A heap-based buffer overflow flaw was found in the way newt processes
content that is to be displayed in a text dialog box. A local attacker
could issue a specially-crafted text dialog box display request (direct or
via a custom application), leading to a denial of service (application
crash) or, potentially, arbitrary code execution with the privileges of the
user running the application using the newt library.
Public now via:
newt-0.52.10-2.fc10 has been submitted as an update for Fedora 10.
newt-0.52.10-4.fc11 has been submitted as an update for Fedora 11.
This issue has been addressed in following products:
Red Hat Enterprise Linux 3
Red Hat Enterprise Linux 4
Red Hat Enterprise Linux 5
Via RHSA-2009:1463 https://rhn.redhat.com/errata/RHSA-2009-1463.html
newt-0.52.10-2.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.
newt-0.52.10-4.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report.