RedHat: Moderate: openmotif security update
Posted by Benjamin D. Thomas   
RedHat Linux Updated openmotif packages that fix a flaw in the Xpm image library are now available.
- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Moderate: openmotif security update
Advisory ID:       RHSA-2005:412-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2005-412.html
Issue date:        2005-05-11
Updated on:        2005-05-11
Product:           Red Hat Enterprise Linux
CVE Names:         CAN-2005-0605
- ---------------------------------------------------------------------

1. Summary:

Updated openmotif packages that fix a flaw in the Xpm image library are now
available.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

OpenMotif provides libraries which implement the Motif industry standard
graphical user interface.  

An integer overflow flaw was found in libXpm, which is used to decode XPM
(X PixMap) images.  A vulnerable version of this library was
found within OpenMotif.  An attacker could create a carefully crafted XPM
file which would cause an application to crash or potentially execute
arbitrary code if opened by a victim.  The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2005-0605 to
this issue.

Users of OpenMotif are advised to upgrade to these erratum packages, which
contains a backported security patch to the embedded libXpm library.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  Use Red Hat
Network to download and update your packages.  To launch the Red Hat
Update Agent, use the following command:

    up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

    http://www.redhat.com/docs/manuals/enterprise/

5. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/openmotif-2.1.30-13.21AS.5.src.rpm
fc696f8839bf611ea0f3ea23fa2abbc1  openmotif-2.1.30-13.21AS.5.src.rpm

i386:
82d4d85be0efd5e4611dcfd31cb2c782  openmotif-2.1.30-13.21AS.5.i386.rpm
a635c37af852402dd36090c8c4b74097  openmotif-devel-2.1.30-13.21AS.5.i386.rpm

ia64:
23a97afe7a12979b59436b7331e737e2  openmotif-2.1.30-13.21AS.5.ia64.rpm
435170af1e8f72455a9a3ea0b99d991d  openmotif-devel-2.1.30-13.21AS.5.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/openmotif-2.1.30-13.21AS.5.src.rpm
fc696f8839bf611ea0f3ea23fa2abbc1  openmotif-2.1.30-13.21AS.5.src.rpm

ia64:
23a97afe7a12979b59436b7331e737e2  openmotif-2.1.30-13.21AS.5.ia64.rpm
435170af1e8f72455a9a3ea0b99d991d  openmotif-devel-2.1.30-13.21AS.5.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/openmotif-2.1.30-13.21AS.5.src.rpm
fc696f8839bf611ea0f3ea23fa2abbc1  openmotif-2.1.30-13.21AS.5.src.rpm

i386:
82d4d85be0efd5e4611dcfd31cb2c782  openmotif-2.1.30-13.21AS.5.i386.rpm
a635c37af852402dd36090c8c4b74097  openmotif-devel-2.1.30-13.21AS.5.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/openmotif-2.1.30-13.21AS.5.src.rpm
fc696f8839bf611ea0f3ea23fa2abbc1  openmotif-2.1.30-13.21AS.5.src.rpm

i386:
82d4d85be0efd5e4611dcfd31cb2c782  openmotif-2.1.30-13.21AS.5.i386.rpm
a635c37af852402dd36090c8c4b74097  openmotif-devel-2.1.30-13.21AS.5.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/openmotif-2.2.3-5.RHEL3.2.src.rpm
3cd7bf76e1135f650e80ca6522412c69  openmotif-2.2.3-5.RHEL3.2.src.rpm
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/openmotif21-2.1.30-9.RHEL3.6.src.rpm
fc9c3cdfe2888fbb732ebe1e2a4af65f  openmotif21-2.1.30-9.RHEL3.6.src.rpm

i386:
47c7fb4596b78c973deb7c2988808f96  openmotif-2.2.3-5.RHEL3.2.i386.rpm
c2bdacac09caeb13bc916b9e6213b24f  openmotif-devel-2.2.3-5.RHEL3.2.i386.rpm
901cfdff883c390159e7510c7beb108d  openmotif21-2.1.30-9.RHEL3.6.i386.rpm

