CentOS Local Security Checks : CentOS Update for libwmf CESA-2015:1917 centos7

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.882298

Categoría: CentOS Local Security Checks

Título: CentOS Update for libwmf CESA-2015:1917 centos7

Resumen: Check the version of libwmf

Descripción: Summary:
Check the version of libwmf

Vulnerability Insight:
libwmf is a library for reading and converting Windows Metafile Format
(WMF) vector graphics. libwmf is used by applications such as GIMP and
ImageMagick.

It was discovered that libwmf did not correctly process certain WMF
(Windows Metafiles) with embedded BMP images. By tricking a victim into
opening a specially crafted WMF file in an application using libwmf, a
remote attacker could possibly use this flaw to execute arbitrary code with
the privileges of the user running the application. (CVE-2015-0848,
CVE-2015-4588)

It was discovered that libwmf did not properly process certain WMF files.
By tricking a victim into opening a specially crafted WMF file in an
application using libwmf, a remote attacker could possibly exploit this
flaw to cause a crash or execute arbitrary code with the privileges of the
user running the application. (CVE-2015-4696)

It was discovered that libwmf did not properly process certain WMF files.
By tricking a victim into opening a specially crafted WMF file in an
application using libwmf, a remote attacker could possibly exploit this
flaw to cause a crash. (CVE-2015-4695)

All users of libwmf are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. After installing the
update, all applications using libwmf must be restarted for the update to
take effect.

Affected Software/OS:
libwmf on CentOS 7

Solution:
Please install the updated packages.

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2015-0848
BugTraq ID: 74923
http://www.securityfocus.com/bid/74923
Debian Security Information: DSA-3302 (Google Search)
http://www.debian.org/security/2015/dsa-3302
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165547.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168507.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160668.html
https://security.gentoo.org/glsa/201602-03
http://www.openwall.com/lists/oss-security/2015/06/01/2
RedHat Security Advisories: RHSA-2015:1917
http://rhn.redhat.com/errata/RHSA-2015-1917.html
http://www.securitytracker.com/id/1032771
SuSE Security Announcement: openSUSE-SU-2015:1132 (Google Search)
http://lists.opensuse.org/opensuse-updates/2015-06/msg00051.html
SuSE Security Announcement: openSUSE-SU-2015:1134 (Google Search)
http://lists.opensuse.org/opensuse-updates/2015-06/msg00053.html
SuSE Security Announcement: openSUSE-SU-2015:1212 (Google Search)
http://lists.opensuse.org/opensuse-updates/2015-07/msg00018.html
http://www.ubuntu.com/usn/USN-2670-1
Common Vulnerability Exposure (CVE) ID: CVE-2015-4588
BugTraq ID: 75230
http://www.securityfocus.com/bid/75230
http://www.openwall.com/lists/oss-security/2015/06/03/6
http://www.openwall.com/lists/oss-security/2015/06/16/4
Common Vulnerability Exposure (CVE) ID: CVE-2015-4695
BugTraq ID: 75329
http://www.securityfocus.com/bid/75329
http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162569.html
http://www.openwall.com/lists/oss-security/2015/06/17/3
http://www.openwall.com/lists/oss-security/2015/06/21/3
Common Vulnerability Exposure (CVE) ID: CVE-2015-4696
BugTraq ID: 75331
http://www.securityfocus.com/bid/75331

Copyright Copyright (C) 2015 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.882298
Categoría:	CentOS Local Security Checks
Título:	CentOS Update for libwmf CESA-2015:1917 centos7
Resumen:	Check the version of libwmf
Descripción:	Summary: Check the version of libwmf Vulnerability Insight: libwmf is a library for reading and converting Windows Metafile Format (WMF) vector graphics. libwmf is used by applications such as GIMP and ImageMagick. It was discovered that libwmf did not correctly process certain WMF (Windows Metafiles) with embedded BMP images. By tricking a victim into opening a specially crafted WMF file in an application using libwmf, a remote attacker could possibly use this flaw to execute arbitrary code with the privileges of the user running the application. (CVE-2015-0848, CVE-2015-4588) It was discovered that libwmf did not properly process certain WMF files. By tricking a victim into opening a specially crafted WMF file in an application using libwmf, a remote attacker could possibly exploit this flaw to cause a crash or execute arbitrary code with the privileges of the user running the application. (CVE-2015-4696) It was discovered that libwmf did not properly process certain WMF files. By tricking a victim into opening a specially crafted WMF file in an application using libwmf, a remote attacker could possibly exploit this flaw to cause a crash. (CVE-2015-4695) All users of libwmf are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the update, all applications using libwmf must be restarted for the update to take effect. Affected Software/OS: libwmf on CentOS 7 Solution: Please install the updated packages. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2015-0848 BugTraq ID: 74923 http://www.securityfocus.com/bid/74923 Debian Security Information: DSA-3302 (Google Search) http://www.debian.org/security/2015/dsa-3302 http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165547.html http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168507.html http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160668.html https://security.gentoo.org/glsa/201602-03 http://www.openwall.com/lists/oss-security/2015/06/01/2 RedHat Security Advisories: RHSA-2015:1917 http://rhn.redhat.com/errata/RHSA-2015-1917.html http://www.securitytracker.com/id/1032771 SuSE Security Announcement: openSUSE-SU-2015:1132 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-06/msg00051.html SuSE Security Announcement: openSUSE-SU-2015:1134 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-06/msg00053.html SuSE Security Announcement: openSUSE-SU-2015:1212 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-07/msg00018.html http://www.ubuntu.com/usn/USN-2670-1 Common Vulnerability Exposure (CVE) ID: CVE-2015-4588 BugTraq ID: 75230 http://www.securityfocus.com/bid/75230 http://www.openwall.com/lists/oss-security/2015/06/03/6 http://www.openwall.com/lists/oss-security/2015/06/16/4 Common Vulnerability Exposure (CVE) ID: CVE-2015-4695 BugTraq ID: 75329 http://www.securityfocus.com/bid/75329 http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162569.html http://www.openwall.com/lists/oss-security/2015/06/17/3 http://www.openwall.com/lists/oss-security/2015/06/21/3 Common Vulnerability Exposure (CVE) ID: CVE-2015-4696 BugTraq ID: 75331 http://www.securityfocus.com/bid/75331
Copyright	Copyright (C) 2015 Greenbone AG