Important CentOS libwmf Security Update

Metadata

medium
6.8
libwmf-0.2.8.4-25.el6_7.i686.rpm, libwmf-0.2.8.4-25.el6_7.src.rpm, libwmf-0.2.8.4-25.el6_7.x86_64.rpm, libwmf-0.2.8.4-41.el7_1.i686.rpm, libwmf-0.2.8.4-41.el7_1.src.rpm, libwmf-0.2.8.4-41.el7_1.x86_64.rpm, libwmf-devel-0.2.8.4-25.el6_7.i686.rpm, libwmf-devel-0.2.8.4-25.el6_7.x86_64.rpm, libwmf-devel-0.2.8.4-41.el7_1.i686.rpm, libwmf-devel-0.2.8.4-41.el7_1.x86_64.rpm, libwmf-lite-0.2.8.4-25.el6_7.i686.rpm, libwmf-lite-0.2.8.4-25.el6_7.x86_64.rpm, libwmf-lite-0.2.8.4-41.el7_1.i686.rpm, libwmf-lite-0.2.8.4-41.el7_1.x86_64.rpm
CVE-2015-0848, CVE-2015-4588, CVE-2015-4695, CVE-2015-4696
rhn.redhat.com, lists.centos.org, lists.centos.org
2015-10-20
2017-07-27 19:09
ALAS-2015-604
CVE-2015-4695 libwmf
CVE-2015-4588 libwmf
CVE-2015-4696 libwmf
CVE-2015-0848 libwmf
CVE-2015-0848
CVE-2015-4695
CVE-2015-4696
CVE-2015-4588
2017-04-01 19:09
2017-01-05 20:13

Description


Updated libwmf packages that fix multiple security issues are now available
for Red Hat Enterprise Linux 6 and 7.

Red Hat Product Security has rated this update as having Important security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.

libwmf is a library for reading and converting Windows Metafile Format
(WMF) vector graphics. libwmf is used by applications such as GIMP and
ImageMagick.

It was discovered that libwmf did not correctly process certain WMF
(Windows Metafiles) with embedded BMP images. By tricking a victim into
opening a specially crafted WMF file in an application using libwmf, a
remote attacker could possibly use this flaw to execute arbitrary code with
the privileges of the user running the application. (CVE-2015-0848,
CVE-2015-4588)

It was discovered that libwmf did not properly process certain WMF files.
By tricking a victim into opening a specially crafted WMF file in an
application using libwmf, a remote attacker could possibly exploit this
flaw to cause a crash or execute arbitrary code with the privileges of the
user running the application. (CVE-2015-4696)

It was discovered that libwmf did not properly process certain WMF files.
By tricking a victim into opening a specially crafted WMF file in an
application using libwmf, a remote attacker could possibly exploit this
flaw to cause a crash. (CVE-2015-4695)

All users of libwmf are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. After installing the
update, all applications using libwmf must be restarted for the update to
take effect.
Please see https://www.redhat.com/footer/terms-of-use.html

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

Release Package Patched in
6 libwmf libwmf-0.2.8.4-25.el6_7.i686.rpm
libwmf libwmf-0.2.8.4-25.el6_7.src.rpm
libwmf libwmf-0.2.8.4-25.el6_7.x86_64.rpm
libwmf-devel libwmf-devel-0.2.8.4-25.el6_7.x86_64.rpm
libwmf-devel libwmf-devel-0.2.8.4-25.el6_7.i686.rpm
libwmf-lite libwmf-lite-0.2.8.4-25.el6_7.x86_64.rpm
libwmf-lite libwmf-lite-0.2.8.4-25.el6_7.i686.rpm
7 libwmf libwmf-0.2.8.4-41.el7_1.x86_64.rpm
libwmf libwmf-0.2.8.4-41.el7_1.i686.rpm
libwmf libwmf-0.2.8.4-41.el7_1.src.rpm
libwmf-devel libwmf-devel-0.2.8.4-41.el7_1.i686.rpm
libwmf-devel libwmf-devel-0.2.8.4-41.el7_1.x86_64.rpm
libwmf-lite libwmf-lite-0.2.8.4-41.el7_1.x86_64.rpm
libwmf-lite libwmf-lite-0.2.8.4-41.el7_1.i686.rpm