Red Hat 9062 Published by

A new update is available for Red Hat Enterprise Linux. Here the announcement:



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Moderate: libwmf security update
Advisory ID: RHSA-2006:0597-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2006-0597.html
Issue date: 2006-07-18
Updated on: 2006-07-18
Product: Red Hat Enterprise Linux
CVE Names: CVE-2006-3376
- ---------------------------------------------------------------------

1. Summary:

Updated libwmf packages that fix a security flaw are now available for Red
Hat Enterprise Linux 4.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

Libwmf is a library for reading and converting Windows MetaFile vector
graphics (WMF). Libwmf is used by packages such as The GIMP and ImageMagick.

An integer overflow flaw was discovered in libwmf. An attacker could
create a carefully crafted WMF flaw that could execute arbitrary code if
opened by a victim. (CVE-2006-3376).

Users of libwmf should update to these packages which contain a backported
security patch to correct this issue.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

198290 - CVE-2006-3376 libwmf integer overflow

6. RPMs required:

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/libwmf-0.2.8.3-5.3.src.rpm
a3351e97473f0af4394b998cd5ff389e libwmf-0.2.8.3-5.3.src.rpm

i386:
95ce0776b99d34b2305b01d2491c8ff7 libwmf-0.2.8.3-5.3.i386.rpm
130c14ff86120816f2714930fb4c113e libwmf-debuginfo-0.2.8.3-5.3.i386.rpm
09e45037b62f7463fe722e507078df59 libwmf-devel-0.2.8.3-5.3.i386.rpm

ia64:
95ce0776b99d34b2305b01d2491c8ff7 libwmf-0.2.8.3-5.3.i386.rpm
da0236a75948cccfa9a8534091af47bb libwmf-0.2.8.3-5.3.ia64.rpm
130c14ff86120816f2714930fb4c113e libwmf-debuginfo-0.2.8.3-5.3.i386.rpm
22de5d504e134590d17a9dd3e16a643e libwmf-debuginfo-0.2.8.3-5.3.ia64.rpm
e211c15294c79a83bfcead7abe175bb5 libwmf-devel-0.2.8.3-5.3.ia64.rpm

ppc:
73258f72fc27adf63b5598265a3d41d4 libwmf-0.2.8.3-5.3.ppc.rpm
09a24c35d6711648ef35f81800a7201e libwmf-0.2.8.3-5.3.ppc64.rpm
386f46b7457bff04b47a0ebe8a0538f9 libwmf-debuginfo-0.2.8.3-5.3.ppc.rpm
90b145052f46530d7fb3bf8b8c45cadd libwmf-debuginfo-0.2.8.3-5.3.ppc64.rpm
5bf40c54b6ba949f8e02ebb5e13984f0 libwmf-devel-0.2.8.3-5.3.ppc.rpm

s390:
44dac72b0172705871d0c368269e7f9a libwmf-0.2.8.3-5.3.s390.rpm
e842d2f832410e99328dce18ed54192f libwmf-debuginfo-0.2.8.3-5.3.s390.rpm
92190ab8c67aa978b499f750d7399ef5 libwmf-devel-0.2.8.3-5.3.s390.rpm

s390x:
44dac72b0172705871d0c368269e7f9a libwmf-0.2.8.3-5.3.s390.rpm
4429fd7bbc35881cd9f29cc5c2ecda22 libwmf-0.2.8.3-5.3.s390x.rpm
e842d2f832410e99328dce18ed54192f libwmf-debuginfo-0.2.8.3-5.3.s390.rpm
587093bdd9e438b571479e42a9e9e089 libwmf-debuginfo-0.2.8.3-5.3.s390x.rpm
661d64b1287985b92b22848dcd075887 libwmf-devel-0.2.8.3-5.3.s390x.rpm

x86_64:
95ce0776b99d34b2305b01d2491c8ff7 libwmf-0.2.8.3-5.3.i386.rpm
db3a6a0d9976a0a90e0bcc8318babed3 libwmf-0.2.8.3-5.3.x86_64.rpm
130c14ff86120816f2714930fb4c113e libwmf-debuginfo-0.2.8.3-5.3.i386.rpm
2ebfbea367681a2c58324f11e61c66d0 libwmf-debuginfo-0.2.8.3-5.3.x86_64.rpm
255efbcafa17355b7d366e77f28ea92e libwmf-devel-0.2.8.3-5.3.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/libwmf-0.2.8.3-5.3.src.rpm
a3351e97473f0af4394b998cd5ff389e libwmf-0.2.8.3-5.3.src.rpm

