Explore top 10 tips to secure your open-source projects now. Read More
×An update that solves two vulnerabilities and has one errata is now available. . SUSE Security Update: Security update for libwmf ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1560-1 Rating: important References: #1006739 #1123522 #1174075 Cross-References: CVE-2016-9011 CVE-2019-6978 CVSS scores: CVE-2016-9011 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2019-6978 (NVD) : 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2019-6978 (SUSE): 4.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L Affected Products: SUSE Linux Enterprise Desktop 12-SP5 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Workstation Extension 12-SP5 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for libwmf fixes the following issues: libwmf was updated to 0.2.12: * upstream changed to fork from Fedora: https://github.com/caolanm/libwmf * merged all the pending fixes * merge in fixes for libgd CVE-2019-6978 (bsc#1123522) * fixed memory allocation failure (CVE-2016-9011) * Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2022-1560=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patchSUSE-SLE-SDK-12-SP5-2022-1560=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): libwmf-0_2-7-0.2.12-243.3.1 libwmf-0_2-7-debuginfo-0.2.12-243.3.1 libwmf-debugsource-0.2.12-243.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libwmf-0_2-7-0.2.12-243.3.1 libwmf-0_2-7-debuginfo-0.2.12-243.3.1 libwmf-debugsource-0.2.12-243.3.1 libwmf-devel-0.2.12-243.3.1 libwmf-gnome-0.2.12-243.3.1 libwmf-gnome-debuginfo-0.2.12-243.3.1 libwmf-tools-0.2.12-243.3.1 libwmf-tools-debuginfo-0.2.12-243.3.1 References: https://www.suse.com/security/cve/CVE-2016-9011.html https://www.suse.com/security/cve/CVE-2019-6978.html https://bugzilla.suse.com/1006739 https://bugzilla.suse.com/1123522 https://bugzilla.suse.com/1174075 . A new security patch for libwmf addresses significant vulnerabilities and enhances overall performance on SUSE Linux Enterprise systems.. SUSE Linux Update, Libwmf Fix, Critical Update, Software Security. . Severity: Critical. LinuxSecurity.com Team
An update that solves two vulnerabilities and has one errata is now available. . SUSE Security Update: Security update for libwmf ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1516-1 Rating: important References: #1006739 #1123522 #1174075 Cross-References: CVE-2016-9011 CVE-2019-6978 CVSS scores: CVE-2016-9011 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2019-6978 (NVD) : 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2019-6978 (SUSE): 4.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Linux Enterprise Workstation Extension 15-SP4 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for libwmf fixes the following issues: libwmf was updated to 0.2.12: * upstream changed to fork from Fedora: https://github.com/caolanm/libwmf * merged all the pending fixes * merge in fixes for libgd CVE-2019-6978 (bsc#1123522) * fixed memory allocation failure (CVE-2016-9011) * Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075) Patch Instructions: To install thisSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1516=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1516=1 - SUSE Linux Enterprise Workstation Extension 15-SP4: zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2022-1516=1 - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-1516=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-1516=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libwmf-0_2-7-0.2.12-150000.4.4.1 libwmf-0_2-7-debuginfo-0.2.12-150000.4.4.1 libwmf-debugsource-0.2.12-150000.4.4.1 libwmf-devel-0.2.12-150000.4.4.1 libwmf-gnome-0.2.12-150000.4.4.1 libwmf-gnome-debuginfo-0.2.12-150000.4.4.1 libwmf-tools-0.2.12-150000.4.4.1 libwmf-tools-debuginfo-0.2.12-150000.4.4.1 - openSUSE Leap 15.4 (x86_64): libwmf-0_2-7-32bit-0.2.12-150000.4.4.1 libwmf-0_2-7-32bit-debuginfo-0.2.12-150000.4.4.1 libwmf-gnome-32bit-0.2.12-150000.4.4.1 libwmf-gnome-32bit-debuginfo-0.2.12-150000.4.4.