Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 524
Alerts This Week
Warning Icon 1 524

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 24 articles for you...
100

SUSE: 2022:1560-1 Critical: Libwmf Memory Allocation Issue

An update that solves two vulnerabilities and has one errata is now available. . SUSE Security Update: Security update for libwmf ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1560-1 Rating: important References: #1006739 #1123522 #1174075 Cross-References: CVE-2016-9011 CVE-2019-6978 CVSS scores: CVE-2016-9011 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2019-6978 (NVD) : 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2019-6978 (SUSE): 4.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L Affected Products: SUSE Linux Enterprise Desktop 12-SP5 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Workstation Extension 12-SP5 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for libwmf fixes the following issues: libwmf was updated to 0.2.12: * upstream changed to fork from Fedora: https://github.com/caolanm/libwmf * merged all the pending fixes * merge in fixes for libgd CVE-2019-6978 (bsc#1123522) * fixed memory allocation failure (CVE-2016-9011) * Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2022-1560=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patchSUSE-SLE-SDK-12-SP5-2022-1560=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): libwmf-0_2-7-0.2.12-243.3.1 libwmf-0_2-7-debuginfo-0.2.12-243.3.1 libwmf-debugsource-0.2.12-243.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libwmf-0_2-7-0.2.12-243.3.1 libwmf-0_2-7-debuginfo-0.2.12-243.3.1 libwmf-debugsource-0.2.12-243.3.1 libwmf-devel-0.2.12-243.3.1 libwmf-gnome-0.2.12-243.3.1 libwmf-gnome-debuginfo-0.2.12-243.3.1 libwmf-tools-0.2.12-243.3.1 libwmf-tools-debuginfo-0.2.12-243.3.1 References: https://www.suse.com/security/cve/CVE-2016-9011.html https://www.suse.com/security/cve/CVE-2019-6978.html https://bugzilla.suse.com/1006739 https://bugzilla.suse.com/1123522 https://bugzilla.suse.com/1174075 . A new security patch for libwmf addresses significant vulnerabilities and enhances overall performance on SUSE Linux Enterprise systems.. SUSE Linux Update, Libwmf Fix, Critical Update, Software Security. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 May 06, 2022 Critical SuSE
100

