Synopsis: Important: libwmf security update Advisory ID: SLSA-2015:1917-1 Issue Date: 2015-10-20 CVE Numbers: CVE-2015-0848 CVE-2015-4695 CVE-2015-4696 CVE-2015-4588 -- It was discovered that libwmf did not correctly process certain WMF (Windows Metafiles) with embedded BMP images. By tricking a victim into opening a specially crafted WMF file in an application using libwmf, a remote attacker could possibly use this flaw to execute arbitrary code with the privileges of the user running the application. (CVE-2015-0848, CVE-2015-4588) It was discovered that libwmf did not properly process certain WMF files. By tricking a victim into opening a specially crafted WMF file in an application using libwmf, a remote attacker could possibly exploit this flaw to cause a crash or execute arbitrary code with the privileges of the user running the application. (CVE-2015-4696) It was discovered that libwmf did not properly process certain WMF files. By tricking a victim into opening a specially crafted WMF file in an application using libwmf, a remote attacker could possibly exploit this flaw to cause a crash. (CVE-2015-4695) After installing the update, all applications using libwmf must be restarted for the update to take effect. -- SL6 x86_64 libwmf-0.2.8.4-25.el6_7.i686.rpm libwmf-0.2.8.4-25.el6_7.x86_64.rpm libwmf-debuginfo-0.2.8.4-25.el6_7.i686.rpm libwmf-debuginfo-0.2.8.4-25.el6_7.x86_64.rpm libwmf-lite-0.2.8.4-25.el6_7.i686.rpm libwmf-lite-0.2.8.4-25.el6_7.x86_64.rpm libwmf-devel-0.2.8.4-25.el6_7.i686.rpm libwmf-devel-0.2.8.4-25.el6_7.x86_64.rpm i386 libwmf-0.2.8.4-25.el6_7.i686.rpm libwmf-debuginfo-0.2.8.4-25.el6_7.i686.rpm libwmf-lite-0.2.8.4-25.el6_7.i686.rpm libwmf-devel-0.2.8.4-25.el6_7.i686.rpm SL7 x86_64 libwmf-0.2.8.4-41.el7_1.i686.rpm libwmf-0.2.8.4-41.el7_1.x86_64.rpm libwmf-debuginfo-0.2.8.4-41.el7_1.i686.rpm libwmf-debuginfo-0.2.8.4-41.el7_1.x86_64.rpm libwmf-lite-0.2.8.4-41.el7_1.i686.rpm libwmf-lite-0.2.8.4-41.el7_1.x86_64.rpm libwmf-devel-0.2.8.4-41.el7_1.i686.rpm libwmf-devel-0.2.8.4-41.el7_1.x86_64.rpm - Scientific Linux Development Team