drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Zahlenüberlauf in libwmf
Name: |
Zahlenüberlauf in libwmf |
|
ID: |
RHSA-2006:0597-01 |
|
Distribution: |
Red Hat |
|
Plattformen: |
Red Hat Enterprise Linux |
|
Datum: |
Di, 18. Juli 2006, 12:42 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3376 |
|
Applikationen: |
libwmf |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
- --------------------------------------------------------------------- Red Hat Security Advisory
Synopsis: Moderate: libwmf security update Advisory ID: RHSA-2006:0597-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2006-0597.html Issue date: 2006-07-18 Updated on: 2006-07-18 Product: Red Hat Enterprise Linux CVE Names: CVE-2006-3376 - ---------------------------------------------------------------------
1. Summary:
Updated libwmf packages that fix a security flaw are now available for Red Hat Enterprise Linux 4.
This update has been rated as having moderate security impact by the Red Hat Security Response Team.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
3. Problem description:
Libwmf is a library for reading and converting Windows MetaFile vector graphics (WMF). Libwmf is used by packages such as The GIMP and ImageMagick.
An integer overflow flaw was discovered in libwmf. An attacker could create a carefully crafted WMF flaw that could execute arbitrary code if opened by a victim. (CVE-2006-3376).
Users of libwmf should update to these packages which contain a backported security patch to correct this issue.
4. Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command:
up2date
This will start an interactive process that will result in the appropriate RPMs being upgraded on your system.
5. Bug IDs fixed (http://bugzilla.redhat.com/):
198290 - CVE-2006-3376 libwmf integer overflow
6. RPMs required:
Red Hat Enterprise Linux AS version 4:
SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/libwmf-0.2.8.3-5.3.src.rpm a3351e97473f0af4394b998cd5ff389e libwmf-0.2.8.3-5.3.src.rpm
i386: 95ce0776b99d34b2305b01d2491c8ff7 libwmf-0.2.8.3-5.3.i386.rpm 130c14ff86120816f2714930fb4c113e libwmf-debuginfo-0.2.8.3-5.3.i386.rpm 09e45037b62f7463fe722e507078df59 libwmf-devel-0.2.8.3-5.3.i386.rpm
ia64: 95ce0776b99d34b2305b01d2491c8ff7 libwmf-0.2.8.3-5.3.i386.rpm da0236a75948cccfa9a8534091af47bb libwmf-0.2.8.3-5.3.ia64.rpm 130c14ff86120816f2714930fb4c113e libwmf-debuginfo-0.2.8.3-5.3.i386.rpm 22de5d504e134590d17a9dd3e16a643e libwmf-debuginfo-0.2.8.3-5.3.ia64.rpm e211c15294c79a83bfcead7abe175bb5 libwmf-devel-0.2.8.3-5.3.ia64.rpm
ppc: 73258f72fc27adf63b5598265a3d41d4 libwmf-0.2.8.3-5.3.ppc.rpm 09a24c35d6711648ef35f81800a7201e libwmf-0.2.8.3-5.3.ppc64.rpm 386f46b7457bff04b47a0ebe8a0538f9 libwmf-debuginfo-0.2.8.3-5.3.ppc.rpm 90b145052f46530d7fb3bf8b8c45cadd libwmf-debuginfo-0.2.8.3-5.3.ppc64.rpm 5bf40c54b6ba949f8e02ebb5e13984f0 libwmf-devel-0.2.8.3-5.3.ppc.rpm
s390: 44dac72b0172705871d0c368269e7f9a libwmf-0.2.8.3-5.3.s390.rpm e842d2f832410e99328dce18ed54192f libwmf-debuginfo-0.2.8.3-5.3.s390.rpm 92190ab8c67aa978b499f750d7399ef5 libwmf-devel-0.2.8.3-5.3.s390.rpm
s390x: 44dac72b0172705871d0c368269e7f9a libwmf-0.2.8.3-5.3.s390.rpm 4429fd7bbc35881cd9f29cc5c2ecda22 libwmf-0.2.8.3-5.3.s390x.rpm e842d2f832410e99328dce18ed54192f libwmf-debuginfo-0.2.8.3-5.3.s390.rpm 587093bdd9e438b571479e42a9e9e089 libwmf-debuginfo-0.2.8.3-5.3.s390x.rpm 661d64b1287985b92b22848dcd075887 libwmf-devel-0.2.8.3-5.3.s390x.rpm