SUSE: 2022:1516-1 Important: libwmf DoS Vulnerability Fix

An update that solves two vulnerabilities and has one errata is now available. . SUSE Security Update: Security update for libwmf ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1516-1 Rating: important References: #1006739 #1123522 #1174075 Cross-References: CVE-2016-9011 CVE-2019-6978 CVSS scores: CVE-2016-9011 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2019-6978 (NVD) : 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2019-6978 (SUSE): 4.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Linux Enterprise Workstation Extension 15-SP4 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for libwmf fixes the following issues: libwmf was updated to 0.2.12: * upstream changed to fork from Fedora: https://github.com/caolanm/libwmf * merged all the pending fixes * merge in fixes for libgd CVE-2019-6978 (bsc#1123522) * fixed memory allocation failure (CVE-2016-9011) * Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075) Patch Instructions: To install thisSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1516=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1516=1 - SUSE Linux Enterprise Workstation Extension 15-SP4: zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2022-1516=1 - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-1516=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-1516=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libwmf-0_2-7-0.2.12-150000.4.4.1 libwmf-0_2-7-debuginfo-0.2.12-150000.4.4.1 libwmf-debugsource-0.2.12-150000.4.4.1 libwmf-devel-0.2.12-150000.4.4.1 libwmf-gnome-0.2.12-150000.4.4.1 libwmf-gnome-debuginfo-0.2.12-150000.4.4.1 libwmf-tools-0.2.12-150000.4.4.1 libwmf-tools-debuginfo-0.2.12-150000.4.4.1 - openSUSE Leap 15.4 (x86_64): libwmf-0_2-7-32bit-0.2.12-150000.4.4.1 libwmf-0_2-7-32bit-debuginfo-0.2.12-150000.4.4.1 libwmf-gnome-32bit-0.2.12-150000.4.4.1 libwmf-gnome-32bit-debuginfo-0.2.12-150000.4.4.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libwmf-0_2-7-0.2.12-150000.4.4.1 libwmf-0_2-7-debuginfo-0.2.12-150000.4.4.1 libwmf-debugsource-0.2.12-150000.4.4.1 libwmf-devel-0.2.12-150000.4.4.1 libwmf-gnome-0.2.12-150000.4.4.1 libwmf-gnome-debuginfo-0.2.12-150000.4.4.1 libwmf-tools-0.2.12-150000.4.4.1 libwmf-tools-debuginfo-0.2.12-150000.4.4.1 - openSUSE Leap 15.3 (x86_64): libwmf-0_2-7-32bit-0.2.12-150000.4.4.1 libwmf-0_2-7-32bit-debuginfo-0.2.12-150000.4.4.1 libwmf-gnome-32bit-0.2.12-150000.4.4.1 libwmf-gnome-32bit-debuginfo-0.2.12-150000.4.4.1 - SUSE Linux Enterprise Workstation Extension 15-SP4 (x86_64): libwmf-0_2-7-0.2.12-150000.4.4.1 libwmf-0_2-7-debuginfo-0.2.12-150000.4.4.1 libwmf-debugsource-0.2.12-150000.4.4.1 libwmf-devel-0.2.12-150000.4.4.1 libwmf-gnome-0.2.12-150000.4.4.1 libwmf-gnome-debuginfo-0.2.12-150000.4.4.1 - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): libwmf-0_2-7-0.2.12-150000.4.4.1 libwmf-0_2-7-debuginfo-0.2.12-150000.4.4.1 libwmf-debugsource-0.2.12-150000.4.4.1 libwmf-devel-0.2.12-150000.4.4.1 libwmf-gnome-0.2.12-150000.4.4.1 libwmf-gnome-debuginfo-0.2.12-150000.4.4.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le s390x): libwmf-0_2-7-0.2.12-150000.4.4.1 libwmf-0_2-7-debuginfo-0.2.12-150000.4.4.1 libwmf-debugsource-0.2.12-150000.4.4.1 libwmf-devel-0.2.12-150000.4.4.1 libwmf-gnome-0.2.12-150000.4.4.1 libwmf-gnome-debuginfo-0.2.12-150000.4.4.1 References: https://www.suse.com/security/cve/CVE-2016-9011.html https://www.suse.com/security/cve/CVE-2019-6978.html https://bugzilla.suse.com/1006739 https://bugzilla.suse.com/1123522 https://bugzilla.suse.com/1174075 . SUSE Security Patch for libwmf tackling severe vulnerabilities. Resolves memory management concerns and fortifies protection for infrastructures.. SUSE Update, libwmf Security, Linux Patch. . Severity: Important. LinuxSecurity.com Team

