Skip to navigation

Security Advisory libwmf security update

Advisory: RHSA-2006:0597-5
Type: Security Advisory
Severity: Moderate
Issued on: 2006-07-18
Last updated on: 2006-07-18
Affected Products: Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 4)
CVEs (cve.mitre.org): CVE-2006-3376

Details

Updated libwmf packages that fix a security flaw are now available for Red
Hat Enterprise Linux 4.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

Libwmf is a library for reading and converting Windows MetaFile vector
graphics (WMF). Libwmf is used by packages such as The GIMP and ImageMagick.

An integer overflow flaw was discovered in libwmf. An attacker could
create a carefully crafted WMF flaw that could execute arbitrary code if
opened by a victim. (CVE-2006-3376).

Users of libwmf should update to these packages which contain a backported
security patch to correct this issue.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Updated packages

Red Hat Desktop (v. 4)

IA-32:
libwmf-0.2.8.3-5.3.i386.rpm
File outdated by:  RHSA-2009:0457
    MD5: 95ce0776b99d34b2305b01d2491c8ff7
libwmf-devel-0.2.8.3-5.3.i386.rpm
File outdated by:  RHSA-2009:0457
    MD5: 09e45037b62f7463fe722e507078df59
 
x86_64:
libwmf-0.2.8.3-5.3.i386.rpm
File outdated by:  RHSA-2009:0457
    MD5: 95ce0776b99d34b2305b01d2491c8ff7
libwmf-0.2.8.3-5.3.x86_64.rpm
File outdated by:  RHSA-2009:0457
    MD5: db3a6a0d9976a0a90e0bcc8318babed3
libwmf-devel-0.2.8.3-5.3.x86_64.rpm
File outdated by:  RHSA-2009:0457
    MD5: 255efbcafa17355b7d366e77f28ea92e
 
Red Hat Enterprise Linux AS (v. 4)

IA-32:
libwmf-0.2.8.3-5.3.i386.rpm
File outdated by:  RHSA-2009:0457
    MD5: 95ce0776b99d34b2305b01d2491c8ff7
libwmf-devel-0.2.8.3-5.3.i386.rpm
File outdated by:  RHSA-2009:0457
    MD5: 09e45037b62f7463fe722e507078df59
 
IA-64:
libwmf-0.2.8.3-5.3.i386.rpm
File outdated by:  RHSA-2009:0457
    MD5: 95ce0776b99d34b2305b01d2491c8ff7
libwmf-0.2.8.3-5.3.ia64.rpm
File outdated by:  RHSA-2009:0457
    MD5: da0236a75948cccfa9a8534091af47bb
libwmf-devel-0.2.8.3-5.3.ia64.rpm
File outdated by:  RHSA-2009:0457
    MD5: e211c15294c79a83bfcead7abe175bb5
 
PPC:
libwmf-0.2.8.3-5.3.ppc.rpm
File outdated by:  RHSA-2009:0457
    MD5: 73258f72fc27adf63b5598265a3d41d4
libwmf-0.2.8.3-5.3.ppc64.rpm
File outdated by:  RHSA-2009:0457
    MD5: 09a24c35d6711648ef35f81800a7201e
libwmf-devel-0.2.8.3-5.3.ppc.rpm
File outdated by:  RHSA-2009:0457
    MD5: 5bf40c54b6ba949f8e02ebb5e13984f0
 
s390:
libwmf-0.2.8.3-5.3.s390.rpm
File outdated by:  RHSA-2009:0457
    MD5: 44dac72b0172705871d0c368269e7f9a
libwmf-devel-0.2.8.3-5.3.s390.rpm
File outdated by:  RHSA-2009:0457
    MD5: 92190ab8c67aa978b499f750d7399ef5
 
s390x:
libwmf-0.2.8.3-5.3.s390.rpm
File outdated by:  RHSA-2009:0457
    MD5: 44dac72b0172705871d0c368269e7f9a
libwmf-0.2.8.3-5.3.s390x.rpm
File outdated by:  RHSA-2009:0457
    MD5: 4429fd7bbc35881cd9f29cc5c2ecda22
libwmf-devel-0.2.8.3-5.3.s390x.rpm
File outdated by:  RHSA-2009:0457
    MD5: 661d64b1287985b92b22848dcd075887
 
