LISTSERV - SCIENTIFIC-LINUX-ERRATA Archives

Synopsis:          Important: libwmf security update
Advisory ID:       SLSA-2015:1917-1
Issue Date:        2015-10-20
CVE Numbers:       CVE-2015-0848
                   CVE-2015-4695
                   CVE-2015-4696
                   CVE-2015-4588
--

It was discovered that libwmf did not correctly process certain WMF
(Windows Metafiles) with embedded BMP images. By tricking a victim into
opening a specially crafted WMF file in an application using libwmf, a
remote attacker could possibly use this flaw to execute arbitrary code
with the privileges of the user running the application. (CVE-2015-0848,
CVE-2015-4588)

It was discovered that libwmf did not properly process certain WMF files.
By tricking a victim into opening a specially crafted WMF file in an
application using libwmf, a remote attacker could possibly exploit this
flaw to cause a crash or execute arbitrary code with the privileges of the
user running the application. (CVE-2015-4696)

It was discovered that libwmf did not properly process certain WMF files.
By tricking a victim into opening a specially crafted WMF file in an
application using libwmf, a remote attacker could possibly exploit this
flaw to cause a crash. (CVE-2015-4695)

After installing the update, all applications using libwmf must be
restarted for the update to take effect.
--

SL6
  x86_64
    libwmf-0.2.8.4-25.el6_7.i686.rpm
    libwmf-0.2.8.4-25.el6_7.x86_64.rpm
    libwmf-debuginfo-0.2.8.4-25.el6_7.i686.rpm
    libwmf-debuginfo-0.2.8.4-25.el6_7.x86_64.rpm
    libwmf-lite-0.2.8.4-25.el6_7.i686.rpm
    libwmf-lite-0.2.8.4-25.el6_7.x86_64.rpm
    libwmf-devel-0.2.8.4-25.el6_7.i686.rpm
    libwmf-devel-0.2.8.4-25.el6_7.x86_64.rpm
  i386
    libwmf-0.2.8.4-25.el6_7.i686.rpm
    libwmf-debuginfo-0.2.8.4-25.el6_7.i686.rpm
    libwmf-lite-0.2.8.4-25.el6_7.i686.rpm
    libwmf-devel-0.2.8.4-25.el6_7.i686.rpm
SL7
  x86_64
    libwmf-0.2.8.4-41.el7_1.i686.rpm
    libwmf-0.2.8.4-41.el7_1.x86_64.rpm
    libwmf-debuginfo-0.2.8.4-41.el7_1.i686.rpm
    libwmf-debuginfo-0.2.8.4-41.el7_1.x86_64.rpm
    libwmf-lite-0.2.8.4-41.el7_1.i686.rpm
    libwmf-lite-0.2.8.4-41.el7_1.x86_64.rpm
    libwmf-devel-0.2.8.4-41.el7_1.i686.rpm
    libwmf-devel-0.2.8.4-41.el7_1.x86_64.rpm

- Scientific Linux Development Team