Red Hat Product Errata RHSA-2007:0765 - Security Advisory

Issued:: 2007-08-07
Updated:: 2007-08-07

RHSA-2007:0765 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: libgtop2 security update

Type/Severity

Security Advisory: Moderate

Topic

An updated libgtop2 package that fixes a security issue and a functionality
bug is now available for Red Hat Enterprise Linux 4.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

Description

The libgtop2 package contains a library for obtaining information about a
running system, such as cpu, memory and disk usage; active processes; and
PIDs.

A flaw was found in the way libgtop2 handled long filenames mapped
into the address space of a process. An attacker could execute arbitrary
code on behalf of the user running gnome-system-monitor by executing a
process and mapping a file with a specially crafted name into the
processes' address space. (CVE-2007-0235)

This update also fixes the following bug:

when a version of libgtop2 compiled to run on a 32-bit architecture was
used to inspect a process running in 64-bit mode, it failed to report
certain information regarding address space mapping correctly.

All users of gnome-system-monitor are advised to upgrade to this updated
libgtop2 package, which contains backported patches that resolve these issues.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Affected Products

Red Hat Enterprise Linux Server 4 x86_64
Red Hat Enterprise Linux Server 4 ia64
Red Hat Enterprise Linux Server 4 i386
Red Hat Enterprise Linux Server - Extended Update Support 4.5 x86_64
Red Hat Enterprise Linux Server - Extended Update Support 4.5 ia64
Red Hat Enterprise Linux Server - Extended Update Support 4.5 i386
Red Hat Enterprise Linux Workstation 4 x86_64
Red Hat Enterprise Linux Workstation 4 ia64
Red Hat Enterprise Linux Workstation 4 i386
Red Hat Enterprise Linux Desktop 4 x86_64
Red Hat Enterprise Linux Desktop 4 i386
Red Hat Enterprise Linux for IBM z Systems 4 s390x
Red Hat Enterprise Linux for IBM z Systems 4 s390
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.5 s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.5 s390
Red Hat Enterprise Linux for Power, big endian 4 ppc
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.5 ppc

Fixes

BZ - 208265 - LTC27411-bad PROC_MAPS_FORMAT in libgtop2-devel
BZ - 249884 - CVE-2007-0235 Stack overflow libgtop when pathname of mmap()-ed file is too long

CVEs

CVE-2007-0235

References

http://www.redhat.com/security/updates/classification/#moderate

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 4

SRPM
libgtop2-2.8.0-1.0.2.src.rpm	SHA-256: 722ad40f57e8d9cf93fb93fbc6e49f6e24c48fe596c56f9c80a13229036eaf61
x86_64
libgtop2-2.8.0-1.0.2.i386.rpm	SHA-256: a723fd76fa8bfd84675e6abfa3bdf460e9395d79d9a1f4d773de5d29fbd6fa90
libgtop2-2.8.0-1.0.2.i386.rpm	SHA-256: a723fd76fa8bfd84675e6abfa3bdf460e9395d79d9a1f4d773de5d29fbd6fa90
libgtop2-2.8.0-1.0.2.x86_64.rpm	SHA-256: 45a39f74855304a5e8b2e04e534ee58628e194de3f1d78ae25812037a4342e78
libgtop2-2.8.0-1.0.2.x86_64.rpm	SHA-256: 45a39f74855304a5e8b2e04e534ee58628e194de3f1d78ae25812037a4342e78
libgtop2-devel-2.8.0-1.0.2.x86_64.rpm	SHA-256: 10ac27d5a50278417b93f1833c4c0e62dede1323591cf9888129ef4ffdd9a2d2
libgtop2-devel-2.8.0-1.0.2.x86_64.rpm	SHA-256: 10ac27d5a50278417b93f1833c4c0e62dede1323591cf9888129ef4ffdd9a2d2
ia64
libgtop2-2.8.0-1.0.2.i386.rpm	SHA-256: a723fd76fa8bfd84675e6abfa3bdf460e9395d79d9a1f4d773de5d29fbd6fa90
libgtop2-2.8.0-1.0.2.i386.rpm	SHA-256: a723fd76fa8bfd84675e6abfa3bdf460e9395d79d9a1f4d773de5d29fbd6fa90
libgtop2-2.8.0-1.0.2.ia64.rpm	SHA-256: bf9074f58a8bc342768e777260e417ffe0834d2ba4345bb4d03ca3ab0a1759d7
libgtop2-2.8.0-1.0.2.ia64.rpm	SHA-256: bf9074f58a8bc342768e777260e417ffe0834d2ba4345bb4d03ca3ab0a1759d7
libgtop2-devel-2.8.0-1.0.2.ia64.rpm	SHA-256: f87c0bc33405c5d8183fd778106d82dbf7a40659d95224b9ef073b9bec45a4fb
libgtop2-devel-2.8.0-1.0.2.ia64.rpm	SHA-256: f87c0bc33405c5d8183fd778106d82dbf7a40659d95224b9ef073b9bec45a4fb
i386
libgtop2-2.8.0-1.0.2.i386.rpm	SHA-256: a723fd76fa8bfd84675e6abfa3bdf460e9395d79d9a1f4d773de5d29fbd6fa90
libgtop2-2.8.0-1.0.2.i386.rpm	SHA-256: a723fd76fa8bfd84675e6abfa3bdf460e9395d79d9a1f4d773de5d29fbd6fa90
libgtop2-devel-2.8.0-1.0.2.i386.rpm	SHA-256: 883abfe3c7c79d683f5c3f2e9d46f9b120783255b2d4fd1402d43388777fc4c6
libgtop2-devel-2.8.0-1.0.2.i386.rpm	SHA-256: 883abfe3c7c79d683f5c3f2e9d46f9b120783255b2d4fd1402d43388777fc4c6

