Is Linux vulnerable to the WMF-blunder too?
There have been alot of noise about the "recent" WMF-vulnerability targeted at all versions of Windows since 3.11. I've participated in discussions regarding Microsofts way of handling this issue in various swedish forums, such as at
A side note - I installed Gimp today to convert a PNG-file to a Tiff-file, which is the format of images that my publisher at IDG requests. I use the Linux distribution Kubuntu on my workstation, and thus the package system APT. Here's the output of that installation:
neewt@twosome:~$ sudo apt-get install gimp
Password:
Reading package lists... Done
Building dependency tree... Done
The following extra packages will be installed:
gimp-data libgimp2.0 libwmf0.2-7
Suggested packages:
gimp-help-en gimp-help gimp-python libgimp-perl gimp-data-extras
Recommended packages:
gimp-svg
The following NEW packages will be installed:
gimp gimp-data libgimp2.0 libwmf0.2-7
0 upgraded, 4 newly installed, 0 to remove and 51 not upgraded.
Need to get 5441kB of archives.
After unpacking 30.4MB of additional disk space will be used.
Do you want to continue
Get:1 http://se.archive.ubuntu.com breezy/main gimp-data 2.2.8-2ubuntu6 <2079kB>
Get:2 http://se.archive.ubuntu.com breezy/main libgimp2.0 2.2.8-2ubuntu6 <404kB>
Get:3 http://se.archive.ubuntu.com breezy/main libwmf0.2-7 0.2.8.3-2 <153kB>
Get:4 http://se.archive.ubuntu.com breezy/main gimp 2.2.8-2ubuntu6 <2805kB>
Fetched 5441kB in 9s (559kB/s)
Preconfiguring packages …
Selecting previously deselected package gimp-data.
(Reading database … 112476 files and directories currently installed.)
Unpacking gimp-data (from …/gimp-data_2.2.8-2ubuntu6_all.deb) …
Selecting previously deselected package libgimp2.0.
Unpacking libgimp2.0 (from …/libgimp2.0_2.2.8-2ubuntu6_i386.deb) …
Selecting previously deselected package libwmf0.2-7.
Unpacking libwmf0.2-7 (from …/libwmf0.2-7_0.2.8.3-2_i386.deb) …
Selecting previously deselected package gimp.
Unpacking gimp (from …/gimp_2.2.8-2ubuntu6_i386.deb) …
Setting up gimp-data (2.2.8-2ubuntu6) …
Setting up libgimp2.0 (2.2.8-2ubuntu6) …
Setting up libwmf0.2-7 (0.2.8.3-2) …
Updating the gdk-pixbuf loaders list for GTK+-2.4.0…done.
Updating font configuration of libwmf0.2-7…
Cleaning up category type1..
Cleaning up category truetype..
Updating category truetype..
Updating category type1..
Setting up gimp (2.2.8-2ubuntu6) …
neewt@twosome:~$
Note, Unpacking libwmf0.2-7 (from …/libwmf0.2-7_0.2.8.3-2_i386.deb) and Setting up libwmf0.2-7 (0.2.8.3-2). Here's the description of that package:
Description: Windows metafile conversion library
Windows metafile (WMF) is a picture format used by many Windows
programs, e.g. Microsoft Word. libwmf is a library for interpreting
metafile images and either displaying them using X or converting them
to standard formats such as PNG, JPEG, PS, EPS and SVG(Z)...
Can't help imagining if this opensource library also is vulnerable - But I doubt it. I'm not even sure what this specific library have the function and method that is vulnerable in Microsofts case.