x86_64:
libwmf-0.2.8.3-5.3.i386.rpm
File outdated by:  RHSA-2009:0457
    MD5: 95ce0776b99d34b2305b01d2491c8ff7
libwmf-0.2.8.3-5.3.x86_64.rpm
File outdated by:  RHSA-2009:0457
    MD5: db3a6a0d9976a0a90e0bcc8318babed3
libwmf-devel-0.2.8.3-5.3.x86_64.rpm
File outdated by:  RHSA-2009:0457
    MD5: 255efbcafa17355b7d366e77f28ea92e
 
Red Hat Enterprise Linux ES (v. 4)

IA-32:
libwmf-0.2.8.3-5.3.i386.rpm
File outdated by:  RHSA-2009:0457
    MD5: 95ce0776b99d34b2305b01d2491c8ff7
libwmf-devel-0.2.8.3-5.3.i386.rpm
File outdated by:  RHSA-2009:0457
    MD5: 09e45037b62f7463fe722e507078df59
 
IA-64:
libwmf-0.2.8.3-5.3.i386.rpm
File outdated by:  RHSA-2009:0457
    MD5: 95ce0776b99d34b2305b01d2491c8ff7
libwmf-0.2.8.3-5.3.ia64.rpm
File outdated by:  RHSA-2009:0457
    MD5: da0236a75948cccfa9a8534091af47bb
libwmf-devel-0.2.8.3-5.3.ia64.rpm
File outdated by:  RHSA-2009:0457
    MD5: e211c15294c79a83bfcead7abe175bb5
 
x86_64:
libwmf-0.2.8.3-5.3.i386.rpm
File outdated by:  RHSA-2009:0457
    MD5: 95ce0776b99d34b2305b01d2491c8ff7
libwmf-0.2.8.3-5.3.x86_64.rpm
File outdated by:  RHSA-2009:0457
    MD5: db3a6a0d9976a0a90e0bcc8318babed3
libwmf-devel-0.2.8.3-5.3.x86_64.rpm
File outdated by:  RHSA-2009:0457
    MD5: 255efbcafa17355b7d366e77f28ea92e
 
Red Hat Enterprise Linux WS (v. 4)

IA-32:
libwmf-0.2.8.3-5.3.i386.rpm
File outdated by:  RHSA-2009:0457
    MD5: 95ce0776b99d34b2305b01d2491c8ff7
libwmf-devel-0.2.8.3-5.3.i386.rpm
File outdated by:  RHSA-2009:0457
    MD5: 09e45037b62f7463fe722e507078df59
 
IA-64:
libwmf-0.2.8.3-5.3.i386.rpm
File outdated by:  RHSA-2009:0457
    MD5: 95ce0776b99d34b2305b01d2491c8ff7
libwmf-0.2.8.3-5.3.ia64.rpm
File outdated by:  RHSA-2009:0457
    MD5: da0236a75948cccfa9a8534091af47bb
libwmf-devel-0.2.8.3-5.3.ia64.rpm
File outdated by:  RHSA-2009:0457
    MD5: e211c15294c79a83bfcead7abe175bb5
 
x86_64:
libwmf-0.2.8.3-5.3.i386.rpm
File outdated by:  RHSA-2009:0457
    MD5: 95ce0776b99d34b2305b01d2491c8ff7
libwmf-0.2.8.3-5.3.x86_64.rpm
File outdated by:  RHSA-2009:0457
    MD5: db3a6a0d9976a0a90e0bcc8318babed3
libwmf-devel-0.2.8.3-5.3.x86_64.rpm
File outdated by:  RHSA-2009:0457
    MD5: 255efbcafa17355b7d366e77f28ea92e
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

198290 - CVE-2006-3376 libwmf integer overflow


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/