Red Hat Enterprise Linux Server - Extended Update Support 4.5

SRPM
libgtop2-2.8.0-1.0.2.src.rpm	SHA-256: 722ad40f57e8d9cf93fb93fbc6e49f6e24c48fe596c56f9c80a13229036eaf61
x86_64
libgtop2-2.8.0-1.0.2.i386.rpm	SHA-256: a723fd76fa8bfd84675e6abfa3bdf460e9395d79d9a1f4d773de5d29fbd6fa90
libgtop2-2.8.0-1.0.2.i386.rpm	SHA-256: a723fd76fa8bfd84675e6abfa3bdf460e9395d79d9a1f4d773de5d29fbd6fa90
libgtop2-2.8.0-1.0.2.x86_64.rpm	SHA-256: 45a39f74855304a5e8b2e04e534ee58628e194de3f1d78ae25812037a4342e78
libgtop2-2.8.0-1.0.2.x86_64.rpm	SHA-256: 45a39f74855304a5e8b2e04e534ee58628e194de3f1d78ae25812037a4342e78
libgtop2-devel-2.8.0-1.0.2.x86_64.rpm	SHA-256: 10ac27d5a50278417b93f1833c4c0e62dede1323591cf9888129ef4ffdd9a2d2
libgtop2-devel-2.8.0-1.0.2.x86_64.rpm	SHA-256: 10ac27d5a50278417b93f1833c4c0e62dede1323591cf9888129ef4ffdd9a2d2
ia64
libgtop2-2.8.0-1.0.2.i386.rpm	SHA-256: a723fd76fa8bfd84675e6abfa3bdf460e9395d79d9a1f4d773de5d29fbd6fa90
libgtop2-2.8.0-1.0.2.i386.rpm	SHA-256: a723fd76fa8bfd84675e6abfa3bdf460e9395d79d9a1f4d773de5d29fbd6fa90
libgtop2-2.8.0-1.0.2.ia64.rpm	SHA-256: bf9074f58a8bc342768e777260e417ffe0834d2ba4345bb4d03ca3ab0a1759d7
libgtop2-2.8.0-1.0.2.ia64.rpm	SHA-256: bf9074f58a8bc342768e777260e417ffe0834d2ba4345bb4d03ca3ab0a1759d7
libgtop2-devel-2.8.0-1.0.2.ia64.rpm	SHA-256: f87c0bc33405c5d8183fd778106d82dbf7a40659d95224b9ef073b9bec45a4fb
libgtop2-devel-2.8.0-1.0.2.ia64.rpm	SHA-256: f87c0bc33405c5d8183fd778106d82dbf7a40659d95224b9ef073b9bec45a4fb
i386
libgtop2-2.8.0-1.0.2.i386.rpm	SHA-256: a723fd76fa8bfd84675e6abfa3bdf460e9395d79d9a1f4d773de5d29fbd6fa90
libgtop2-2.8.0-1.0.2.i386.rpm	SHA-256: a723fd76fa8bfd84675e6abfa3bdf460e9395d79d9a1f4d773de5d29fbd6fa90
libgtop2-devel-2.8.0-1.0.2.i386.rpm	SHA-256: 883abfe3c7c79d683f5c3f2e9d46f9b120783255b2d4fd1402d43388777fc4c6
libgtop2-devel-2.8.0-1.0.2.i386.rpm	SHA-256: 883abfe3c7c79d683f5c3f2e9d46f9b120783255b2d4fd1402d43388777fc4c6