Calendar%202 May 04, 2022 Important SuSE
98

Red Hat 7: RHSA-2020-3943-01 Low: Libwmf Security Update

An update for libwmf is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Low: libwmf security and bug fix update Advisory ID: RHSA-2020:3943-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:3943 Issue date: 2020-09-29 CVE Names: CVE-2019-6978 ==================================================================== 1. Summary: An update for libwmf is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The libwmf packages provide a library for reading and converting Windows Metafile Format (WMF) vector graphics. The library is used by applications such as GIMP and ImageMagick. Security Fix(es): * gd: double free in the gdImage*Ptr in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c (CVE-2019-6978) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other relatedinformation, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1671390 - CVE-2019-6978 gd: Double free in the gdImage*Ptr in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c 1840569 - bz1638365 broke libwmf utils 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: libwmf-0.2.8.4-44.el7.src.rpm x86_64: libwmf-0.2.8.4-44.el7.i686.rpm libwmf-0.2.8.4-44.el7.x86_64.rpm libwmf-debuginfo-0.2.8.4-44.el7.i686.rpm libwmf-debuginfo-0.2.8.4-44.el7.x86_64.rpm libwmf-lite-0.2.8.4-44.el7.i686.rpm libwmf-lite-0.2.8.4-44.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: libwmf-debuginfo-0.2.8.4-44.el7.i686.rpm libwmf-debuginfo-0.2.8.4-44.el7.x86_64.rpm libwmf-devel-0.2.8.4-44.el7.i686.rpm libwmf-devel-0.2.8.4-44.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): Source: libwmf-0.2.8.4-44.el7.src.rpm x86_64: libwmf-0.2.8.4-44.el7.i686.rpm libwmf-0.2.8.4-44.el7.x86_64.rpm libwmf-debuginfo-0.2.8.4-44.el7.i686.rpm libwmf-debuginfo-0.2.8.4-44.el7.x86_64.rpm libwmf-devel-0.2.8.4-44.el7.i686.rpm libwmf-devel-0.2.8.4-44.el7.x86_64.rpm libwmf-lite-0.2.8.4-44.el7.i686.rpm libwmf-lite-0.2.8.4-44.el7.x86_64.rpm Red Hat Enterprise Linux Server (v.7): Source: libwmf-0.2.8.4-44.el7.src.rpm ppc64: libwmf-debuginfo-0.2.8.4-44.el7.ppc.rpm libwmf-debuginfo-0.2.8.4-44.el7.ppc64.rpm libwmf-lite-0.2.8.4-44.el7.ppc.rpm libwmf-lite-0.2.8.4-44.el7.ppc64.rpm ppc64le: libwmf-0.2.8.4-44.el7.ppc64le.rpm libwmf-debuginfo-0.2.8.4-44.el7.ppc64le.rpm libwmf-lite-0.2.8.4-44.el7.ppc64le.rpm s390x: libwmf-debuginfo-0.2.8.4-44.el7.s390.rpm libwmf-debuginfo-0.2.8.4-44.el7.s390x.rpm libwmf-lite-0.2.8.4-44.el7.s390.rpm libwmf-lite-0.2.8.4-44.el7.s390x.rpm x86_64: libwmf-0.2.8.4-44.el7.i686.rpm libwmf-0.2.8.4-44.el7.x86_64.rpm libwmf-debuginfo-0.2.8.4-44.el7.i686.rpm libwmf-debuginfo-0.2.8.4-44.el7.x86_64.rpm libwmf-lite-0.2.8.4-44.el7.i686.rpm libwmf-lite-0.2.8.4-44.