x86_64: 95ce0776b99d34b2305b01d2491c8ff7 libwmf-0.2.8.3-5.3.i386.rpm db3a6a0d9976a0a90e0bcc8318babed3 libwmf-0.2.8.3-5.3.x86_64.rpm 130c14ff86120816f2714930fb4c113e libwmf-debuginfo-0.2.8.3-5.3.i386.rpm 2ebfbea367681a2c58324f11e61c66d0 libwmf-debuginfo-0.2.8.3-5.3.x86_64.rpm 255efbcafa17355b7d366e77f28ea92e libwmf-devel-0.2.8.3-5.3.x86_64.rpm
Red Hat Enterprise Linux Desktop version 4:
SRPMS: libwmf-0.2.8.3-5.3.src.rpm a3351e97473f0af4394b998cd5ff389e libwmf-0.2.8.3-5.3.src.rpm
i386: 95ce0776b99d34b2305b01d2491c8ff7 libwmf-0.2.8.3-5.3.i386.rpm 130c14ff86120816f2714930fb4c113e libwmf-debuginfo-0.2.8.3-5.3.i386.rpm 09e45037b62f7463fe722e507078df59 libwmf-devel-0.2.8.3-5.3.i386.rpm
x86_64: 95ce0776b99d34b2305b01d2491c8ff7 libwmf-0.2.8.3-5.3.i386.rpm db3a6a0d9976a0a90e0bcc8318babed3 libwmf-0.2.8.3-5.3.x86_64.rpm 130c14ff86120816f2714930fb4c113e libwmf-debuginfo-0.2.8.3-5.3.i386.rpm 2ebfbea367681a2c58324f11e61c66d0 libwmf-debuginfo-0.2.8.3-5.3.x86_64.rpm 255efbcafa17355b7d366e77f28ea92e libwmf-devel-0.2.8.3-5.3.x86_64.rpm
Red Hat Enterprise Linux ES version 4:
SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/libwmf-0.2.8.3-5.3.src.rpm a3351e97473f0af4394b998cd5ff389e libwmf-0.2.8.3-5.3.src.rpm
i386: 95ce0776b99d34b2305b01d2491c8ff7 libwmf-0.2.8.3-5.3.i386.rpm 130c14ff86120816f2714930fb4c113e libwmf-debuginfo-0.2.8.3-5.3.i386.rpm 09e45037b62f7463fe722e507078df59 libwmf-devel-0.2.8.3-5.3.i386.rpm
ia64: 95ce0776b99d34b2305b01d2491c8ff7 libwmf-0.2.8.3-5.3.i386.rpm da0236a75948cccfa9a8534091af47bb libwmf-0.2.8.3-5.3.ia64.rpm 130c14ff86120816f2714930fb4c113e libwmf-debuginfo-0.2.8.3-5.3.i386.rpm 22de5d504e134590d17a9dd3e16a643e libwmf-debuginfo-0.2.8.3-5.3.ia64.rpm e211c15294c79a83bfcead7abe175bb5 libwmf-devel-0.2.8.3-5.3.ia64.rpm
x86_64: 95ce0776b99d34b2305b01d2491c8ff7 libwmf-0.2.8.3-5.3.i386.rpm db3a6a0d9976a0a90e0bcc8318babed3 libwmf-0.2.8.3-5.3.x86_64.rpm 130c14ff86120816f2714930fb4c113e libwmf-debuginfo-0.2.8.3-5.3.i386.rpm 2ebfbea367681a2c58324f11e61c66d0 libwmf-debuginfo-0.2.8.3-5.3.x86_64.rpm 255efbcafa17355b7d366e77f28ea92e libwmf-devel-0.2.8.3-5.3.x86_64.rpm
Red Hat Enterprise Linux WS version 4:
SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/libwmf-0.2.8.3-5.3.src.rpm a3351e97473f0af4394b998cd5ff389e libwmf-0.2.8.3-5.3.src.rpm
i386: 95ce0776b99d34b2305b01d2491c8ff7 libwmf-0.2.8.3-5.3.i386.rpm 130c14ff86120816f2714930fb4c113e libwmf-debuginfo-0.2.8.3-5.3.i386.rpm 09e45037b62f7463fe722e507078df59 libwmf-devel-0.2.8.3-5.3.i386.rpm
ia64: 95ce0776b99d34b2305b01d2491c8ff7 libwmf-0.2.8.3-5.3.i386.rpm da0236a75948cccfa9a8534091af47bb libwmf-0.2.8.3-5.3.ia64.rpm 130c14ff86120816f2714930fb4c113e libwmf-debuginfo-0.2.8.3-5.3.i386.rpm 22de5d504e134590d17a9dd3e16a643e libwmf-debuginfo-0.2.8.3-5.3.ia64.rpm e211c15294c79a83bfcead7abe175bb5 libwmf-devel-0.2.8.3-5.3.ia64.rpm
x86_64: 95ce0776b99d34b2305b01d2491c8ff7 libwmf-0.2.8.3-5.3.i386.rpm db3a6a0d9976a0a90e0bcc8318babed3 libwmf-0.2.8.3-5.3.x86_64.rpm 130c14ff86120816f2714930fb4c113e libwmf-debuginfo-0.2.8.3-5.3.i386.rpm 2ebfbea367681a2c58324f11e61c66d0 libwmf-debuginfo-0.2.8.3-5.3.x86_64.rpm 255efbcafa17355b7d366e77f28ea92e libwmf-devel-0.2.8.3-5.3.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package
7. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3376 http://www.redhat.com/security/updates/classification/#moderate
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact/
Copyright 2006 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQFEvLqhXlSAg2UNWIIRAo5PAJ9DUKgBVLAJtpdSfWXwDktkg//FWwCfX3r1 M44lFF+SeXi8h//dif+B0zE= =g7rD -----END PGP SIGNATURE-----
-- Enterprise-watch-list mailing list Enterprise-watch-list@redhat.com https://www.redhat.com/mailman/listinfo/enterprise-watch-list
|
|
|
|