[SECURITY] [DSA 3302-1] libwmf security update

2015-07-0620:58:53

lists.debian.org

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.052 Low

EPSS

Percentile

92.9%

JSON

Debian Security Advisory DSA-3302-1 [email protected]
https://www.debian.org/security/ Moritz Muehlenhoff
July 06, 2015 https://www.debian.org/security/faq

Package : libwmf
CVE ID : CVE-2015-0848 CVE-2015-4588 CVE-2015-4695 CVE-2015-4696

Insufficient input sanitising in libwmf, a library to process Windows
metafile data, may result in denial of service or the execution of
arbitrary code if a malformed WMF file is opened.

For the oldstable distribution (wheezy), these problems have been fixed
in version 0.2.8.4-10.3+deb7u1.

For the stable distribution (jessie), these problems have been fixed in
version 0.2.8.4-10.3+deb8u1.

For the unstable distribution (sid), these problems will be fixed soon.

We recommend that you upgrade your libwmf packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian8mipsellibwmf-dev< 0.2.8.4-10.3+deb8u1libwmf-dev_0.2.8.4-10.3+deb8u1_mipsel.deb
Debian8armellibwmf0.2-7< 0.2.8.4-10.3+deb8u1libwmf0.2-7_0.2.8.4-10.3+deb8u1_armel.deb
Debian8arm64libwmf-dev< 0.2.8.4-10.3+deb8u1libwmf-dev_0.2.8.4-10.3+deb8u1_arm64.deb
Debian7i386libwmf0.2-7< 0.2.8.4-10.3+deb7u1libwmf0.2-7_0.2.8.4-10.3+deb7u1_i386.deb
Debian8armhflibwmf0.2-7< 0.2.8.4-10.3+deb8u1libwmf0.2-7_0.2.8.4-10.3+deb8u1_armhf.deb
Debian7armhflibwmf0.2-7< 0.2.8.4-10.3+deb7u1libwmf0.2-7_0.2.8.4-10.3+deb7u1_armhf.deb
Debian7alllibwmf-doc< 0.2.8.4-10.3+deb7u1libwmf-doc_0.2.8.4-10.3+deb7u1_all.deb
Debian8i386libwmf0.2-7< 0.2.8.4-10.3+deb8u1libwmf0.2-7_0.2.8.4-10.3+deb8u1_i386.deb
Debian7sparclibwmf0.2-7< 0.2.8.4-10.3+deb7u1libwmf0.2-7_0.2.8.4-10.3+deb7u1_sparc.deb
Debian6alllibwmf-doc< 0.2.8.4-6.2+deb6u2libwmf-doc_0.2.8.4-6.2+deb6u2_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	8	mipsel	libwmf-dev	< 0.2.8.4-10.3+deb8u1	libwmf-dev_0.2.8.4-10.3+deb8u1_mipsel.deb
Debian	8	armel	libwmf0.2-7	< 0.2.8.4-10.3+deb8u1	libwmf0.2-7_0.2.8.4-10.3+deb8u1_armel.deb
Debian	8	arm64	libwmf-dev	< 0.2.8.4-10.3+deb8u1	libwmf-dev_0.2.8.4-10.3+deb8u1_arm64.deb
Debian	7	i386	libwmf0.2-7	< 0.2.8.4-10.3+deb7u1	libwmf0.2-7_0.2.8.4-10.3+deb7u1_i386.deb
Debian	8	armhf	libwmf0.2-7	< 0.2.8.4-10.3+deb8u1	libwmf0.2-7_0.2.8.4-10.3+deb8u1_armhf.deb
Debian	7	armhf	libwmf0.2-7	< 0.2.8.4-10.3+deb7u1	libwmf0.2-7_0.2.8.4-10.3+deb7u1_armhf.deb
Debian	7	all	libwmf-doc	< 0.2.8.4-10.3+deb7u1	libwmf-doc_0.2.8.4-10.3+deb7u1_all.deb
Debian	8	i386	libwmf0.2-7	< 0.2.8.4-10.3+deb8u1	libwmf0.2-7_0.2.8.4-10.3+deb8u1_i386.deb
Debian	7	sparc	libwmf0.2-7	< 0.2.8.4-10.3+deb7u1	libwmf0.2-7_0.2.8.4-10.3+deb7u1_sparc.deb
Debian	6	all	libwmf-doc	< 0.2.8.4-6.2+deb6u2	libwmf-doc_0.2.8.4-6.2+deb6u2_all.deb