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: libwmf-0.2.8.4-44.el7.ppc.rpm libwmf-0.2.8.4-44.el7.ppc64.rpm libwmf-debuginfo-0.2.8.4-44.el7.ppc.rpm libwmf-debuginfo-0.2.8.4-44.el7.ppc64.rpm libwmf-devel-0.2.8.4-44.el7.ppc.rpm libwmf-devel-0.2.8.4-44.el7.ppc64.rpm ppc64le: libwmf-debuginfo-0.2.8.4-44.el7.ppc64le.rpm libwmf-devel-0.2.8.4-44.el7.ppc64le.rpm s390x: libwmf-0.2.8.4-44.el7.s390.rpm libwmf-0.2.8.4-44.el7.s390x.rpm libwmf-debuginfo-0.2.8.4-44.el7.s390.rpm libwmf-debuginfo-0.2.8.4-44.el7.s390x.rpm libwmf-devel-0.2.8.4-44.el7.s390.rpm libwmf-devel-0.2.8.4-44.el7.s390x.rpm x86_64: libwmf-debuginfo-0.2.8.4-44.el7.i686.rpm libwmf-debuginfo-0.2.8.4-44.el7.x86_64.rpm libwmf-devel-0.2.8.4-44.el7.i686.rpm libwmf-devel-0.2.8.4-44.el7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: libwmf-0.2.8.4-44.el7.src.rpm x86_64: libwmf-0.2.8.4-44.el7.i686.rpm libwmf-0.2.8.4-44.el7.x86_64.rpm libwmf-debuginfo-0.2.8.4-44.el7.i686.rpm libwmf-debuginfo-0.2.8.4-44.el7.x86_64.rpm libwmf-lite-0.2.8.4-44.el7.i686.rpm libwmf-lite-0.2.8.4-44.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: libwmf-debuginfo-0.2.8.4-44.el7.i686.rpm libwmf-debuginfo-0.2.8.4-44.el7.x86_64.rpm libwmf-devel-0.2.8.4-44.el7.i686.rpm libwmf-devel-0.2.8.4-44.el7.x86_64.rpm Thesepackages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-6978 https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.9_release_notes/index 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBX3Og5dzjgjWX9erEAQhrnA/+NJN9/qcnMP5btPeBT13QgIn6ubWLmcCP yR4vwTzhdojz/quI2PTHkX4RoQlF3LVZZtsJFLmYOQ0FtBHFF/vnys8wCHlJqBns CsINvN+2OEjvnMMyc4W1ZlcfVim3Di3lr/ZA2X2CXRSqMm2ZqI9/PRibehDWBaVV J4LAhijXTI0dpyGefvamBz4cvaNxfIksRvKMCTQlU1EXTxLsWSDpQru5atuouqyO bnsLkMUmRdEQOICHqlLv/p2hVBW32VfmCntuolEK/32I5/UCOZUkXwMpr1gs40z9 sS6ZlbW9L6vXofS4m4VL0mFvaLdukOO51b1Ji8Hu3cIUjrB6+dedvEviO5otx9AK uJYOO2QIxw+rA+8Ttr/6x3mJrux/u79dOMZlgXtoTZqCGEFJGirnBWEeHNwS8+Wq cs/KGxl5V10QqPmS9ur0wAk+kt6bCmQSYR0wRPio3k3p+puWphYkG40aRURm8bFg ffK1bkwcz/uQVHDGK5031dyikC/SeDTHXxrpYaaMAVrUoSDQmB9AY4MBCfVhj3cQ nn0XKeD3hlPhqBDBCviy920yU7M5mxY7e5cC7Y4MwwUc6aoZPZMdQNhzIH8jeusj /zhNrgla7VrWqL8hahlapGnZBncK9VkKXSF6CQcc3sE0AIb5b+APLc3c6xxfzSBU y7h+6n+fUus=TS3g -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Ubuntu issues critical notice regarding libxml2 upgrade featuring significant enhancements. Ensure safety by adopting the most recent updates.. libwmf Update, Red Hat Security, Linux Bug Fix, Security Advisory. . Severity: Low. LinuxSecurity.com Team