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libwmf-0_2-7-0.2.12-150000.4.4.1 libwmf-0_2-7-debuginfo-0.2.12-150000.4.4.1 libwmf-debugsource-0.2.12-150000.4.4.1 libwmf-devel-0.2.12-150000.4.4.1 libwmf-gnome-0.2.12-150000.4.4.1 libwmf-gnome-debuginfo-0.2.12-150000.4.4.1 libwmf-tools-0.2.12-150000.4.4.1 libwmf-tools-debuginfo-0.2.12-150000.4.4.1 - openSUSE Leap 15.3 (x86_64): libwmf-0_2-7-32bit-0.2.12-150000.4.4.1 libwmf-0_2-7-32bit-debuginfo-0.2.12-150000.4.4.1 libwmf-gnome-32bit-0.2.12-150000.4.4.1 libwmf-gnome-32bit-debuginfo-0.2.12-150000.4.4.1 - SUSE Linux Enterprise Workstation Extension 15-SP4 (x86_64): libwmf-0_2-7-0.2.12-150000.4.4.1 libwmf-0_2-7-debuginfo-0.2.12-150000.4.4.1 libwmf-debugsource-0.2.12-150000.4.4.1 libwmf-devel-0.2.12-150000.4.4.1 libwmf-gnome-0.2.12-150000.4.4.1 libwmf-gnome-debuginfo-0.2.12-150000.4.4.1 - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): libwmf-0_2-7-0.2.12-150000.4.4.1 libwmf-0_2-7-debuginfo-0.2.12-150000.4.4.1 libwmf-debugsource-0.2.12-150000.4.4.1 libwmf-devel-0.2.12-150000.4.4.1 libwmf-gnome-0.2.12-150000.4.4.1 libwmf-gnome-debuginfo-0.2.12-150000.4.4.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le s390x): libwmf-0_2-7-0.2.12-150000.4.4.1 libwmf-0_2-7-debuginfo-0.2.12-150000.4.4.1 libwmf-debugsource-0.2.12-150000.4.4.1 libwmf-devel-0.2.12-150000.4.4.1 libwmf-gnome-0.2.12-150000.4.4.1 libwmf-gnome-debuginfo-0.2.12-150000.4.4.1 References: https://www.suse.com/security/cve/CVE-2016-9011.html https://www.suse.com/security/cve/CVE-2019-6978.html https://bugzilla.suse.com/1006739 https://bugzilla.suse.com/1123522 https://bugzilla.suse.com/1174075 . SUSE Security Patch for libwmf tackling severe vulnerabilities. Resolves memory management concerns and fortifies protection for infrastructures.. SUSE Update, libwmf Security, Linux Patch. . Severity: Important. LinuxSecurity.com Team
An update for libwmf is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Low: libwmf security and bug fix update Advisory ID: RHSA-2020:3943-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:3943 Issue date: 2020-09-29 CVE Names: CVE-2019-6978 ==================================================================== 1. Summary: An update for libwmf is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The libwmf packages provide a library for reading and converting Windows Metafile Format (WMF) vector graphics. The library is used by applications such as GIMP and ImageMagick. Security Fix(es): * gd: double free in the gdImage*Ptr in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c (CVE-2019-6978) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other relatedinformation, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1671390 - CVE-2019-6978 gd: Double free in the gdImage*Ptr in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c 1840569 - bz1638365 broke libwmf utils 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: libwmf-0.2.8.4-44.el7.src.rpm x86_64: libwmf-0.2.8.4-44.el7.i686.rpm libwmf-0.2.8.4-44.el7.x86_64.rpm libwmf-debuginfo-0.2.8.4-44.el7.i686.rpm libwmf-debuginfo-0.2.8.4-44.el7.x86_64.rpm libwmf-lite-0.2.8.4-44.el7.i686.rpm libwmf-lite-0.2.8.4-44.