From Bugzilla Helper: User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20051012 Netscape/8.0.4 Description of problem: 05.49.12 CVE: Not Available Platform: Unix Title: Open Motif libUil Open_source_file Buffer Overflow Description: Open Motif is an open version of the Motif GUI toolkit. It is vulnerable to a buffer overflow issue due to improper use of the "strcpy" function. Successful exploitation may result in a remote compromise or local privilege escalation depending on the affected application linked to the library. Open Motif version 2.2.3 is vulnerable. Ref: http://www.securityfocus.com/bid/15686/info Version-Release number of selected component (if applicable): How reproducible: Didn't try Additional info:
05.49.27 CVE: Not Available Platform: Cross Platform Title: Open Motif libUil Diag_issue_diagnostic Buffer Overflow Description: Open Motif is an open version of the Motif GUI toolkit. A buffer overflow vulnerability affects libUil and can leave applications which link to the library vulnerable. The issue exists in the "diag_issue_diagnostic()" function and is caused due to the use of the "vsprintf()" libc procedure. Open Motif version 2.2.3 is affected. Ref: http://www.securityfocus.com/bid/15684/info
I looked up both bid 15684 and 15686 at securityfocus, and it appears that these two vulnerabilities are both addressed in CVE-2005-3964 (though that CVE is not mentioned in either bid). So I believe that these issues are the same as what this bug ticket was opened for. On April 4th, RHEL issued RHSA-2006:0272 for this issue, for RHEL 2.1, 3, & 4. <http://rhn.redhat.com/errata/RHSA-2006-0272.html> This leads me to believe that this overflow issue affects all of our distros. "A number of buffer overflow flaws were discovered in OpenMotif's libUil library. It is possible for an attacker to execute arbitrary code as a victim who has been tricked into executing a program linked against OpenMotif, which then loads a malicious User Interface Language (UIL) file. (CVE-2005-3964) "Users of OpenMotif are advised to upgrade to these erratum packages, which contain a backported security patch to correct this issue." This issue was tackled for RHEL in Bug #174814, and should be tackled for FC4 in Bug #174815 (but doesn't seem to be yet).
This issue has been tackled by Thomas Woerner for FC4 in Bug #174815 now, but still needs fixing for the other Fedora-Legacy-supported releases -- at least FC3 now. Even though Legacy has dropped support for FC1 and FC2 at this time, should we still issue updated packages for openmotif for those (since this bug was opened when we were still supporting those releases?)
(In reply to comment #3) > > Even though Legacy has dropped support for FC1 and FC2 at this time, should we > still issue updated packages for openmotif for those (since this bug was opened > when we were still supporting those releases?) yes, if possible
Fedora Legacy project has ended. These will not be fixed by Fedora Legacy.