Calendar%202 Sep 29, 2020 Low Red Hat
98

Red Hat Enterprise Linux 8: RHSA-2019-2722-01 Low: libwmf Double Free Issue

An update for libwmf is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Low: libwmf security update Advisory ID: RHSA-2019:2722-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:2722 Issue date: 2019-09-10 CVE Names: CVE-2019-6978 ==================================================================== 1. Summary: An update for libwmf is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat CodeReady Linux Builder (v. 8) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: The libwmf packages provide a library for reading and converting Windows Metafile Format (WMF) vector graphics. The library is used by applications such as GIMP and ImageMagick. Security Fix(es): * gd: double free in the gdImage*Ptr in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c (CVE-2019-6978) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1671390 -CVE-2019-6978 gd: double free in the gdImage*Ptr in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c 6. Package List: Red Hat Enterprise Linux AppStream (v. 8): Source: libwmf-0.2.9-8.el8_0.src.rpm aarch64: libwmf-0.2.9-8.el8_0.aarch64.rpm libwmf-debuginfo-0.2.9-8.el8_0.aarch64.rpm libwmf-debugsource-0.2.9-8.el8_0.aarch64.rpm libwmf-lite-0.2.9-8.el8_0.aarch64.rpm libwmf-lite-debuginfo-0.2.9-8.el8_0.aarch64.rpm ppc64le: libwmf-0.2.9-8.el8_0.ppc64le.rpm libwmf-debuginfo-0.2.9-8.el8_0.ppc64le.rpm libwmf-debugsource-0.2.9-8.el8_0.ppc64le.rpm libwmf-lite-0.2.9-8.el8_0.ppc64le.rpm libwmf-lite-debuginfo-0.2.9-8.el8_0.ppc64le.rpm s390x: libwmf-0.2.9-8.el8_0.s390x.rpm libwmf-debuginfo-0.2.9-8.el8_0.s390x.rpm libwmf-debugsource-0.2.9-8.el8_0.s390x.rpm libwmf-lite-0.2.9-8.el8_0.s390x.rpm libwmf-lite-debuginfo-0.2.9-8.el8_0.s390x.rpm x86_64: libwmf-0.2.9-8.el8_0.i686.rpm libwmf-0.2.9-8.el8_0.x86_64.rpm libwmf-debuginfo-0.2.9-8.el8_0.i686.rpm libwmf-debuginfo-0.2.9-8.el8_0.x86_64.rpm libwmf-debugsource-0.2.9-8.el8_0.i686.rpm libwmf-debugsource-0.2.9-8.el8_0.x86_64.rpm libwmf-lite-0.2.9-8.el8_0.i686.rpm libwmf-lite-0.2.9-8.el8_0.x86_64.rpm libwmf-lite-debuginfo-0.2.9-8.el8_0.i686.rpm libwmf-lite-debuginfo-0.2.9-8.el8_0.x86_64.rpm Red Hat CodeReady Linux Builder (v.8): aarch64: libwmf-debuginfo-0.2.9-8.el8_0.aarch64.rpm libwmf-debugsource-0.2.9-8.el8_0.aarch64.rpm libwmf-devel-0.2.9-8.el8_0.aarch64.rpm libwmf-lite-debuginfo-0.2.9-8.el8_0.aarch64.rpm ppc64le: libwmf-debuginfo-0.2.9-8.el8_0.ppc64le.rpm libwmf-debugsource-0.2.9-8.el8_0.ppc64le.rpm libwmf-devel-0.2.9-8.el8_0.ppc64le.rpm libwmf-lite-debuginfo-0.2.9-8.el8_0.ppc64le.rpm s390x: libwmf-debuginfo-0.2.9-8.el8_0.s390x.rpm libwmf-debugsource-0.2.9-8.el8_0.s390x.rpm libwmf-devel-0.2.9-8.el8_0.s390x.rpm libwmf-lite-debuginfo-0.2.9-8.el8_0.s390x.rpm x86_64: libwmf-debuginfo-0.2.9-8.el8_0.i686.rpm libwmf-debuginfo-0.2.9-8.el8_0.x86_64.rpm libwmf-debugsource-0.2.9-8.el8_0.i686.rpm libwmf-debugsource-0.2.9-8.el8_0.x86_64.rpm libwmf-devel-0.2.9-8.el8_0.i686.rpm libwmf-devel-0.2.9-8.el8_0.x86_64.rpm libwmf-lite-debuginfo-0.2.9-8.el8_0.i686.rpm libwmf-lite-debuginfo-0.2.9-8.el8_0.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2019-6978 https://access.redhat.com/security/updates/classification#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBXXi/y9zjgjWX9erEAQicIw/+PJQp1Kn9Yy4a6sWdAYSYiqNB+WvilqNm P/JF0dT947MIPKFukkrtfOIZ77u6du403FB2pM+anhGGGZW7iCB5SdVH2zFSOvz1 gXUryvVgQkoyx62P28PmTybtyA4Oq3gzp4XCKV38NA4czmMiqHn6/GclqrbG3LOS CAEfkb1LRfXeZbffvxnLIFUYRDCKyPI7zTdKCobTTAeDU/sbvhrmVZnXk4p773Rp ICEdBwzbFfUZrpe+H0ULIIk+k0LABj/z2i71vjXHFwrmml4GjXucjgDSV9+KEjj1 7uKpFe9yyZya+f0Nqr0OTEhCQh4huC5oXf3rwMrjX0KJPg2uNqaRmnQcPCmzzKmp o/KVEshPab0/K98R23xpRIs24QRc6aR36MFqDhAnoVA+vXXIQfHnNdaQ0BKQ+znc 7FXT5v98KDXADfSF3WWxWk0DX1EwBBYLgccQcuA9icLLpTGG7vBQ9rm3XN1nFWxd gYggMMIOLnabs43zsP2Hf/L5Fl5fqBzt/VXFMmcyFL9S0HeLqi6gymlHzGJZmqVb u555FNxxNW/xsIGUtSBCn1hbCbY1NHu4rfTA1BejIMwwKnW/PMmj+msDL4iR1NQS 1ngegcrQCxxbhJVlZunO3t6qvf2Ei6PGwZFZr8G+UGsFl6zk5MzVBvUEs/+/C7hi H46UUYDWBi4=DfAd -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Canonical has issued a moderate severity patch for libjpeg correcting a significant buffer overflow vulnerability.. Red Hat Security, libwmf Update, Linux Enterprise Security, Low Severity Advisory. . Severity: Low. LinuxSecurity.com Team

