[SECURITY] [DLA 694-1] libwmf security update

2016-11-0214:31:34

lists.debian.org

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

Confidence

High

EPSS

0.003

Percentile

70.4%

JSON

Package : libwmf
Version : 0.2.8.4-10.3+deb7u2
CVE ID : CVE-2016-9011
Debian Bug : 842090

Agostino Sarubbo from Gentoo discovered a flaw in libwmf's Windows
Metafile Format (WMF) parser which caused allocation of excessive
amount of memory potentially leading to a crash.

For Debian 7 "Wheezy", these problems have been fixed in version
0.2.8.4-10.3+deb7u2.

We recommend that you upgrade your libwmf packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

OSVersionArchitecturePackageVersionFilename
Debian8i386libwmf0.2-7< 0.2.8.4-10.3+deb8u2libwmf0.2-7_0.2.8.4-10.3+deb8u2_i386.deb
Debian8s390xlibwmf-bin< 0.2.8.4-10.3+deb8u2libwmf-bin_0.2.8.4-10.3+deb8u2_s390x.deb
Debian7amd64libwmf0.2-7< 0.2.8.4-10.3+deb7u2libwmf0.2-7_0.2.8.4-10.3+deb7u2_amd64.deb
Debian7alllibwmf< 0.2.8.4-10.3+deb7u2libwmf_0.2.8.4-10.3+deb7u2_all.deb
Debian7i386libwmf0.2-7< 0.2.8.4-10.3+deb7u2libwmf0.2-7_0.2.8.4-10.3+deb7u2_i386.deb
Debian8powerpclibwmf-bin< 0.2.8.4-10.3+deb8u2libwmf-bin_0.2.8.4-10.3+deb8u2_powerpc.deb
Debian8alllibwmf-doc< 0.2.8.4-10.3+deb8u2libwmf-doc_0.2.8.4-10.3+deb8u2_all.deb
Debian8powerpclibwmf0.2-7< 0.2.8.4-10.3+deb8u2libwmf0.2-7_0.2.8.4-10.3+deb8u2_powerpc.deb
Debian8amd64libwmf-bin< 0.2.8.4-10.3+deb8u2libwmf-bin_0.2.8.4-10.3+deb8u2_amd64.deb
Debian8mipslibwmf-dev< 0.2.8.4-10.3+deb8u2libwmf-dev_0.2.8.4-10.3+deb8u2_mips.deb

OS	Version	Architecture	Package	Version	Filename
Debian	8	i386	libwmf0.2-7	< 0.2.8.4-10.3+deb8u2	libwmf0.2-7_0.2.8.4-10.3+deb8u2_i386.deb
Debian	8	s390x	libwmf-bin	< 0.2.8.4-10.3+deb8u2	libwmf-bin_0.2.8.4-10.3+deb8u2_s390x.deb
Debian	7	amd64	libwmf0.2-7	< 0.2.8.4-10.3+deb7u2	libwmf0.2-7_0.2.8.4-10.3+deb7u2_amd64.deb
Debian	7	all	libwmf	< 0.2.8.4-10.3+deb7u2	libwmf_0.2.8.4-10.3+deb7u2_all.deb
Debian	7	i386	libwmf0.2-7	< 0.2.8.4-10.3+deb7u2	libwmf0.2-7_0.2.8.4-10.3+deb7u2_i386.deb
Debian	8	powerpc	libwmf-bin	< 0.2.8.4-10.3+deb8u2	libwmf-bin_0.2.8.4-10.3+deb8u2_powerpc.deb
Debian	8	all	libwmf-doc	< 0.2.8.4-10.3+deb8u2	libwmf-doc_0.2.8.4-10.3+deb8u2_all.deb
Debian	8	powerpc	libwmf0.2-7	< 0.2.8.4-10.3+deb8u2	libwmf0.2-7_0.2.8.4-10.3+deb8u2_powerpc.deb
Debian	8	amd64	libwmf-bin	< 0.2.8.4-10.3+deb8u2	libwmf-bin_0.2.8.4-10.3+deb8u2_amd64.deb
Debian	8	mips	libwmf-dev	< 0.2.8.4-10.3+deb8u2	libwmf-dev_0.2.8.4-10.3+deb8u2_mips.deb