English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 147413 CVE descriptions
and 71685 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Moderate: libwmf security update
Advisory ID:       RHSA-2006:0597-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2006-0597.html
Issue date:        2006-07-18
Updated on:        2006-07-18
Product:           Red Hat Enterprise Linux
CVE Names:         CVE-2006-3376 
- ---------------------------------------------------------------------

1. Summary:

Updated libwmf packages that fix a security flaw are now available for Red
Hat Enterprise Linux 4.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

Libwmf is a library for reading and converting Windows MetaFile vector
graphics (WMF).  Libwmf is used by packages such as The GIMP and ImageMagick.

An integer overflow flaw was discovered in libwmf.  An attacker could
create a carefully crafted WMF flaw that could execute arbitrary code if
opened by a victim.  (CVE-2006-3376).

Users of libwmf should update to these packages which contain a backported
security patch to correct this issue.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network.  To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

198290 - CVE-2006-3376 libwmf integer overflow

6. RPMs required:

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/libwmf-0.2.8.3-5.3.src.rpm
a3351e97473f0af4394b998cd5ff389e  libwmf-0.2.8.3-5.3.src.rpm

i386:
95ce0776b99d34b2305b01d2491c8ff7  libwmf-0.2.8.3-5.3.i386.rpm
130c14ff86120816f2714930fb4c113e  libwmf-debuginfo-0.2.8.3-5.3.i386.rpm
09e45037b62f7463fe722e507078df59  libwmf-devel-0.2.8.3-5.3.i386.rpm

ia64:
95ce0776b99d34b2305b01d2491c8ff7  libwmf-0.2.8.3-5.3.i386.rpm
da0236a75948cccfa9a8534091af47bb  libwmf-0.2.8.3-5.3.ia64.rpm
130c14ff86120816f2714930fb4c113e  libwmf-debuginfo-0.2.8.3-5.3.i386.rpm
22de5d504e134590d17a9dd3e16a643e  libwmf-debuginfo-0.2.8.3-5.3.ia64.rpm
e211c15294c79a83bfcead7abe175bb5  libwmf-devel-0.2.8.3-5.3.ia64.rpm

ppc:
73258f72fc27adf63b5598265a3d41d4  libwmf-0.2.8.3-5.3.ppc.rpm
09a24c35d6711648ef35f81800a7201e  libwmf-0.2.8.3-5.3.ppc64.rpm
386f46b7457bff04b47a0ebe8a0538f9  libwmf-debuginfo-0.2.8.3-5.3.ppc.rpm
90b145052f46530d7fb3bf8b8c45cadd  libwmf-debuginfo-0.2.8.3-5.3.ppc64.rpm
5bf40c54b6ba949f8e02ebb5e13984f0  libwmf-devel-0.2.8.3-5.3.ppc.rpm

s390:
44dac72b0172705871d0c368269e7f9a  libwmf-0.2.8.3-5.3.s390.rpm
e842d2f832410e99328dce18ed54192f  libwmf-debuginfo-0.2.8.3-5.3.s390.rpm
92190ab8c67aa978b499f750d7399ef5  libwmf-devel-0.2.8.3-5.3.s390.rpm

s390x:
44dac72b0172705871d0c368269e7f9a  libwmf-0.2.8.3-5.3.s390.rpm
4429fd7bbc35881cd9f29cc5c2ecda22  libwmf-0.2.8.3-5.3.s390x.rpm
e842d2f832410e99328dce18ed54192f  libwmf-debuginfo-0.2.8.3-5.3.s390.rpm
587093bdd9e438b571479e42a9e9e089  libwmf-debuginfo-0.2.8.3-5.3.s390x.rpm
661d64b1287985b92b22848dcd075887  libwmf-devel-0.2.8.3-5.3.s390x.rpm

x86_64:
95ce0776b99d34b2305b01d2491c8ff7  libwmf-0.2.8.3-5.3.i386.rpm
db3a6a0d9976a0a90e0bcc8318babed3  libwmf-0.2.8.3-5.3.x86_64.rpm
130c14ff86120816f2714930fb4c113e  libwmf-debuginfo-0.2.8.3-5.3.i386.rpm
2ebfbea367681a2c58324f11e61c66d0  libwmf-debuginfo-0.2.8.3-5.3.x86_64.rpm
255efbcafa17355b7d366e77f28ea92e  libwmf-devel-0.2.8.3-5.3.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/libwmf-0.2.8.3-5.3.src.rpm
a3351e97473f0af4394b998cd5ff389e  libwmf-0.2.8.3-5.3.src.rpm