ia64:
ab4961edbf87f51127e6f491a4da9eea  openmotif-2.2.3-5.RHEL3.2.ia64.rpm
47c7fb4596b78c973deb7c2988808f96  openmotif-2.2.3-5.RHEL3.2.i386.rpm
ee6f6ea8384e1d6e75e31a30167a44e0  openmotif-devel-2.2.3-5.RHEL3.2.ia64.rpm
0a0454015608b488ddb3c55d3278a14e  openmotif21-2.1.30-9.RHEL3.6.ia64.rpm
901cfdff883c390159e7510c7beb108d  openmotif21-2.1.30-9.RHEL3.6.i386.rpm

ppc:
aa579c6cd9b990c200649c8e486080a6  openmotif-2.2.3-5.RHEL3.2.ppc.rpm
b20b1e8f68630389cb394bfb7c40155f  openmotif-2.2.3-5.RHEL3.2.ppc64.rpm
5ce626584cb7aa546f5fcd10f6c56a19  openmotif-devel-2.2.3-5.RHEL3.2.ppc.rpm

s390:
08b1bea796c5d86b014b567edb5087cc  openmotif-2.2.3-5.RHEL3.2.s390.rpm
cc2134a36b90a4359698f6c1999c1425  openmotif-devel-2.2.3-5.RHEL3.2.s390.rpm

s390x:
bd621dc1992af0815be37a0f63d446e8  openmotif-2.2.3-5.RHEL3.2.s390x.rpm
08b1bea796c5d86b014b567edb5087cc  openmotif-2.2.3-5.RHEL3.2.s390.rpm
86c61331a3388af93c39cd5e823595cd  openmotif-devel-2.2.3-5.RHEL3.2.s390x.rpm

x86_64:
72999fcdd0aa116594141125f1758bcc  openmotif-2.2.3-5.RHEL3.2.x86_64.rpm
47c7fb4596b78c973deb7c2988808f96  openmotif-2.2.3-5.RHEL3.2.i386.rpm
20dfdd4cb2f316fd525dbeff39546260  openmotif-devel-2.2.3-5.RHEL3.2.x86_64.rpm
901cfdff883c390159e7510c7beb108d  openmotif21-2.1.30-9.RHEL3.6.i386.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/openmotif-2.2.3-5.RHEL3.2.src.rpm
3cd7bf76e1135f650e80ca6522412c69  openmotif-2.2.3-5.RHEL3.2.src.rpm
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/openmotif21-2.1.30-9.RHEL3.6.src.rpm
fc9c3cdfe2888fbb732ebe1e2a4af65f  openmotif21-2.1.30-9.RHEL3.6.src.rpm

i386:
47c7fb4596b78c973deb7c2988808f96  openmotif-2.2.3-5.RHEL3.2.i386.rpm
c2bdacac09caeb13bc916b9e6213b24f  openmotif-devel-2.2.3-5.RHEL3.2.i386.rpm
901cfdff883c390159e7510c7beb108d  openmotif21-2.1.30-9.RHEL3.6.i386.rpm

x86_64:
72999fcdd0aa116594141125f1758bcc  openmotif-2.2.3-5.RHEL3.2.x86_64.rpm
47c7fb4596b78c973deb7c2988808f96  openmotif-2.2.3-5.RHEL3.2.i386.rpm
20dfdd4cb2f316fd525dbeff39546260  openmotif-devel-2.2.3-5.RHEL3.2.x86_64.rpm
901cfdff883c390159e7510c7beb108d  openmotif21-2.1.30-9.RHEL3.6.i386.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/openmotif-2.2.3-5.RHEL3.2.src.rpm
3cd7bf76e1135f650e80ca6522412c69  openmotif-2.2.3-5.RHEL3.2.src.rpm
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/openmotif21-2.1.30-9.RHEL3.6.src.rpm
fc9c3cdfe2888fbb732ebe1e2a4af65f  openmotif21-2.1.30-9.RHEL3.6.src.rpm

