Security update for libwmf

Announcement ID:	SUSE-SU-2015:1378-1
Rating:	moderate
References:	bsc#831299 bsc#933109 bsc#936058 bsc#936062
Cross-References:	CVE-2015-0848 CVE-2015-4588 CVE-2015-4695 CVE-2015-4696
CVSS scores:
Affected Products:	SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP4

An update that solves four vulnerabilities can now be installed.

Description:

libwmf was updated to fix four security issues.

These security issues were fixed: - CVE-2015-4588: Heap-based buffer overflow in the DecodeImage function allowed remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted "run-length count" in an image in a WMF file (bsc#933109). - CVE-2015-0848: Heap-based buffer overflow allowed remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image (bsc#933109). - CVE-2015-4696: Use-after-free vulnerability allowed remote attackers to cause a denial of service (crash) via a crafted WMF file to the (1) wmf2gd or (2) wmf2eps command (bsc#936062). - CVE-2015-4695: meta.h allowed remote attackers to cause a denial of service (out-of-bounds read) via a crafted WMF file (bsc#936058).

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Desktop 11 SP3
  zypper in -t patch sledsp3-libwmf-12027=1
• SUSE Linux Enterprise Desktop 11 SP4
  zypper in -t patch sledsp4-libwmf-12027=1
• SUSE Linux Enterprise Software Development Kit 11 SP3
  zypper in -t patch sdksp3-libwmf-12027=1
• SUSE Linux Enterprise Software Development Kit 11 SP4
  zypper in -t patch sdksp4-libwmf-12027=1

Package List:

• SUSE Linux Enterprise Desktop 11 SP3 (x86_64 i586)
  • libwmf-0.2.8.4-206.29.29.1
• SUSE Linux Enterprise Desktop 11 SP4 (x86_64 i586)
  • libwmf-0.2.8.4-206.29.29.1
• SUSE Linux Enterprise Software Development Kit 11 SP3 (s390x x86_64 i586 ppc64 ia64)
  • libwmf-gnome-0.2.8.4-206.29.29.1
  • libwmf-0.2.8.4-206.29.29.1
  • libwmf-devel-0.2.8.4-206.29.29.1
• SUSE Linux Enterprise Software Development Kit 11 SP3 (ia64)
  • libwmf-gnome-x86-0.2.8.4-206.29.29.1
  • libwmf-x86-0.2.8.4-206.29.29.1
• SUSE Linux Enterprise Software Development Kit 11 SP3 (ppc64 s390x x86_64)
  • libwmf-32bit-0.2.8.4-206.29.29.1
  • libwmf-gnome-32bit-0.2.8.4-206.29.29.1
• SUSE Linux Enterprise Software Development Kit 11 SP4 (s390x x86_64 i586 ppc64 ia64)
  • libwmf-gnome-0.2.8.4-206.29.29.1
  • libwmf-0.2.8.4-206.29.29.1
  • libwmf-devel-0.2.8.4-206.29.29.1
• SUSE Linux Enterprise Software Development Kit 11 SP4 (ia64)
  • libwmf-gnome-x86-0.2.8.4-206.29.29.1
  • libwmf-x86-0.2.8.4-206.29.29.1
• SUSE Linux Enterprise Software Development Kit 11 SP4 (ppc64 s390x x86_64)
  • libwmf-32bit-0.2.8.4-206.29.29.1
  • libwmf-gnome-32bit-0.2.8.4-206.29.29.1

References:

• https://www.suse.com/security/cve/CVE-2015-0848.html
• https://www.suse.com/security/cve/CVE-2015-4588.html
• https://www.suse.com/security/cve/CVE-2015-4695.html
• https://www.suse.com/security/cve/CVE-2015-4696.html
• https://bugzilla.suse.com/show_bug.cgi?id=831299
• https://bugzilla.suse.com/show_bug.cgi?id=933109
• https://bugzilla.suse.com/show_bug.cgi?id=936058
• https://bugzilla.suse.com/show_bug.cgi?id=936062