Debian 10264 Published by

The following two updates are available for Debian 6 LTS:

[DLA 256-1] t1utils security update
[DLA 257-1] libwmf security update



[DLA 256-1] t1utils security update

Package : t1utils
Version : 1.36-1+deb6u1
CVE ID : CVE-2015-3905
Debian Bug : 779274

Jakub Wilk found a vulnerability in the Type 1 font manipulation
programs, t1utils:

CVE-2015-3905

Buffer overflow in the set_cs_start function in t1disasm.c in t1utils
before 1.39 allows remote attackers to cause a denial of service (crash)
and possibly execute arbitrary code via a crafted font file.

For Debian 6 "Squeeze", this issue has been fixed in t1utils version
1.36-1+deb6u1.


[DLA 257-1] libwmf security update

Package : libwmf
Version : 0.2.8.4-6.2+deb6u2
CVE ID : CVE-2015-4695 CVE-2015-4696
Debian Bug : 784192 784205

libwmf is vulnerable to two denial of service due to invalid read
operations when processing specially crafted WMF files.

CVE-2015-4695

Heap buffer overread in libwmf

CVE-2015-4696

Read after free() in wmf2gd/wmf2eps

For the squeeze distribution, those issues have been fixed in libwmf
0.2.8.4-6.2+deb6u2. We recommend that you upgrade your libwmf packages.