RHSA-2009:1463: newt security update
Description
Newt is a programming library for color text mode, widget-based userinterfaces. Newt can be used to add stacked windows, entry widgets,checkboxes, radio buttons, labels, plain text fields, scrollbars, and soon, to text mode user interfaces.A heap-based buffer overflow flaw was found in the way newt processescontent that is to be displayed in a text dialog box. A local attackercould issue a specially-crafted text dialog box display request (direct orvia a custom application), leading to a denial of service (applicationcrash) or, potentially, arbitrary code execution with the privileges of theuser running the application using the newt library. (CVE-2009-2905)Users of newt should upgrade to these updated packages, which contain abackported patch to correct this issue. After installing the updatedpackages, all applications using the newt library must be restarted for theupdate to take effect.
Solution(s)
- redhat-upgrade-newt
- redhat-upgrade-newt-devel
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center