Red Hat Enterprise Linux Workstation 4

SRPM
libgtop2-2.8.0-1.0.2.src.rpm	SHA-256: 722ad40f57e8d9cf93fb93fbc6e49f6e24c48fe596c56f9c80a13229036eaf61
x86_64
libgtop2-2.8.0-1.0.2.i386.rpm	SHA-256: a723fd76fa8bfd84675e6abfa3bdf460e9395d79d9a1f4d773de5d29fbd6fa90
libgtop2-2.8.0-1.0.2.x86_64.rpm	SHA-256: 45a39f74855304a5e8b2e04e534ee58628e194de3f1d78ae25812037a4342e78
libgtop2-devel-2.8.0-1.0.2.x86_64.rpm	SHA-256: 10ac27d5a50278417b93f1833c4c0e62dede1323591cf9888129ef4ffdd9a2d2
ia64
libgtop2-2.8.0-1.0.2.i386.rpm	SHA-256: a723fd76fa8bfd84675e6abfa3bdf460e9395d79d9a1f4d773de5d29fbd6fa90
libgtop2-2.8.0-1.0.2.ia64.rpm	SHA-256: bf9074f58a8bc342768e777260e417ffe0834d2ba4345bb4d03ca3ab0a1759d7
libgtop2-devel-2.8.0-1.0.2.ia64.rpm	SHA-256: f87c0bc33405c5d8183fd778106d82dbf7a40659d95224b9ef073b9bec45a4fb
i386
libgtop2-2.8.0-1.0.2.i386.rpm	SHA-256: a723fd76fa8bfd84675e6abfa3bdf460e9395d79d9a1f4d773de5d29fbd6fa90
libgtop2-devel-2.8.0-1.0.2.i386.rpm	SHA-256: 883abfe3c7c79d683f5c3f2e9d46f9b120783255b2d4fd1402d43388777fc4c6

Red Hat Enterprise Linux Desktop 4

SRPM
libgtop2-2.8.0-1.0.2.src.rpm	SHA-256: 722ad40f57e8d9cf93fb93fbc6e49f6e24c48fe596c56f9c80a13229036eaf61
x86_64
libgtop2-2.8.0-1.0.2.i386.rpm	SHA-256: a723fd76fa8bfd84675e6abfa3bdf460e9395d79d9a1f4d773de5d29fbd6fa90
libgtop2-2.8.0-1.0.2.x86_64.rpm	SHA-256: 45a39f74855304a5e8b2e04e534ee58628e194de3f1d78ae25812037a4342e78
libgtop2-devel-2.8.0-1.0.2.x86_64.rpm	SHA-256: 10ac27d5a50278417b93f1833c4c0e62dede1323591cf9888129ef4ffdd9a2d2
i386
libgtop2-2.8.0-1.0.2.i386.rpm	SHA-256: a723fd76fa8bfd84675e6abfa3bdf460e9395d79d9a1f4d773de5d29fbd6fa90
libgtop2-devel-2.8.0-1.0.2.i386.rpm	SHA-256: 883abfe3c7c79d683f5c3f2e9d46f9b120783255b2d4fd1402d43388777fc4c6