i386:
95ce0776b99d34b2305b01d2491c8ff7 libwmf-0.2.8.3-5.3.i386.rpm
130c14ff86120816f2714930fb4c113e libwmf-debuginfo-0.2.8.3-5.3.i386.rpm
09e45037b62f7463fe722e507078df59 libwmf-devel-0.2.8.3-5.3.i386.rpm

x86_64:
95ce0776b99d34b2305b01d2491c8ff7 libwmf-0.2.8.3-5.3.i386.rpm
db3a6a0d9976a0a90e0bcc8318babed3 libwmf-0.2.8.3-5.3.x86_64.rpm
130c14ff86120816f2714930fb4c113e libwmf-debuginfo-0.2.8.3-5.3.i386.rpm
2ebfbea367681a2c58324f11e61c66d0 libwmf-debuginfo-0.2.8.3-5.3.x86_64.rpm
255efbcafa17355b7d366e77f28ea92e libwmf-devel-0.2.8.3-5.3.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/libwmf-0.2.8.3-5.3.src.rpm
a3351e97473f0af4394b998cd5ff389e libwmf-0.2.8.3-5.3.src.rpm

i386:
95ce0776b99d34b2305b01d2491c8ff7 libwmf-0.2.8.3-5.3.i386.rpm
130c14ff86120816f2714930fb4c113e libwmf-debuginfo-0.2.8.3-5.3.i386.rpm
09e45037b62f7463fe722e507078df59 libwmf-devel-0.2.8.3-5.3.i386.rpm

ia64:
95ce0776b99d34b2305b01d2491c8ff7 libwmf-0.2.8.3-5.3.i386.rpm
da0236a75948cccfa9a8534091af47bb libwmf-0.2.8.3-5.3.ia64.rpm
130c14ff86120816f2714930fb4c113e libwmf-debuginfo-0.2.8.3-5.3.i386.rpm
22de5d504e134590d17a9dd3e16a643e libwmf-debuginfo-0.2.8.3-5.3.ia64.rpm
e211c15294c79a83bfcead7abe175bb5 libwmf-devel-0.2.8.3-5.3.ia64.rpm

x86_64:
95ce0776b99d34b2305b01d2491c8ff7 libwmf-0.2.8.3-5.3.i386.rpm
db3a6a0d9976a0a90e0bcc8318babed3 libwmf-0.2.8.3-5.3.x86_64.rpm
130c14ff86120816f2714930fb4c113e libwmf-debuginfo-0.2.8.3-5.3.i386.rpm
2ebfbea367681a2c58324f11e61c66d0 libwmf-debuginfo-0.2.8.3-5.3.x86_64.rpm
255efbcafa17355b7d366e77f28ea92e libwmf-devel-0.2.8.3-5.3.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/libwmf-0.2.8.3-5.3.src.rpm
a3351e97473f0af4394b998cd5ff389e libwmf-0.2.8.3-5.3.src.rpm

i386:
95ce0776b99d34b2305b01d2491c8ff7 libwmf-0.2.8.3-5.3.i386.rpm
130c14ff86120816f2714930fb4c113e libwmf-debuginfo-0.2.8.3-5.3.i386.rpm
09e45037b62f7463fe722e507078df59 libwmf-devel-0.2.8.3-5.3.i386.rpm

ia64:
95ce0776b99d34b2305b01d2491c8ff7 libwmf-0.2.8.3-5.3.i386.rpm
da0236a75948cccfa9a8534091af47bb libwmf-0.2.8.3-5.3.ia64.rpm
130c14ff86120816f2714930fb4c113e libwmf-debuginfo-0.2.8.3-5.3.i386.rpm
22de5d504e134590d17a9dd3e16a643e libwmf-debuginfo-0.2.8.3-5.3.ia64.rpm
e211c15294c79a83bfcead7abe175bb5 libwmf-devel-0.2.8.3-5.3.ia64.rpm

x86_64:
95ce0776b99d34b2305b01d2491c8ff7 libwmf-0.2.8.3-5.3.i386.rpm
db3a6a0d9976a0a90e0bcc8318babed3 libwmf-0.2.8.3-5.3.x86_64.rpm
130c14ff86120816f2714930fb4c113e libwmf-debuginfo-0.2.8.3-5.3.i386.rpm
2ebfbea367681a2c58324f11e61c66d0 libwmf-debuginfo-0.2.8.3-5.3.x86_64.rpm
255efbcafa17355b7d366e77f28ea92e libwmf-devel-0.2.8.3-5.3.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3376
http://www.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2006 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFEvLqhXlSAg2UNWIIRAo5PAJ9DUKgBVLAJtpdSfWXwDktkg//FWwCfX3r1
M44lFF+SeXi8h//dif+B0zE=
=g7rD
-----END PGP SIGNATURE-----