i386:
95ce0776b99d34b2305b01d2491c8ff7  libwmf-0.2.8.3-5.3.i386.rpm
130c14ff86120816f2714930fb4c113e  libwmf-debuginfo-0.2.8.3-5.3.i386.rpm
09e45037b62f7463fe722e507078df59  libwmf-devel-0.2.8.3-5.3.i386.rpm

x86_64:
95ce0776b99d34b2305b01d2491c8ff7  libwmf-0.2.8.3-5.3.i386.rpm
db3a6a0d9976a0a90e0bcc8318babed3  libwmf-0.2.8.3-5.3.x86_64.rpm
130c14ff86120816f2714930fb4c113e  libwmf-debuginfo-0.2.8.3-5.3.i386.rpm
2ebfbea367681a2c58324f11e61c66d0  libwmf-debuginfo-0.2.8.3-5.3.x86_64.rpm
255efbcafa17355b7d366e77f28ea92e  libwmf-devel-0.2.8.3-5.3.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/libwmf-0.2.8.3-5.3.src.rpm
a3351e97473f0af4394b998cd5ff389e  libwmf-0.2.8.3-5.3.src.rpm

i386:
95ce0776b99d34b2305b01d2491c8ff7  libwmf-0.2.8.3-5.3.i386.rpm
130c14ff86120816f2714930fb4c113e  libwmf-debuginfo-0.2.8.3-5.3.i386.rpm
09e45037b62f7463fe722e507078df59  libwmf-devel-0.2.8.3-5.3.i386.rpm

ia64:
95ce0776b99d34b2305b01d2491c8ff7  libwmf-0.2.8.3-5.3.i386.rpm
da0236a75948cccfa9a8534091af47bb  libwmf-0.2.8.3-5.3.ia64.rpm
130c14ff86120816f2714930fb4c113e  libwmf-debuginfo-0.2.8.3-5.3.i386.rpm
22de5d504e134590d17a9dd3e16a643e  libwmf-debuginfo-0.2.8.3-5.3.ia64.rpm
e211c15294c79a83bfcead7abe175bb5  libwmf-devel-0.2.8.3-5.3.ia64.rpm

x86_64:
95ce0776b99d34b2305b01d2491c8ff7  libwmf-0.2.8.3-5.3.i386.rpm
db3a6a0d9976a0a90e0bcc8318babed3  libwmf-0.2.8.3-5.3.x86_64.rpm
130c14ff86120816f2714930fb4c113e  libwmf-debuginfo-0.2.8.3-5.3.i386.rpm
2ebfbea367681a2c58324f11e61c66d0  libwmf-debuginfo-0.2.8.3-5.3.x86_64.rpm
255efbcafa17355b7d366e77f28ea92e  libwmf-devel-0.2.8.3-5.3.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/libwmf-0.2.8.3-5.3.src.rpm
a3351e97473f0af4394b998cd5ff389e  libwmf-0.2.8.3-5.3.src.rpm

i386:
95ce0776b99d34b2305b01d2491c8ff7  libwmf-0.2.8.3-5.3.i386.rpm
130c14ff86120816f2714930fb4c113e  libwmf-debuginfo-0.2.8.3-5.3.i386.rpm
09e45037b62f7463fe722e507078df59  libwmf-devel-0.2.8.3-5.3.i386.rpm

ia64:
95ce0776b99d34b2305b01d2491c8ff7  libwmf-0.2.8.3-5.3.i386.rpm
da0236a75948cccfa9a8534091af47bb  libwmf-0.2.8.3-5.3.ia64.rpm
130c14ff86120816f2714930fb4c113e  libwmf-debuginfo-0.2.8.3-5.3.i386.rpm
22de5d504e134590d17a9dd3e16a643e  libwmf-debuginfo-0.2.8.3-5.3.ia64.rpm
e211c15294c79a83bfcead7abe175bb5  libwmf-devel-0.2.8.3-5.3.ia64.rpm

x86_64:
95ce0776b99d34b2305b01d2491c8ff7  libwmf-0.2.8.3-5.3.i386.rpm
db3a6a0d9976a0a90e0bcc8318babed3  libwmf-0.2.8.3-5.3.x86_64.rpm
130c14ff86120816f2714930fb4c113e  libwmf-debuginfo-0.2.8.3-5.3.i386.rpm
2ebfbea367681a2c58324f11e61c66d0  libwmf-debuginfo-0.2.8.3-5.3.x86_64.rpm
255efbcafa17355b7d366e77f28ea92e  libwmf-devel-0.2.8.3-5.3.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3376
http://www.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2006 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFEvLqhXlSAg2UNWIIRAo5PAJ9DUKgBVLAJtpdSfWXwDktkg//FWwCfX3r1
M44lFF+SeXi8h//dif+B0zE=
=g7rD
-----END PGP SIGNATURE-----

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe

© 1998-2019 E-Soft Inc. All rights reserved.