Red Hat Enterprise Linux for IBM z Systems 4

SRPM
libgtop2-2.8.0-1.0.2.src.rpm	SHA-256: 722ad40f57e8d9cf93fb93fbc6e49f6e24c48fe596c56f9c80a13229036eaf61
s390x
libgtop2-2.8.0-1.0.2.s390.rpm	SHA-256: 3c6f561a6001385ce2750b023207763dae39dfeab9275d26650bee45a1e53a38
libgtop2-2.8.0-1.0.2.s390x.rpm	SHA-256: a1736ae2c751943da1b16b3827e4d33464f640c7c962898e8a357ce00fd18a7a
libgtop2-devel-2.8.0-1.0.2.s390x.rpm	SHA-256: 561eba4d775cc3c8f5214d896c946ff9e496767bf016a54d05f298b64ce513f2
s390
libgtop2-2.8.0-1.0.2.s390.rpm	SHA-256: 3c6f561a6001385ce2750b023207763dae39dfeab9275d26650bee45a1e53a38
libgtop2-devel-2.8.0-1.0.2.s390.rpm	SHA-256: 5042d0cc8e6a7290856c3fa55b98b02bd868470a980c966580f86d0bd460f1f7

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.5

SRPM
libgtop2-2.8.0-1.0.2.src.rpm	SHA-256: 722ad40f57e8d9cf93fb93fbc6e49f6e24c48fe596c56f9c80a13229036eaf61
s390x
libgtop2-2.8.0-1.0.2.s390.rpm	SHA-256: 3c6f561a6001385ce2750b023207763dae39dfeab9275d26650bee45a1e53a38
libgtop2-2.8.0-1.0.2.s390x.rpm	SHA-256: a1736ae2c751943da1b16b3827e4d33464f640c7c962898e8a357ce00fd18a7a
libgtop2-devel-2.8.0-1.0.2.s390x.rpm	SHA-256: 561eba4d775cc3c8f5214d896c946ff9e496767bf016a54d05f298b64ce513f2
s390
libgtop2-2.8.0-1.0.2.s390.rpm	SHA-256: 3c6f561a6001385ce2750b023207763dae39dfeab9275d26650bee45a1e53a38
libgtop2-devel-2.8.0-1.0.2.s390.rpm	SHA-256: 5042d0cc8e6a7290856c3fa55b98b02bd868470a980c966580f86d0bd460f1f7

Red Hat Enterprise Linux for Power, big endian 4

SRPM
libgtop2-2.8.0-1.0.2.src.rpm	SHA-256: 722ad40f57e8d9cf93fb93fbc6e49f6e24c48fe596c56f9c80a13229036eaf61
ppc
libgtop2-2.8.0-1.0.2.ppc.rpm	SHA-256: f439a762cd7a216c0476271cf844627f41e2d583dc621c8a0c4266d07b40be78
libgtop2-2.8.0-1.0.2.ppc64.rpm	SHA-256: 7ca685a7adec68c977eddefbcaa5428037dd32bfddde3ba0c0c614ee6e74c2a2
libgtop2-devel-2.8.0-1.0.2.ppc.rpm	SHA-256: b1e1ac4554543333424dd495e39f1226a1a21fbfc8d2bad3a25729dd14f59a38

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.5

SRPM
libgtop2-2.8.0-1.0.2.src.rpm	SHA-256: 722ad40f57e8d9cf93fb93fbc6e49f6e24c48fe596c56f9c80a13229036eaf61
ppc
libgtop2-2.8.0-1.0.2.ppc.rpm	SHA-256: f439a762cd7a216c0476271cf844627f41e2d583dc621c8a0c4266d07b40be78
libgtop2-2.8.0-1.0.2.ppc64.rpm	SHA-256: 7ca685a7adec68c977eddefbcaa5428037dd32bfddde3ba0c0c614ee6e74c2a2
libgtop2-devel-2.8.0-1.0.2.ppc.rpm	SHA-256: b1e1ac4554543333424dd495e39f1226a1a21fbfc8d2bad3a25729dd14f59a38

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories