You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa libwmf

Sigurnosni nedostaci programskog paketa libwmf

by ncert - 0
  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-2670-1
July 08, 2015

libwmf vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 15.04
– Ubuntu 14.10
– Ubuntu 14.04 LTS
– Ubuntu 12.04 LTS

Summary:

libwmf could be made to crash or run programs as your login if it opened a
specially crafted file.

Software Description:
– libwmf: Windows metafile conversion tools

Details:

Fernando Muñoz and Stefan Cornelius discovered that libwmf incorrectly
handled certain malformed images. If a user or automated system were
tricked into opening a crafted image file, an attacker could cause a denial
of service or execute arbitrary code with privileges of the user invoking
the program.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 15.04:
libwmf0.2-7 0.2.8.4-10.3ubuntu1.15.04.1

Ubuntu 14.10:
libwmf0.2-7 0.2.8.4-10.3ubuntu1.14.10.1

Ubuntu 14.04 LTS:
libwmf0.2-7 0.2.8.4-10.3ubuntu1.14.04.1

Ubuntu 12.04 LTS:
libwmf0.2-7 0.2.8.4-10ubuntu1.1

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2670-1
CVE-2015-0848, CVE-2015-4588, CVE-2015-4695, CVE-2015-4695,
CVE-2015-4696

Package Information:
https://launchpad.net/ubuntu/+source/libwmf/0.2.8.4-10.3ubuntu1.15.04.1
https://launchpad.net/ubuntu/+source/libwmf/0.2.8.4-10.3ubuntu1.14.10.1
https://launchpad.net/ubuntu/+source/libwmf/0.2.8.4-10.3ubuntu1.14.04.1
https://launchpad.net/ubuntu/+source/libwmf/0.2.8.4-10ubuntu1.1

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIcBAEBCgAGBQJVnTreAAoJEGVp2FWnRL6TZSkP/iiOqOhc6Vpb1S5kqO5iwgP/
kXeeXegPNx45jNekBAL0wKVS/Us8GugeoG2rOZURqu0s/WBxoQAHzfAw7S2RxSep
H+5rGGD5kF+LwwJUGzZ9HFRq5i3QLoe0aMOwYHt+dqnwDj5bxtrdKjyQ9ZeAl2bi
QU2uQp03Q97EGuvZDzEXdRW2Kmm8vRyKVvg5DW35siR+s7qI9gkUNRg3q8Cf72jq
ip3aTYCsjjntaw9PuHrxGqm904UHWJPWeoePcUXkkv1hNwRhFdRN9IO4LCyqaNzY
CU0BbaX/PkioXEVVFJ4RxvKGmSKxGdzVcJtUyAAQuDwX3aOCoF+5DRVV193T5iLL
6SxScjcaEiS0wC87OIWCF7GCVpfNjfxEhgMTOf4GHqaPbf1VpbHM3wqqHBniwKKm
VPN1EXBCaltePluWolZC5xLKOXo23eTX4CTTbTQN6j89FWAnof8w5DmEqJTnDzL4
hC/GvwdDSQI+NCy6S4QgeSpb9JG+rQyOwPH8km0iFa4Z/8tMCc75+6oDVl4lE2WM
cnd8kHn51/p+6bB5rI/3RLkQuFhPKRLl+B4FdJUnxd+hkqsOCVPt5so84UgTkcgZ
imbyZL6G/3Wdzj0Y4/C2ARvfCgJUrAtKJKvnJu+Lk6Dfw8Y/TlYAGXYWUy4yskDM
TK/dWDExiTKXBY+HPxNE
=czZb
—–END PGP SIGNATURE—–

AutorMarijo Plepelic
Cert idNCERT-REF-2015-07-0001-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
Izvorhttp://www.adobe.com/
ncert
Top
More in Preporuke
Ranjivost programskog paketa OpenSSL

Otkrivena je ranjivost u programskom paketu Apache Web Server s OpenSSL-om za HP-UX. Otkrivena Logjam ranjivost (CVE-2015-4000) potencijalnim napadačima, izvođenjem...

Close