Synopsis: Moderate: newt security update Issue date: 2009-09-24 CVE Names: CVE-2009-2905 CVE-2009-2905 newt: heap-overflow in textbox when text reflowing A heap-based buffer overflow flaw was found in the way newt processes content that is to be displayed in a text dialog box. A local attacker could issue a specially-crafted text dialog box display request (direct or via a custom application), leading to a denial of service (application crash) or, potentially, arbitrary code execution with the privileges of the user running the application using the newt library. (CVE-2009-2905) After installing the updated packages, all applications using the newt library must be restarted for the update to take effect. SL 3.0.x SRPMS: newt-0.51.5-2.el3.src.rpm i386: newt-0.51.5-2.el3.i386.rpm newt-devel-0.51.5-2.el3.i386.rpm x86_64: newt-0.51.5-2.el3.i386.rpm newt-0.51.5-2.el3.x86_64.rpm newt-devel-0.51.5-2.el3.x86_64.rpm SL 4.x SRPMS: newt-0.51.6-10.el4_8.1.src.rpm i386: newt-0.51.6-10.el4_8.1.i386.rpm newt-devel-0.51.6-10.el4_8.1.i386.rpm x86_64: newt-0.51.6-10.el4_8.1.i386.rpm newt-0.51.6-10.el4_8.1.x86_64.rpm newt-devel-0.51.6-10.el4_8.1.x86_64.rpm SL 5.x SRPMS: newt-0.52.2-12.el5_4.1.src.rpm i386: newt-0.52.2-12.el5_4.1.i386.rpm newt-devel-0.52.2-12.el5_4.1.i386.rpm x86_64: newt-0.52.2-12.el5_4.1.i386.rpm newt-0.52.2-12.el5_4.1.x86_64.rpm newt-devel-0.52.2-12.el5_4.1.i386.rpm newt-devel-0.52.2-12.el5_4.1.x86_64.rpm -Connie Sieh -Troy Dawson