RHEL 4 : w3c-libwww (RHSA-2007:0208)
Medium Nessus Plugin ID 25136
SynopsisThe remote Red Hat host is missing one or more security updates.
DescriptionUpdated w3c-libwww packages that fix a security issue and a bug are now available.
This update has been rated as having low security impact by the Red Hat Security Response Team.
w3c-libwww is a general-purpose web library.
Several buffer overflow flaws in w3c-libwww were found. If a client application that uses w3c-libwww connected to a malicious HTTP server, it could trigger an out of bounds memory access, causing the client application to crash (CVE-2005-3183).
This updated version of w3c-libwww also fixes an issue when computing MD5 sums on a 64 bit machine.
Users of w3c-libwww should upgrade to these updated packages, which contain backported patches to correct these issues.
SolutionUpdate the affected w3c-libwww, w3c-libwww-apps and / or w3c-libwww-devel packages.