Test ID:	1.3.6.1.4.1.25623.1.0.871460
Category:	Red Hat Local Security Checks
Title:	RedHat Update for libwmf RHSA-2015:1917-01
Summary:	The remote host is missing an update for the 'libwmf'; package(s) announced via the referenced advisory.
Description:	Summary: The remote host is missing an update for the 'libwmf' package(s) announced via the referenced advisory. Vulnerability Insight: libwmf is a library for reading and converting Windows Metafile Format (WMF) vector graphics. libwmf is used by applications such as GIMP and ImageMagick. It was discovered that libwmf did not correctly process certain WMF (Windows Metafiles) with embedded BMP images. By tricking a victim into opening a specially crafted WMF file in an application using libwmf, a remote attacker could possibly use this flaw to execute arbitrary code with the privileges of the user running the application. (CVE-2015-0848, CVE-2015-4588) It was discovered that libwmf did not properly process certain WMF files. By tricking a victim into opening a specially crafted WMF file in an application using libwmf, a remote attacker could possibly exploit this flaw to cause a crash or execute arbitrary code with the privileges of the user running the application. (CVE-2015-4696) It was discovered that libwmf did not properly process certain WMF files. By tricking a victim into opening a specially crafted WMF file in an application using libwmf, a remote attacker could possibly exploit this flaw to cause a crash. (CVE-2015-4695) All users of libwmf are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the update, all applications using libwmf must be restarted for the update to take effect. Affected Software/OS: libwmf on Red Hat Enterprise Linux Desktop (v. 6), Red Hat Enterprise Linux Server (v. 6), Red Hat Enterprise Linux Server (v. 7), Red Hat Enterprise Linux Workstation (v. 6) Solution: Please Install the Updated Packages. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2015-0848 BugTraq ID: 74923 http://www.securityfocus.com/bid/74923 Debian Security Information: DSA-3302 (Google Search) http://www.debian.org/security/2015/dsa-3302 http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165547.html http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168507.html http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160668.html https://security.gentoo.org/glsa/201602-03 http://www.openwall.com/lists/oss-security/2015/06/01/2 RedHat Security Advisories: RHSA-2015:1917 http://rhn.redhat.com/errata/RHSA-2015-1917.html http://www.securitytracker.com/id/1032771 SuSE Security Announcement: openSUSE-SU-2015:1132 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-06/msg00051.html SuSE Security Announcement: openSUSE-SU-2015:1134 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-06/msg00053.html SuSE Security Announcement: openSUSE-SU-2015:1212 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-07/msg00018.html http://www.ubuntu.com/usn/USN-2670-1 Common Vulnerability Exposure (CVE) ID: CVE-2015-4588 BugTraq ID: 75230 http://www.securityfocus.com/bid/75230 http://www.openwall.com/lists/oss-security/2015/06/03/6 http://www.openwall.com/lists/oss-security/2015/06/16/4 Common Vulnerability Exposure (CVE) ID: CVE-2015-4695 BugTraq ID: 75329 http://www.securityfocus.com/bid/75329 http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162569.html http://www.openwall.com/lists/oss-security/2015/06/17/3 http://www.openwall.com/lists/oss-security/2015/06/21/3 Common Vulnerability Exposure (CVE) ID: CVE-2015-4696 BugTraq ID: 75331 http://www.securityfocus.com/bid/75331
Copyright	Copyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.