Red Hat Product Errata RHSA-2006:0597 - Security Advisory

Issued:: 2006-07-18
Updated:: 2006-07-18

RHSA-2006:0597 - Security Advisory

Overview
Updated Packages

Synopsis

libwmf security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated libwmf packages that fix a security flaw are now available for Red
Hat Enterprise Linux 4.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

Description

Libwmf is a library for reading and converting Windows MetaFile vector
graphics (WMF). Libwmf is used by packages such as The GIMP and ImageMagick.

An integer overflow flaw was discovered in libwmf. An attacker could
create a carefully crafted WMF flaw that could execute arbitrary code if
opened by a victim. (CVE-2006-3376).

Users of libwmf should update to these packages which contain a backported
security patch to correct this issue.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Affected Products

Red Hat Enterprise Linux Server 4 x86_64
Red Hat Enterprise Linux Server 4 ia64
Red Hat Enterprise Linux Server 4 i386
Red Hat Enterprise Linux Workstation 4 x86_64
Red Hat Enterprise Linux Workstation 4 ia64
Red Hat Enterprise Linux Workstation 4 i386
Red Hat Enterprise Linux Desktop 4 x86_64
Red Hat Enterprise Linux Desktop 4 i386
Red Hat Enterprise Linux for IBM z Systems 4 s390x
Red Hat Enterprise Linux for IBM z Systems 4 s390
Red Hat Enterprise Linux for Power, big endian 4 ppc

Fixes

BZ - 198290 - CVE-2006-3376 libwmf integer overflow

CVEs

CVE-2006-3376

References

http://www.redhat.com/security/updates/classification/#moderate

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 4

SRPM
libwmf-0.2.8.3-5.3.src.rpm	SHA-256: 212cf49718190ff0674351939ed5c89dba1aafdb9c93f5a67d3aee7ecfc6035e
x86_64
libwmf-0.2.8.3-5.3.i386.rpm	SHA-256: 685dbc2d6c56ba9e029e496f49edfbcbff7a780a115fb426d8f86712ccb5f76a
libwmf-0.2.8.3-5.3.i386.rpm	SHA-256: 685dbc2d6c56ba9e029e496f49edfbcbff7a780a115fb426d8f86712ccb5f76a
libwmf-0.2.8.3-5.3.x86_64.rpm	SHA-256: 5671b0e54c7def5ff65982964ca9f33b6a8c64df55bf13d50267c58794e40377
libwmf-0.2.8.3-5.3.x86_64.rpm	SHA-256: 5671b0e54c7def5ff65982964ca9f33b6a8c64df55bf13d50267c58794e40377
libwmf-devel-0.2.8.3-5.3.x86_64.rpm	SHA-256: 0c000d3a47eac7becbd4b5da1c8b7a1a407552f9cf11f120cb9b84a2be30503a
libwmf-devel-0.2.8.3-5.3.x86_64.rpm	SHA-256: 0c000d3a47eac7becbd4b5da1c8b7a1a407552f9cf11f120cb9b84a2be30503a
ia64
libwmf-0.2.8.3-5.3.i386.rpm	SHA-256: 685dbc2d6c56ba9e029e496f49edfbcbff7a780a115fb426d8f86712ccb5f76a
libwmf-0.2.8.3-5.3.i386.rpm	SHA-256: 685dbc2d6c56ba9e029e496f49edfbcbff7a780a115fb426d8f86712ccb5f76a
libwmf-0.2.8.3-5.3.ia64.rpm	SHA-256: f954975770e470b85875b33904a4e6c60cd0a4ca9ff6ceeb1cbd00f18a017d1f
libwmf-0.2.8.3-5.3.ia64.rpm	SHA-256: f954975770e470b85875b33904a4e6c60cd0a4ca9ff6ceeb1cbd00f18a017d1f
libwmf-devel-0.2.8.3-5.3.ia64.rpm	SHA-256: 2fa59b8d7b968884e4f04c1aea237e980a67ced7909258f7eee358148ac84b57
libwmf-devel-0.2.8.3-5.3.ia64.rpm	SHA-256: 2fa59b8d7b968884e4f04c1aea237e980a67ced7909258f7eee358148ac84b57
i386
libwmf-0.2.8.3-5.3.i386.rpm	SHA-256: 685dbc2d6c56ba9e029e496f49edfbcbff7a780a115fb426d8f86712ccb5f76a
libwmf-0.2.8.3-5.3.i386.rpm	SHA-256: 685dbc2d6c56ba9e029e496f49edfbcbff7a780a115fb426d8f86712ccb5f76a
libwmf-devel-0.2.8.3-5.3.i386.rpm	SHA-256: 762dc76e9bb7fc5b7df3fe934fb567a581331786f1cfbbd56706f02a040c167a
libwmf-devel-0.2.8.3-5.3.i386.rpm	SHA-256: 762dc76e9bb7fc5b7df3fe934fb567a581331786f1cfbbd56706f02a040c167a