Calendar%202 Sep 11, 2019 Low Red Hat
203

Mageia 6: MGASA-2019-0085 Critical: Libwmf Double Free Issue

The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is unaffected. (CVE-2019-6978) References: . MGASA-2019-0085 - Updated libwmf packages fix security vulnerability Publication date: 14 Feb 2019 URL: https://advisories.mageia.org/MGASA-2019-0085.html Type: security Affected Mageia releases: 6 CVE: CVE-2019-6978 The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is unaffected. (CVE-2019-6978) References: - https://bugs.mageia.org/show_bug.cgi?id=24344 - https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./thread/L32G56HKBVCM2HEZASWDWDWEXQTBWNZP/ - https://www.cve.org/CVERecord?id=CVE-2019-6978 SRPMS: - 6/core/libwmf-0.2.12-1.mga6 . Mageia 2020-0121 upgrades libwmf to fix memory corruption issue in image processing library, improving system safety.. Mageia, Libwmf, Security Update, Graphic Library, Double Free. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Feb 14, 2019 Critical Mageia
99

Slackware 14.2 SSA:2018-120-01 Critical: libwmf DoS Threat

New libwmf packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] libwmf (SSA:2018-120-01) New libwmf packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/libwmf-0.2.8.4-i586-7_slack14.1.txz: Rebuilt. Patched denial of service and possible execution of arbitrary code security issues. For more information, see: https://www.cve.org/CVERecord?id=CVE-2004-0941 https://www.cve.org/CVERecord?id=CVE-2006-3376 https://www.cve.org/CVERecord?id=CVE-2007-0455 https://www.cve.org/CVERecord?id=CVE-2007-2756 https://www.cve.org/CVERecord?id=CVE-2007-3472 https://www.cve.org/CVERecord?id=CVE-2007-3473 https://www.cve.org/CVERecord?id=CVE-2007-3477 https://www.cve.org/CVERecord?id=CVE-2009-3546 https://www.cve.org/CVERecord?id=CVE-2015-0848 https://www.cve.org/CVERecord?id=CVE-2015-4588 https://www.cve.org/CVERecord?id=CVE-2015-4695 https://www.cve.org/CVERecord?id=CVE-2015-4696 https://www.cve.org/CVERecord?id=CVE-2016-10167 https://www.cve.org/CVERecord?id=CVE-2016-10168 https://www.cve.org/CVERecord?id=CVE-2016-9011 https://www.cve.org/CVERecord?id=CVE-2016-9317 https://www.cve.org/CVERecord?id=CVE-2017-6362 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you. Updated package for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/libwmf-0.2.8.4-i486-5_slack13.0.txz Updated package for Slackware x86_6413.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/libwmf-0.2.8.4-x86_64-5_slack13.0.txz Updated package for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/libwmf-0.2.8.4-i486-6_slack13.1.txz Updated package for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/libwmf-0.2.8.4-x86_64-6_slack13.1.txz Updated package for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/libwmf-0.2.8.4-i486-6_slack13.37.txz Updated package for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/libwmf-0.2.8.4-x86_64-6_slack13.37.txz Updated package for Slackware 14.0: Updated package for Slackware x86_64 14.0: Updated package for Slackware 14.1: Updated package for Slackware x86_64 14.1: Updated package for Slackware 14.2: Updated package for Slackware x86_64 14.2: Updated package for Slackware -current: Updated package for Slackware x86_64 -current: MD5 signatures: +-------------+ Slackware 13.0 package: 6d0143e7e105188714f767aea522f4cb libwmf-0.2.8.4-i486-5_slack13.0.txz Slackware x86_64 13.0 package: 3f47383d824d93c4518f8fc738c0c820 libwmf-0.2.8.4-x86_64-5_slack13.0.txz Slackware 13.1 package: 871f2ed8d5b43a139607a4d6f959ff93 libwmf-0.2.8.4-i486-6_slack13.1.txz Slackware x86_64 13.1 package: a8cff7e3b53153589eab0a0bab9209de libwmf-0.2.8.4-x86_64-6_slack13.1.txz Slackware 13.37 package: 5db38178040f541080caf9776256331d libwmf-0.2.8.4-i486-6_slack13.37.txz Slackware x86_64 13.37 package: 5d308a63d03d940622ec21d870b01cde libwmf-0.2.8.4-x86_64-6_slack13.37.txz Slackware 14.0 package: c806e42bd0498db0f3b70957c7c3a401 libwmf-0.2.8.4-i486-6_slack14.0.txz Slackware x86_64 14.0 package: 376835bf78178bb15bb3c56cee454eb4 libwmf-0.2.8.4-x86_64-6_slack14.0.txz Slackware 14.1 package: 8a30446ddb36004db6d5ce10728807af libwmf-0.2.8.4-i486-6_slack14.1.txz Slackware x86_64 14.1 package: ceb7fa835645c9d55c3ad5eac9eab754 libwmf-0.2.8.4-x86_64-6_slack14.1.txz Slackware 14.2 package: 4d98c4cad02f173e00570dccccba226a libwmf-0.2.8.4-i586-7_slack14.1.txz Slackware x86_64 14.2 package: 0750711520b0cf4ff5a9a6e363815702 libwmf-0.2.8.4-x86_64-7_slack14.1.txz Slackware -current package: ac7070e538cf1d1bb08b68cf7883de6d l/libwmf-0.2.8.4-i586-8.txz Slackware x86_64 -current package: 5a60b94c51180b5a2d53dba2fe430379 l/libwmf-0.2.8.4-x86_64-8.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg libwmf-0.2.8.4-i586-7_slack14.1.txz +-----+ . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] libwmf (SSA:2018-120-01) New libw. libwmf, packages, slackware, -current. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 May 01, 2018 Critical Slackware
89

