buffer overflow flaw was found in the way newt processescontent that is to be displayed in a text dialog box. A local attackercould issue a specially-crafted text dialog box display request (direct orvia a custom application), leading to a denial of service (applicationcrash) or, potentially, arbitrary code execution with the privileges of theuser running the application using the newt library. (CVE-2009-2905)Users of newt should upgrade to these updated packages, which contain abackported patch to correct this issue. After installing the updatedpackages, all applications using the newt library must be restarted for theupdate to take effect.

Solution(s)

  • redhat-upgrade-newt
  • redhat-upgrade-newt-devel

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;