i386:
47c7fb4596b78c973deb7c2988808f96  openmotif-2.2.3-5.RHEL3.2.i386.rpm
c2bdacac09caeb13bc916b9e6213b24f  openmotif-devel-2.2.3-5.RHEL3.2.i386.rpm
901cfdff883c390159e7510c7beb108d  openmotif21-2.1.30-9.RHEL3.6.i386.rpm

ia64:
47c7fb4596b78c973deb7c2988808f96  openmotif-2.2.3-5.RHEL3.2.i386.rpm
ab4961edbf87f51127e6f491a4da9eea  openmotif-2.2.3-5.RHEL3.2.ia64.rpm
ee6f6ea8384e1d6e75e31a30167a44e0  openmotif-devel-2.2.3-5.RHEL3.2.ia64.rpm
0a0454015608b488ddb3c55d3278a14e  openmotif21-2.1.30-9.RHEL3.6.ia64.rpm
901cfdff883c390159e7510c7beb108d  openmotif21-2.1.30-9.RHEL3.6.i386.rpm

x86_64:
72999fcdd0aa116594141125f1758bcc  openmotif-2.2.3-5.RHEL3.2.x86_64.rpm
47c7fb4596b78c973deb7c2988808f96  openmotif-2.2.3-5.RHEL3.2.i386.rpm
20dfdd4cb2f316fd525dbeff39546260  openmotif-devel-2.2.3-5.RHEL3.2.x86_64.rpm
901cfdff883c390159e7510c7beb108d  openmotif21-2.1.30-9.RHEL3.6.i386.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/openmotif-2.2.3-5.RHEL3.2.src.rpm
3cd7bf76e1135f650e80ca6522412c69  openmotif-2.2.3-5.RHEL3.2.src.rpm
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/openmotif21-2.1.30-9.RHEL3.6.src.rpm
fc9c3cdfe2888fbb732ebe1e2a4af65f  openmotif21-2.1.30-9.RHEL3.6.src.rpm

i386:
47c7fb4596b78c973deb7c2988808f96  openmotif-2.2.3-5.RHEL3.2.i386.rpm
c2bdacac09caeb13bc916b9e6213b24f  openmotif-devel-2.2.3-5.RHEL3.2.i386.rpm
901cfdff883c390159e7510c7beb108d  openmotif21-2.1.30-9.RHEL3.6.i386.rpm

ia64:
ab4961edbf87f51127e6f491a4da9eea  openmotif-2.2.3-5.RHEL3.2.ia64.rpm
47c7fb4596b78c973deb7c2988808f96  openmotif-2.2.3-5.RHEL3.2.i386.rpm
ee6f6ea8384e1d6e75e31a30167a44e0  openmotif-devel-2.2.3-5.RHEL3.2.ia64.rpm
0a0454015608b488ddb3c55d3278a14e  openmotif21-2.1.30-9.RHEL3.6.ia64.rpm
901cfdff883c390159e7510c7beb108d  openmotif21-2.1.30-9.RHEL3.6.i386.rpm

x86_64:
72999fcdd0aa116594141125f1758bcc  openmotif-2.2.3-5.RHEL3.2.x86_64.rpm
47c7fb4596b78c973deb7c2988808f96  openmotif-2.2.3-5.RHEL3.2.i386.rpm
20dfdd4cb2f316fd525dbeff39546260  openmotif-devel-2.2.3-5.RHEL3.2.x86_64.rpm
901cfdff883c390159e7510c7beb108d  openmotif21-2.1.30-9.RHEL3.6.i386.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/openmotif-2.2.3-9.RHEL4.1.src.rpm
33a7a4ad7fe6ec6960f4ec09972954c8  openmotif-2.2.3-9.RHEL4.1.src.rpm
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/openmotif21-2.1.30-11.RHEL4.4.src.rpm
36c7d95bc2d6cedec3ada3eeb575def1  openmotif21-2.1.30-11.RHEL4.4.src.rpm

