Scientific Linux Security Update : newt on SL3.x, SL4.x, SL5.x i386/x86_64

This script is Copyright (C) 2012-2014 Tenable Network Security, Inc.


Synopsis :

The remote Scientific Linux host is missing one or more security
updates.

Description :

CVE-2009-2905 newt: heap-overflow in textbox when text reflowing

A heap-based buffer overflow flaw was found in the way newt processes
content that is to be displayed in a text dialog box. A local attacker
could issue a specially crafted text dialog box display request
(direct or via a custom application), leading to a denial of service
(application crash) or, potentially, arbitrary code execution with the
privileges of the user running the application using the newt library.
(CVE-2009-2905)

After installing the updated packages, all applications using the newt
library must be restarted for the update to take effect.

See also :

http://www.nessus.org/u?543f40f5

Solution :

Update the affected newt and / or newt-devel packages.

Risk factor :

Medium / CVSS Base Score : 4.6
(CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P)

Family: Scientific Linux Local Security Checks

Nessus Plugin ID: 60670 ()

Bugtraq ID:

CVE ID: CVE-2009-2905