-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 -------------------------------------------------------------------------- Turbolinux Security Advisory TLSA-2007-16 http://www.turbolinux.co.jp/security/ security-team@turbolinux.co.jp -------------------------------------------------------------------------- Original released date: 14 Mar 2007 Last revised: 14 Mar 2007 Package: libwmf Summary: libwmf buffer over flow More information: Libwmf is a library for reading vector images in Microsoft's native windows Metafile Format (WMF). Multiple vulnerabilities exist in gd graphics library. Impact: These vulnerabilities may allow remote attackers to execute arbitrary code via a malformed wmf file. Affected Products: - Turbolinux Appliance Server 2.0 - Turbolinux FUJI - Turbolinux 10 Server x64 Edition - Turbolinux 10 Server - Turbolinux Home - Turbolinux 10 F... - Turbolinux 10 Desktop Source Packages Size: MD5 libwmf-0.2.8.3-3.src.rpm 1752652 581255177e63bccd4f8257fb03cba965 Binary Packages Size: MD5 libwmf-0.2.8.3-3.i586.rpm 1039856 07a926f0f5442de4ecd3f52f5d664611 libwmf-devel-0.2.8.3-3.i586.rpm 184769 44e648d856229c046c8aea05a073979e Source Packages Size: MD5 libwmf-0.2.8.3-3.src.rpm 1752652 67dec7f1788a14ffc7467975710cd5e7 Binary Packages Size: MD5 libwmf-0.2.8.3-3.i686.rpm 1157840 be859ea68af080d3021337161121bb7d libwmf-devel-0.2.8.3-3.i686.rpm 204694 67496279751d317ec6dfd9539c02d804 Source Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/SRPMS/libwmf-0.2.8.3-3.src.rpm 1752652 e3cd8f190720e16c1f097d87c7b0974f Binary Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/libwmf-0.2.8.3-3.x86_64.rpm 1058994 e39518b6f4d988ef58daf35862b37d46 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/libwmf-debug-0.2.8.3-3.x86_64.rpm 550617 88c2c51171bccab8ee14d80b737c7209 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/libwmf-devel-0.2.8.3-3.x86_64.rpm 190141 d95bd2c641a38de3a53653570412498b Source Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/SRPMS/libwmf-0.2.8.3-3.src.rpm 1752652 947c9838c010177547c7b8b8350e60af Binary Packages Size: MD5 libwmf-0.2.8.3-3.i586.rpm 1039856 07a926f0f5442de4ecd3f52f5d664611 libwmf-debug-0.2.8.3-3.i586.rpm 553939 42c3b71475d0cca411ac3f6726894570 libwmf-devel-0.2.8.3-3.i586.rpm 184769 44e648d856229c046c8aea05a073979e Source Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/libwmf-0.2.8.3-3.src.rpm 1752652 86d6b546304080c390cd5fdded5f8d2c Binary Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/libwmf-0.2.8.3-3.i586.rpm 1040468 0cecc2a097cdeec045f40aae89aeea10 References: CVE [CVE-2007-0455] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0455 [CVE-2006-3376] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3376 [CVE-2004-0941] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0941 [CVE-2004-0990] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0990 -------------------------------------------------------------------------- Revision History 14 Mar 2007 Initial release -------------------------------------------------------------------------- Copyright(C) 2007 Turbolinux, Inc. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFF93MYK0LzjOqIJMwRApNOAKC+Tx1hym6+6JqyjHUJGITrAxKhvQCgtcOL RoLZ9ONmHySFO2/3fgwT2kU= =+Mdw -----END PGP SIGNATURE-----