i386:
023cc76d475a1a73f62103b8179ad27e  openmotif-2.2.3-9.RHEL4.1.i386.rpm
d7eade810dfacc7de2ab529600974405  openmotif-devel-2.2.3-9.RHEL4.1.i386.rpm
47fa2a0391dd9117626c946888bbc675  openmotif21-2.1.30-11.RHEL4.4.i386.rpm

ia64:
908695c253844642ad38070cf17f7a58  openmotif-2.2.3-9.RHEL4.1.ia64.rpm
023cc76d475a1a73f62103b8179ad27e  openmotif-2.2.3-9.RHEL4.1.i386.rpm
8168147910ce21b4bc5f89dfb22dae83  openmotif-devel-2.2.3-9.RHEL4.1.ia64.rpm
776371f184502bcf8b28d73701e580d5  openmotif21-2.1.30-11.RHEL4.4.ia64.rpm
47fa2a0391dd9117626c946888bbc675  openmotif21-2.1.30-11.RHEL4.4.i386.rpm

ppc:
c332f25632c26bf2b5d55960bc93f9c1  openmotif-2.2.3-9.RHEL4.1.ppc.rpm
4f98953c059ffe207e12159128927006  openmotif-2.2.3-9.RHEL4.1.ppc64.rpm
5c96da3bcfbc5cfd01a60bc0a3ee8e0c  openmotif-devel-2.2.3-9.RHEL4.1.ppc.rpm

s390:
4f764a6ad8dc046b16b578c71a9dd733  openmotif-2.2.3-9.RHEL4.1.s390.rpm
e9f3bd11e16b08fb2d87d052f90923bc  openmotif-devel-2.2.3-9.RHEL4.1.s390.rpm

s390x:
4e2615987a0ab95371f0d979db6eff0d  openmotif-2.2.3-9.RHEL4.1.s390x.rpm
4f764a6ad8dc046b16b578c71a9dd733  openmotif-2.2.3-9.RHEL4.1.s390.rpm
52affcfcf476d51deaa3fd775aa5646b  openmotif-devel-2.2.3-9.RHEL4.1.s390x.rpm

x86_64:
bc3cfce66bea5a3b3900b4e7d07b3b90  openmotif-2.2.3-9.RHEL4.1.x86_64.rpm
023cc76d475a1a73f62103b8179ad27e  openmotif-2.2.3-9.RHEL4.1.i386.rpm
e657eee7a31222a98c1f6b5da0c2d234  openmotif-devel-2.2.3-9.RHEL4.1.x86_64.rpm
47fa2a0391dd9117626c946888bbc675  openmotif21-2.1.30-11.RHEL4.4.i386.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/openmotif-2.2.3-9.RHEL4.1.src.rpm
33a7a4ad7fe6ec6960f4ec09972954c8  openmotif-2.2.3-9.RHEL4.1.src.rpm
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/openmotif21-2.1.30-11.RHEL4.4.src.rpm
36c7d95bc2d6cedec3ada3eeb575def1  openmotif21-2.1.30-11.RHEL4.4.src.rpm

i386:
023cc76d475a1a73f62103b8179ad27e  openmotif-2.2.3-9.RHEL4.1.i386.rpm
d7eade810dfacc7de2ab529600974405  openmotif-devel-2.2.3-9.RHEL4.1.i386.rpm
47fa2a0391dd9117626c946888bbc675  openmotif21-2.1.30-11.RHEL4.4.i386.rpm

x86_64:
bc3cfce66bea5a3b3900b4e7d07b3b90  openmotif-2.2.3-9.RHEL4.1.x86_64.rpm
023cc76d475a1a73f62103b8179ad27e  openmotif-2.2.3-9.RHEL4.1.i386.rpm
e657eee7a31222a98c1f6b5da0c2d234  openmotif-devel-2.2.3-9.RHEL4.1.x86_64.rpm
47fa2a0391dd9117626c946888bbc675  openmotif21-2.1.30-11.RHEL4.4.i386.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/openmotif-2.2.3-9.RHEL4.1.src.rpm
33a7a4ad7fe6ec6960f4ec09972954c8  openmotif-2.2.3-9.RHEL4.1.src.rpm
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/openmotif21-2.1.30-11.RHEL4.4.src.rpm
36c7d95bc2d6cedec3ada3eeb575def1  openmotif21-2.1.30-11.RHEL4.4.src.rpm

i386:
023cc76d475a1a73f62103b8179ad27e  openmotif-2.2.3-9.RHEL4.1.i386.rpm
d7eade810dfacc7de2ab529600974405  openmotif-devel-2.2.3-9.RHEL4.1.i386.rpm
47fa2a0391dd9117626c946888bbc675  openmotif21-2.1.30-11.RHEL4.4.i386.rpm

ia64:
908695c253844642ad38070cf17f7a58  openmotif-2.2.3-9.RHEL4.1.ia64.rpm
023cc76d475a1a73f62103b8179ad27e  openmotif-2.2.3-9.RHEL4.1.i386.rpm
8168147910ce21b4bc5f89dfb22dae83  openmotif-devel-2.2.3-9.RHEL4.1.ia64.rpm
776371f184502bcf8b28d73701e580d5  openmotif21-2.1.30-11.RHEL4.4.ia64.rpm
47fa2a0391dd9117626c946888bbc675  openmotif21-2.1.30-11.RHEL4.4.i386.rpm

x86_64:
bc3cfce66bea5a3b3900b4e7d07b3b90  openmotif-2.2.3-9.RHEL4.1.x86_64.rpm
023cc76d475a1a73f62103b8179ad27e  openmotif-2.2.3-9.RHEL4.1.i386.rpm
e657eee7a31222a98c1f6b5da0c2d234  openmotif-devel-2.2.3-9.RHEL4.1.x86_64.rpm
47fa2a0391dd9117626c946888bbc675  openmotif21-2.1.30-11.RHEL4.4.i386.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/openmotif-2.2.3-9.RHEL4.1.src.rpm
33a7a4ad7fe6ec6960f4ec09972954c8  openmotif-2.2.3-9.RHEL4.1.src.rpm
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/openmotif21-2.1.30-11.RHEL4.4.src.rpm
36c7d95bc2d6cedec3ada3eeb575def1  openmotif21-2.1.30-11.RHEL4.4.src.rpm

i386:
023cc76d475a1a73f62103b8179ad27e  openmotif-2.2.3-9.RHEL4.1.i386.rpm
d7eade810dfacc7de2ab529600974405  openmotif-devel-2.2.3-9.RHEL4.1.i386.rpm
47fa2a0391dd9117626c946888bbc675  openmotif21-2.1.30-11.RHEL4.4.i386.rpm

ia64:
908695c253844642ad38070cf17f7a58  openmotif-2.2.3-9.RHEL4.1.ia64.rpm
023cc76d475a1a73f62103b8179ad27e  openmotif-2.2.3-9.RHEL4.1.i386.rpm
8168147910ce21b4bc5f89dfb22dae83  openmotif-devel-2.2.3-9.RHEL4.1.ia64.rpm
776371f184502bcf8b28d73701e580d5  openmotif21-2.1.30-11.RHEL4.4.ia64.rpm
47fa2a0391dd9117626c946888bbc675  openmotif21-2.1.30-11.RHEL4.4.i386.rpm

x86_64:
bc3cfce66bea5a3b3900b4e7d07b3b90  openmotif-2.2.3-9.RHEL4.1.x86_64.rpm
023cc76d475a1a73f62103b8179ad27e  openmotif-2.2.3-9.RHEL4.1.i386.rpm
e657eee7a31222a98c1f6b5da0c2d234  openmotif-devel-2.2.3-9.RHEL4.1.x86_64.rpm
47fa2a0391dd9117626c946888bbc675  openmotif21-2.1.30-11.RHEL4.4.i386.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

6. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0605

7. Contact:

The Red Hat security contact is .  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.