Red Hat Enterprise Linux Workstation 4

SRPM
libwmf-0.2.8.3-5.3.src.rpm	SHA-256: 212cf49718190ff0674351939ed5c89dba1aafdb9c93f5a67d3aee7ecfc6035e
x86_64
libwmf-0.2.8.3-5.3.i386.rpm	SHA-256: 685dbc2d6c56ba9e029e496f49edfbcbff7a780a115fb426d8f86712ccb5f76a
libwmf-0.2.8.3-5.3.x86_64.rpm	SHA-256: 5671b0e54c7def5ff65982964ca9f33b6a8c64df55bf13d50267c58794e40377
libwmf-devel-0.2.8.3-5.3.x86_64.rpm	SHA-256: 0c000d3a47eac7becbd4b5da1c8b7a1a407552f9cf11f120cb9b84a2be30503a
ia64
libwmf-0.2.8.3-5.3.i386.rpm	SHA-256: 685dbc2d6c56ba9e029e496f49edfbcbff7a780a115fb426d8f86712ccb5f76a
libwmf-0.2.8.3-5.3.ia64.rpm	SHA-256: f954975770e470b85875b33904a4e6c60cd0a4ca9ff6ceeb1cbd00f18a017d1f
libwmf-devel-0.2.8.3-5.3.ia64.rpm	SHA-256: 2fa59b8d7b968884e4f04c1aea237e980a67ced7909258f7eee358148ac84b57
i386
libwmf-0.2.8.3-5.3.i386.rpm	SHA-256: 685dbc2d6c56ba9e029e496f49edfbcbff7a780a115fb426d8f86712ccb5f76a
libwmf-devel-0.2.8.3-5.3.i386.rpm	SHA-256: 762dc76e9bb7fc5b7df3fe934fb567a581331786f1cfbbd56706f02a040c167a

Red Hat Enterprise Linux Desktop 4

SRPM
libwmf-0.2.8.3-5.3.src.rpm	SHA-256: 212cf49718190ff0674351939ed5c89dba1aafdb9c93f5a67d3aee7ecfc6035e
x86_64
libwmf-0.2.8.3-5.3.i386.rpm	SHA-256: 685dbc2d6c56ba9e029e496f49edfbcbff7a780a115fb426d8f86712ccb5f76a
libwmf-0.2.8.3-5.3.x86_64.rpm	SHA-256: 5671b0e54c7def5ff65982964ca9f33b6a8c64df55bf13d50267c58794e40377
libwmf-devel-0.2.8.3-5.3.x86_64.rpm	SHA-256: 0c000d3a47eac7becbd4b5da1c8b7a1a407552f9cf11f120cb9b84a2be30503a
i386
libwmf-0.2.8.3-5.3.i386.rpm	SHA-256: 685dbc2d6c56ba9e029e496f49edfbcbff7a780a115fb426d8f86712ccb5f76a
libwmf-devel-0.2.8.3-5.3.i386.rpm	SHA-256: 762dc76e9bb7fc5b7df3fe934fb567a581331786f1cfbbd56706f02a040c167a

Red Hat Enterprise Linux for IBM z Systems 4

SRPM
libwmf-0.2.8.3-5.3.src.rpm	SHA-256: 212cf49718190ff0674351939ed5c89dba1aafdb9c93f5a67d3aee7ecfc6035e
s390x
libwmf-0.2.8.3-5.3.s390.rpm	SHA-256: 432699ce194bd359d074a26a6909a3d4885d0daa1ae0d0f221c9024f23b60d1b
libwmf-0.2.8.3-5.3.s390x.rpm	SHA-256: f9900f51a4f73a7d83f4683c33bb3199db3b1105e027de44b02cf35a8e1bb9b1
libwmf-devel-0.2.8.3-5.3.s390x.rpm	SHA-256: c7b9bb37a01756f4cff5150be1d797c616078ddde65247bd154e2b721971ba70
s390
libwmf-0.2.8.3-5.3.s390.rpm	SHA-256: 432699ce194bd359d074a26a6909a3d4885d0daa1ae0d0f221c9024f23b60d1b
libwmf-devel-0.2.8.3-5.3.s390.rpm	SHA-256: 02ef631cd981697b1559e46e8207661acb32a73e28f828865c7532530407f8e8

Red Hat Enterprise Linux for Power, big endian 4

SRPM
libwmf-0.2.8.3-5.3.src.rpm	SHA-256: 212cf49718190ff0674351939ed5c89dba1aafdb9c93f5a67d3aee7ecfc6035e
ppc
libwmf-0.2.8.3-5.3.ppc.rpm	SHA-256: b4ca7a607fd735895d8679ab0faf424c297cb2d2ec53db12386759fda989f66b
libwmf-0.2.8.3-5.3.ppc64.rpm	SHA-256: 6fa3b04e355e084baa66bbd529703a34a8d97d7bb87b2d0a3704ddb54d0f0e0c
libwmf-devel-0.2.8.3-5.3.ppc.rpm	SHA-256: 10053fbbecb010bd7f641cd5f1d33d58fd4366d7ffa452d1dfda24347420e0db

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation

Services

Tools

Red Hat Insights

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories