Package name
libwmf
Date
2009-12-03
Advisory ID
MDVSA-2009:106-1
Affected versions
2008.0 i586 , 2008.0 x86_64

Problem description

Use-after-free vulnerability in the embedded GD library in libwmf
0.2.8.4 allows context-dependent attackers to cause a denial of service
(application crash) or possibly execute arbitrary code via a crafted
WMF file (CVE-2009-1364).

The updated packages have been patched to prevent this.

Update:

Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers

Updated packages

2008.0 i586

 e17c0edd7acbe9bb6cf561aa0b85dc0b  2008.0/i586/libwmf0.2_7-0.2.8.4-14.1mdv2008.0.i586.rpm
 f9dc9d614f9448d3a1495897b9f21be2  2008.0/i586/libwmf0.2_7-devel-0.2.8.4-14.1mdv2008.0.i586.rpm
 3a2f438e80d47d260bd953fd8ccb2451  2008.0/i586/libwmf-0.2.8.4-14.1mdv2008.0.i586.rpm 
 7b2f877fc6cb4766dbf77719e2750498  2008.0/SRPMS/libwmf-0.2.8.4-14.1mdv2008.0.src.rpm

2008.0 x86_64

 48865d83944f623fb80e5dd2ea43c46d  2008.0/x86_64/lib64wmf0.2_7-0.2.8.4-14.1mdv2008.0.x86_64.rpm
 17e8a4121bbb4336d7aeb3ded0c51446  2008.0/x86_64/lib64wmf0.2_7-devel-0.2.8.4-14.1mdv2008.0.x86_64.rpm
 bc6630356cf5ba7dd6ce7f97f623d034  2008.0/x86_64/libwmf-0.2.8.4-14.1mdv2008.0.x86_64.rpm 
 7b2f877fc6cb4766dbf77719e2750498  2008.0/SRPMS/libwmf-0.2.8.4-14.1mdv2008.0.src.rpm

References