Fedora 27: libwmf Update for Critical Double Free Issue

- Related: CVE-2017-6362 remove problematic function. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2017-b444c3b9c5 2017-10-04 20:36:58.444891 --------------------------------------------------------------------------------Name : libwmf Product : Fedora 27 Version : 0.2.8.4 Release : 53.fc27 URL : https://wvware.sourceforge.net/libwmf.html Summary : Windows MetaFile Library Description : A library for reading and converting Windows MetaFile vector graphics (WMF). --------------------------------------------------------------------------------Update Information: - Related: CVE-2017-6362 remove problematic function --------------------------------------------------------------------------------References: [ 1 ] Bug #1489844 - CVE-2017-6362 libwmf: gd: Double free in the gdImagePngPtr function [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1489844 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade libwmf' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. . Fedora 27 introduces libwmf patch aimed at fixing a double free vulnerability affecting the gdImagePngPtr function.. Fedora 27 Libwmf Update, Security Patch Fedora, Double Free Fix. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Oct 04, 2017 Critical Fedora
89

Fedora 27 Update: 2017-b444c3b9c5 Moderate: libwmf Double Free Issue

- Related: CVE-2017-6362 remove problematic function. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2017-b444c3b9c5 2017-10-04 14:19:13.679251 --------------------------------------------------------------------------------Name : libwmf Product : Fedora 27 Version : 0.2.8.4 Release : 53.fc27 URL : https://wvware.sourceforge.net/libwmf.html Summary : Windows MetaFile Library Description : A library for reading and converting Windows MetaFile vector graphics (WMF). --------------------------------------------------------------------------------Update Information: - Related: CVE-2017-6362 remove problematic function --------------------------------------------------------------------------------References: [ 1 ] Bug #1489844 - CVE-2017-6362 libwmf: gd: Double free in the gdImagePngPtr function [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1489844 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade libwmf' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. . The latest Fedora update for libwmf is crucial as it fixes CVE-2017-6362, addressing serious double free vulnerabilities to enhance system security and stability. Fedora 27 Update, libwmf Security, Double Free Threat, CVE-2017-6362, Software Update. . Severity: Important.LinuxSecurity.com Team

Calendar%202 Oct 04, 2017 Important Fedora
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200