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: libwmf-debuginfo-0.2.8.4-44.el7.i686.rpm libwmf-debuginfo-0.2.8.4-44.el7.x86_64.rpm libwmf-devel-0.2.8.4-44.el7.i686.rpm libwmf-devel-0.2.8.4-44.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): Source: libwmf-0.2.8.4-44.el7.src.rpm x86_64: libwmf-0.2.8.4-44.el7.i686.rpm libwmf-0.2.8.4-44.el7.x86_64.rpm libwmf-debuginfo-0.2.8.4-44.el7.i686.rpm libwmf-debuginfo-0.2.8.4-44.el7.x86_64.rpm libwmf-devel-0.2.8.4-44.el7.i686.rpm libwmf-devel-0.2.8.4-44.el7.x86_64.rpm libwmf-lite-0.2.8.4-44.el7.i686.rpm libwmf-lite-0.2.8.4-44.el7.x86_64.rpm Red Hat Enterprise Linux Server (v.7): Source: libwmf-0.2.8.4-44.el7.src.rpm ppc64: libwmf-debuginfo-0.2.8.4-44.el7.ppc.rpm libwmf-debuginfo-0.2.8.4-44.el7.ppc64.rpm libwmf-lite-0.2.8.4-44.el7.ppc.rpm libwmf-lite-0.2.8.4-44.el7.ppc64.rpm ppc64le: libwmf-0.2.8.4-44.el7.ppc64le.rpm libwmf-debuginfo-0.2.8.4-44.el7.ppc64le.rpm libwmf-lite-0.2.8.4-44.el7.ppc64le.rpm s390x: libwmf-debuginfo-0.2.8.4-44.el7.s390.rpm libwmf-debuginfo-0.2.8.4-44.el7.s390x.rpm libwmf-lite-0.2.8.4-44.el7.s390.rpm libwmf-lite-0.2.8.4-44.el7.s390x.rpm x86_64: libwmf-0.2.8.4-44.el7.i686.rpm libwmf-0.2.8.4-44.el7.x86_64.rpm libwmf-debuginfo-0.2.8.4-44.el7.i686.rpm libwmf-debuginfo-0.2.8.4-44.el7.x86_64.rpm libwmf-lite-0.2.8.4-44.el7.i686.rpm libwmf-lite-0.2.8.4-44.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: libwmf-0.2.8.4-44.el7.ppc.rpm libwmf-0.2.8.4-44.el7.ppc64.rpm libwmf-debuginfo-0.2.8.4-44.el7.ppc.rpm libwmf-debuginfo-0.2.8.4-44.el7.ppc64.rpm libwmf-devel-0.2.8.4-44.el7.ppc.rpm libwmf-devel-0.2.8.4-44.el7.ppc64.rpm ppc64le: libwmf-debuginfo-0.2.8.4-44.el7.ppc64le.rpm libwmf-devel-0.2.8.4-44.el7.ppc64le.rpm s390x: libwmf-0.2.8.4-44.el7.s390.rpm libwmf-0.2.8.4-44.el7.s390x.rpm libwmf-debuginfo-0.2.8.4-44.el7.s390.rpm libwmf-debuginfo-0.2.8.4-44.el7.s390x.rpm libwmf-devel-0.2.8.4-44.el7.s390.rpm libwmf-devel-0.2.8.4-44.el7.s390x.rpm x86_64: libwmf-debuginfo-0.2.8.4-44.el7.i686.rpm libwmf-debuginfo-0.2.8.4-44.el7.x86_64.rpm libwmf-devel-0.2.8.4-44.el7.i686.rpm libwmf-devel-0.2.8.4-44.el7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: libwmf-0.2.8.4-44.el7.src.rpm x86_64: libwmf-0.2.8.4-44.el7.i686.rpm libwmf-0.2.8.4-44.el7.x86_64.rpm libwmf-debuginfo-0.2.8.4-44.el7.i686.rpm libwmf-debuginfo-0.2.8.4-44.el7.x86_64.rpm libwmf-lite-0.2.8.4-44.el7.i686.rpm libwmf-lite-0.2.8.4-44.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: libwmf-debuginfo-0.2.8.4-44.el7.i686.rpm libwmf-debuginfo-0.2.8.4-44.el7.x86_64.rpm libwmf-devel-0.2.8.4-44.el7.i686.rpm libwmf-devel-0.2.8.4-44.el7.x86_64.rpm Thesepackages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-6978 https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.9_release_notes/index 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBX3Og5dzjgjWX9erEAQhrnA/+NJN9/qcnMP5btPeBT13QgIn6ubWLmcCP yR4vwTzhdojz/quI2PTHkX4RoQlF3LVZZtsJFLmYOQ0FtBHFF/vnys8wCHlJqBns CsINvN+2OEjvnMMyc4W1ZlcfVim3Di3lr/ZA2X2CXRSqMm2ZqI9/PRibehDWBaVV J4LAhijXTI0dpyGefvamBz4cvaNxfIksRvKMCTQlU1EXTxLsWSDpQru5atuouqyO bnsLkMUmRdEQOICHqlLv/p2hVBW32VfmCntuolEK/32I5/UCOZUkXwMpr1gs40z9 sS6ZlbW9L6vXofS4m4VL0mFvaLdukOO51b1Ji8Hu3cIUjrB6+dedvEviO5otx9AK uJYOO2QIxw+rA+8Ttr/6x3mJrux/u79dOMZlgXtoTZqCGEFJGirnBWEeHNwS8+Wq cs/KGxl5V10QqPmS9ur0wAk+kt6bCmQSYR0wRPio3k3p+puWphYkG40aRURm8bFg ffK1bkwcz/uQVHDGK5031dyikC/SeDTHXxrpYaaMAVrUoSDQmB9AY4MBCfVhj3cQ nn0XKeD3hlPhqBDBCviy920yU7M5mxY7e5cC7Y4MwwUc6aoZPZMdQNhzIH8jeusj /zhNrgla7VrWqL8hahlapGnZBncK9VkKXSF6CQcc3sE0AIb5b+APLc3c6xxfzSBU y7h+6n+fUus=TS3g -----END PGP SIGNATURE----- -- RHSA-announce mailing list
An update for libwmf is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Low: libwmf security update Advisory ID: RHSA-2019:2722-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:2722 Issue date: 2019-09-10 CVE Names: CVE-2019-6978 ==================================================================== 1. Summary: An update for libwmf is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat CodeReady Linux Builder (v. 8) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: The libwmf packages provide a library for reading and converting Windows Metafile Format (WMF) vector graphics. The library is used by applications such as GIMP and ImageMagick. Security Fix(es): * gd: double free in the gdImage*Ptr in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c (CVE-2019-6978) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1671390 -CVE-2019-6978 gd: double free in the gdImage*Ptr in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c 6. Package List: Red Hat Enterprise Linux AppStream (v. 8): Source: libwmf-0.2.9-8.el8_0.src.rpm aarch64: libwmf-0.2.9-8.el8_0.aarch64.rpm libwmf-debuginfo-0.2.9-8.el8_0.aarch64.rpm libwmf-debugsource-0.2.9-8.el8_0.aarch64.rpm libwmf-lite-0.2.9-8.el8_0.aarch64.rpm libwmf-lite-debuginfo-0.2.9-8.el8_0.aarch64.rpm ppc64le: libwmf-0.2.9-8.el8_0.ppc64le.rpm libwmf-debuginfo-0.2.9-8.el8_0.ppc64le.rpm libwmf-debugsource-0.2.9-8.el8_0.ppc64le.rpm libwmf-lite-0.2.9-8.el8_0.ppc64le.rpm libwmf-lite-debuginfo-0.2.9-8.el8_0.ppc64le.rpm s390x: libwmf-0.2.9-8.el8_0.s390x.rpm libwmf-debuginfo-0.2.9-8.el8_0.s390x.rpm libwmf-debugsource-0.2.9-8.el8_0.s390x.rpm libwmf-lite-0.2.9-8.el8_0.s390x.rpm libwmf-lite-debuginfo-0.2.9-8.el8_0.s390x.rpm x86_64: libwmf-0.2.9-8.el8_0.i686.rpm libwmf-0.2.9-8.el8_0.x86_64.rpm libwmf-debuginfo-0.2.9-8.el8_0.i686.rpm libwmf-debuginfo-0.2.9-8.el8_0.x86_64.rpm libwmf-debugsource-0.2.9-8.el8_0.i686.rpm libwmf-debugsource-0.2.9-8.el8_0.x86_64.rpm libwmf-lite-0.2.9-8.el8_0.i686.rpm libwmf-lite-0.2.9-8.el8_0.x86_64.rpm libwmf-lite-debuginfo-0.2.9-8.el8_0.i686.rpm libwmf-lite-debuginfo-0.2.9-8.el8_0.x86_64.rpm Red Hat CodeReady Linux Builder (v.8): aarch64: libwmf-debuginfo-0.2.9-8.el8_0.aarch64.rpm libwmf-debugsource-0.2.9-8.el8_0.aarch64.rpm libwmf-devel-0.2.9-8.el8_0.aarch64.rpm libwmf-lite-debuginfo-0.2.9-8.el8_0.aarch64.rpm ppc64le: libwmf-debuginfo-0.2.9-8.el8_0.ppc64le.rpm libwmf-debugsource-0.2.9-8.el8_0.ppc64le.rpm libwmf-devel-0.2.9-8.el8_0.ppc64le.rpm libwmf-lite-debuginfo-0.2.9-8.el8_0.ppc64le.rpm s390x: libwmf-debuginfo-0.2.9-8.el8_0.s390x.rpm libwmf-debugsource-0.2.9-8.el8_0.s390x.rpm libwmf-devel-0.2.9-8.el8_0.s390x.rpm libwmf-lite-debuginfo-0.2.9-8.el8_0.s390x.rpm x86_64: libwmf-debuginfo-0.2.9-8.el8_0.i686.rpm libwmf-debuginfo-0.2.9-8.el8_0.x86_64.rpm libwmf-debugsource-0.2.9-8.el8_0.i686.rpm libwmf-debugsource-0.2.9-8.el8_0.x86_64.rpm libwmf-devel-0.2.9-8.el8_0.i686.rpm libwmf-devel-0.2.9-8.el8_0.x86_64.rpm libwmf-lite-debuginfo-0.2.9-8.el8_0.i686.rpm libwmf-lite-debuginfo-0.2.9-8.el8_0.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2019-6978 https://access.redhat.com/security/updates/classification#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBXXi/y9zjgjWX9erEAQicIw/+PJQp1Kn9Yy4a6sWdAYSYiqNB+WvilqNm P/JF0dT947MIPKFukkrtfOIZ77u6du403FB2pM+anhGGGZW7iCB5SdVH2zFSOvz1 gXUryvVgQkoyx62P28PmTybtyA4Oq3gzp4XCKV38NA4czmMiqHn6/GclqrbG3LOS CAEfkb1LRfXeZbffvxnLIFUYRDCKyPI7zTdKCobTTAeDU/sbvhrmVZnXk4p773Rp ICEdBwzbFfUZrpe+H0ULIIk+k0LABj/z2i71vjXHFwrmml4GjXucjgDSV9+KEjj1 7uKpFe9yyZya+f0Nqr0OTEhCQh4huC5oXf3rwMrjX0KJPg2uNqaRmnQcPCmzzKmp o/KVEshPab0/K98R23xpRIs24QRc6aR36MFqDhAnoVA+vXXIQfHnNdaQ0BKQ+znc 7FXT5v98KDXADfSF3WWxWk0DX1EwBBYLgccQcuA9icLLpTGG7vBQ9rm3XN1nFWxd gYggMMIOLnabs43zsP2Hf/L5Fl5fqBzt/VXFMmcyFL9S0HeLqi6gymlHzGJZmqVb u555FNxxNW/xsIGUtSBCn1hbCbY1NHu4rfTA1BejIMwwKnW/PMmj+msDL4iR1NQS 1ngegcrQCxxbhJVlZunO3t6qvf2Ei6PGwZFZr8G+UGsFl6zk5MzVBvUEs/+/C7hi H46UUYDWBi4=DfAd -----END PGP SIGNATURE----- -- RHSA-announce mailing list
The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is unaffected. (CVE-2019-6978) References: . MGASA-2019-0085 - Updated libwmf packages fix security vulnerability Publication date: 14 Feb 2019 URL: https://advisories.mageia.org/MGASA-2019-0085.html Type: security Affected Mageia releases: 6 CVE: CVE-2019-6978 The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is unaffected. (CVE-2019-6978) References: - https://bugs.mageia.org/show_bug.cgi?id=24344 - https://lists.fedoraproject.org/archives/list/
New libwmf packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] libwmf (SSA:2018-120-01) New libwmf packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/libwmf-0.2.8.4-i586-7_slack14.1.txz: Rebuilt. Patched denial of service and possible execution of arbitrary code security issues. For more information, see: https://www.cve.org/CVERecord?id=CVE-2004-0941 https://www.cve.org/CVERecord?id=CVE-2006-3376 https://www.cve.org/CVERecord?id=CVE-2007-0455 https://www.cve.org/CVERecord?id=CVE-2007-2756 https://www.cve.org/CVERecord?id=CVE-2007-3472 https://www.cve.org/CVERecord?id=CVE-2007-3473 https://www.cve.org/CVERecord?id=CVE-2007-3477 https://www.cve.org/CVERecord?id=CVE-2009-3546 https://www.cve.org/CVERecord?id=CVE-2015-0848 https://www.cve.org/CVERecord?id=CVE-2015-4588 https://www.cve.org/CVERecord?id=CVE-2015-4695 https://www.cve.org/CVERecord?id=CVE-2015-4696 https://www.cve.org/CVERecord?id=CVE-2016-10167 https://www.cve.org/CVERecord?id=CVE-2016-10168 https://www.cve.org/CVERecord?id=CVE-2016-9011 https://www.cve.org/CVERecord?id=CVE-2016-9317 https://www.cve.org/CVERecord?id=CVE-2017-6362 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you. Updated package for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/libwmf-0.2.8.4-i486-5_slack13.0.txz Updated package for Slackware x86_6413.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/libwmf-0.2.8.4-x86_64-5_slack13.0.txz Updated package for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/libwmf-0.2.8.4-i486-6_slack13.1.txz Updated package for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/libwmf-0.2.8.4-x86_64-6_slack13.1.txz Updated package for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/libwmf-0.2.8.4-i486-6_slack13.37.txz Updated package for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/libwmf-0.2.8.4-x86_64-6_slack13.37.txz Updated package for Slackware 14.0: Updated package for Slackware x86_64 14.0: Updated package for Slackware 14.1: Updated package for Slackware x86_64 14.1: Updated package for Slackware 14.2: Updated package for Slackware x86_64 14.2: Updated package for Slackware -current: Updated package for Slackware x86_64 -current: MD5 signatures: +-------------+ Slackware 13.0 package: 6d0143e7e105188714f767aea522f4cb libwmf-0.2.8.4-i486-5_slack13.0.txz Slackware x86_64 13.0 package: 3f47383d824d93c4518f8fc738c0c820 