Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 476
Alerts This Week
Warning Icon 1 476

Scientific Linux: SLSA-2015:1917-1 Important: libwmf Remote Code Execution

Scientific Large Esm H446
Important: libwmf security update
Date: Tue, 13 Oct 2015 09:07:30 -0500
Reply-To: Pat Riehecky 
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: FASTBUGS for SL 7x x86_64 now available
MIME-Version: 1.0
Message-ID: <561D1022.3000700@fnal.gov>

The following FASTBUGS have been uploaded to

x86_64:
tzdata-2015g-1.el7.noarch.rpm
tzdata-java-2015g-1.el7.noarch.rpm
Date: Tue, 20 Oct 2015 18:35:37 +0000
Reply-To: scientific-linux-users@
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: Security ERRATA Important: libwmf on SL6.x, SL7.x i386/x86_64
MIME-Version: 1.0
Message-ID: <20151020183537.23302.80377@slpackages.fnal.gov>

Synopsis: Important: libwmf security update
Advisory ID: SLSA-2015:1917-1
Issue Date: 2015-10-20
CVE Numbers: CVE-2015-0848
 CVE-2015-4695
 CVE-2015-4696
 CVE-2015-4588
--

It was discovered that libwmf did not correctly process certain WMF
(Windows Metafiles) with embedded BMP images. By tricking a victim into
opening a specially crafted WMF file in an application using libwmf, a
remote attacker could possibly use this flaw to execute arbitrary code
with the privileges of the user running the application. (CVE-2015-0848,
CVE-2015-4588)

It was discovered that libwmf did not properly process certain WMF files.
By tricking a victim into opening a specially crafted WMF file in an
application using libwmf, a remote attacker could possibly exploit this
flaw to cause a crash or execute arbitrary code with the privileges of the
user running the application. (CVE-2015-4696)

It was discovered that libwmf did not properly process certain WMF files.
By tricking a victim into opening a specially crafted WMF file in an
application using libwmf, a remote attacker could possibly exploit this
flaw to cause a crash. (CVE-2015-4695)

After installing the update, all applications using libwmf must be
restarted for the update to take effect.
--

SL6
 x86_64
 libwmf-0.2.8.4-25.el6_7.i686.rpm
 libwmf-0.2.8.4-25.el6_7.x86_64.rpm
 libwmf-debuginfo-0.2.8.4-25.el6_7.i686.rpm
 libwmf-debuginfo-0.2.8.4-25.el6_7.x86_64.rpm
 libwmf-lite-0.2.8.4-25.el6_7.i686.rpm
 libwmf-lite-0.2.8.4-25.el6_7.x86_64.rpm
 libwmf-devel-0.2.8.4-25.el6_7.i686.rpm
 libwmf-devel-0.2.8.4-25.el6_7.x86_64.rpm
 i386
 libwmf-0.2.8.4-25.el6_7.i686.rpm
 libwmf-debuginfo-0.2.8.4-25.el6_7.i686.rpm
 libwmf-lite-0.2.8.4-25.el6_7.i686.rpm
 libwmf-devel-0.2.8.4-25.el6_7.i686.rpm
SL7
 x86_64
 libwmf-0.2.8.4-41.el7_1.i686.rpm
 libwmf-0.2.8.4-41.el7_1.x86_64.rpm
 libwmf-debuginfo-0.2.8.4-41.el7_1.i686.rpm
 libwmf-debuginfo-0.2.8.4-41.el7_1.x86_64.rpm
 libwmf-lite-0.2.8.4-41.el7_1.i686.rpm
 libwmf-lite-0.2.8.4-41.el7_1.x86_64.rpm
 libwmf-devel-0.2.8.4-41.el7_1.i686.rpm
 libwmf-devel-0.2.8.4-41.el7_1.x86_64.rpm

- Scientific Linux Development Team