Scientific Linux Security Update : libwmf on SL4.x, SL5.x i386/x86_64
High Nessus Plugin ID 60578
SynopsisThe remote Scientific Linux host is missing one or more security updates.
DescriptionA pointer use-after-free flaw was found in the GD graphics library embedded in libwmf. An attacker could create a specially crafted WMF file that would cause an application using libwmf to crash or, potentially, execute arbitrary code as the user running the application when opened by a victim. (CVE-2009-1364)
After installing the update, all applications using libwmf must be restarted for the update to take effect.
SolutionUpdate the affected libwmf and / or libwmf-devel packages.