libwmf-0.2.8.4-x86_64-5_slack13.0.txz Slackware 13.1 package: 871f2ed8d5b43a139607a4d6f959ff93 libwmf-0.2.8.4-i486-6_slack13.1.txz Slackware x86_64 13.1 package: a8cff7e3b53153589eab0a0bab9209de libwmf-0.2.8.4-x86_64-6_slack13.1.txz Slackware 13.37 package: 5db38178040f541080caf9776256331d libwmf-0.2.8.4-i486-6_slack13.37.txz Slackware x86_64 13.37 package: 5d308a63d03d940622ec21d870b01cde libwmf-0.2.8.4-x86_64-6_slack13.37.txz Slackware 14.0 package: c806e42bd0498db0f3b70957c7c3a401 libwmf-0.2.8.4-i486-6_slack14.0.txz Slackware x86_64 14.0 package: 376835bf78178bb15bb3c56cee454eb4 libwmf-0.2.8.4-x86_64-6_slack14.0.txz Slackware 14.1 package: 8a30446ddb36004db6d5ce10728807af libwmf-0.2.8.4-i486-6_slack14.1.txz Slackware x86_64 14.1 package: ceb7fa835645c9d55c3ad5eac9eab754 libwmf-0.2.8.4-x86_64-6_slack14.1.txz Slackware 14.2 package: 4d98c4cad02f173e00570dccccba226a libwmf-0.2.8.4-i586-7_slack14.1.txz Slackware x86_64 14.2 package: 0750711520b0cf4ff5a9a6e363815702 libwmf-0.2.8.4-x86_64-7_slack14.1.txz Slackware -current package: ac7070e538cf1d1bb08b68cf7883de6d l/libwmf-0.2.8.4-i586-8.txz Slackware x86_64 -current package: 5a60b94c51180b5a2d53dba2fe430379 l/libwmf-0.2.8.4-x86_64-8.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg libwmf-0.2.8.4-i586-7_slack14.1.txz +-----+ . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] libwmf (SSA:2018-120-01) New libw. libwmf, packages, slackware, -current. . Severity: Critical. LinuxSecurity.com Team
- Related: CVE-2017-6362 remove problematic function. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2017-b444c3b9c5 2017-10-04 20:36:58.444891 --------------------------------------------------------------------------------Name : libwmf Product : Fedora 27 Version : 0.2.8.4 Release : 53.fc27 URL : https://wvware.sourceforge.net/libwmf.html Summary : Windows MetaFile Library Description : A library for reading and converting Windows MetaFile vector graphics (WMF). --------------------------------------------------------------------------------Update Information: - Related: CVE-2017-6362 remove problematic function --------------------------------------------------------------------------------References: [ 1 ] Bug #1489844 - CVE-2017-6362 libwmf: gd: Double free in the gdImagePngPtr function [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1489844 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade libwmf' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
- Related: CVE-2017-6362 remove problematic function. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2017-b444c3b9c5 2017-10-04 14:19:13.679251 --------------------------------------------------------------------------------Name : libwmf Product : Fedora 27 Version : 0.2.8.4 Release : 53.fc27 URL : https://wvware.sourceforge.net/libwmf.html Summary : Windows MetaFile Library Description : A library for reading and converting Windows MetaFile vector graphics (WMF). --------------------------------------------------------------------------------Update Information: - Related: CVE-2017-6362 remove problematic function --------------------------------------------------------------------------------References: [ 1 ] Bug #1489844 - CVE-2017-6362 libwmf: gd: Double free in the gdImagePngPtr function [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1489844 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade libwmf' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Get the latest Linux and open source security news straight to your inbox.