Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

[ MDVSA-2009:121 ] lcms
From: security () mandriva com
Date: Thu, 21 May 2009 23:23:00 +0200


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2009:121
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : lcms
 Date    : May 21, 2009
 Affected: 2008.1, 2009.0, 2009.1, Corporate 3.0, Corporate 4.0
 _______________________________________________________________________

 Problem Description:

 Multiple security vulnerabilities has been identified and fixed in
 Little cms:
 
 A memory leak flaw allows remote attackers to cause a denial of service
 (memory consumption and application crash) via a crafted image file
 (CVE-2009-0581).
 
 Multiple integer overflows allow remote attackers to execute arbitrary
 code via a crafted image file that triggers a heap-based buffer
 overflow (CVE-2009-0723).
 
 Multiple stack-based buffer overflows allow remote attackers to
 execute arbitrary code via a crafted image file associated with a large
 integer value for the (1) input or (2) output channel (CVE-2009-0733).
 
 A flaw in the transformations of monochrome profiles allows remote
 attackers to cause denial of service triggered by a NULL pointer
 dereference via a crafted image file (CVE-2009-0793).
 
 This update provides fixes for these issues.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0581
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0723
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0733
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0793
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.1:
 9a7580fe81323030908640bc50ad5627  2008.1/i586/lcms-1.18-0.1mdv2008.1.i586.rpm
 a610fd40ca8dfa5a61dbc5aa0273a8ee  2008.1/i586/liblcms1-1.18-0.1mdv2008.1.i586.rpm
 8dc0e54d1fe702960377a30485bda276  2008.1/i586/liblcms-devel-1.18-0.1mdv2008.1.i586.rpm
 cee6b7b46b9264786e5f400c3df20431  2008.1/i586/python-lcms-1.18-0.1mdv2008.1.i586.rpm 
 fffadc37bb922b529603b92db03a60f8  2008.1/SRPMS/lcms-1.18-0.1mdv2008.1.src.rpm

 Mandriva Linux 2008.1/X86_64:
 905dda903e8d3bd75473da0e70f71fce  2008.1/x86_64/lcms-1.18-0.1mdv2008.1.x86_64.rpm
 a19547982d852c7573d19af613572146  2008.1/x86_64/lib64lcms1-1.18-0.1mdv2008.1.x86_64.rpm
 6b7b47196c922b9ce86378bb7b5eb61d  2008.1/x86_64/lib64lcms-devel-1.18-0.1mdv2008.1.x86_64.rpm
 bef4303cf6b191434321d5b9cfd5d9c4  2008.1/x86_64/python-lcms-1.18-0.1mdv2008.1.x86_64.rpm 
 fffadc37bb922b529603b92db03a60f8  2008.1/SRPMS/lcms-1.18-0.1mdv2008.1.src.rpm

 Mandriva Linux 2009.0:
 f5bf2caf081de92c5799da37e83f39d0  2009.0/i586/lcms-1.18-0.1mdv2009.0.i586.rpm
 85f6bbbbefbec9d3490a4c3fbdf9c231  2009.0/i586/liblcms1-1.18-0.1mdv2009.0.i586.rpm
 5bcd989e9fedc7ee8c526cfd3d00fd65  2009.0/i586/liblcms-devel-1.18-0.1mdv2009.0.i586.rpm
 6caf8993f41da57e0e158aa554354ccf  2009.0/i586/python-lcms-1.18-0.1mdv2009.0.i586.rpm 
 2c0d76ae5dfc1a23187c29f9fd273095  2009.0/SRPMS/lcms-1.18-0.1mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 dd6a45fc122f1ef0011a8359d932227b  2009.0/x86_64/lcms-1.18-0.1mdv2009.0.x86_64.rpm
 de681b3655fef3bfcf9856280053b50d  2009.0/x86_64/lib64lcms1-1.18-0.1mdv2009.0.x86_64.rpm
 a91bcf179c1131d0fe60a9d73bdad9ac  2009.0/x86_64/lib64lcms-devel-1.18-0.1mdv2009.0.x86_64.rpm
 4260c271642bc12a5f79ab5a3220f5f3  2009.0/x86_64/python-lcms-1.18-0.1mdv2009.0.x86_64.rpm 
 2c0d76ae5dfc1a23187c29f9fd273095  2009.0/SRPMS/lcms-1.18-0.1mdv2009.0.src.rpm

 Mandriva Linux 2009.1:
 a02457ee1cc925a81fc0a77ac9b98c24  2009.1/i586/lcms-1.18-1.1mdv2009.1.i586.rpm
 d6c2717a575aeb525648263e95625c2f  2009.1/i586/liblcms1-1.18-1.1mdv2009.1.i586.rpm
 8e087ea8d40a2aa6e8d9dfa2dd0950c1  2009.1/i586/liblcms-devel-1.18-1.1mdv2009.1.i586.rpm
 98f26f39aa5640e222466cdcf6ed24f6  2009.1/i586/python-lcms-1.18-1.1mdv2009.1.i586.rpm 
 32b9e76718ef78efbbe7a597fd4bdb06  2009.1/SRPMS/lcms-1.18-1.1mdv2009.1.src.rpm

 Mandriva Linux 2009.1/X86_64:
 b4aace6b015870306b4c1c8d2adcefe2  2009.1/x86_64/lcms-1.18-1.1mdv2009.1.x86_64.rpm
 f05c6dab9d818b0602efa75a929a171a  2009.1/x86_64/lib64lcms1-1.18-1.1mdv2009.1.x86_64.rpm
 4d1a1e554c33d73173bc5930fc1a92f6  2009.1/x86_64/lib64lcms-devel-1.18-1.1mdv2009.1.x86_64.rpm
 194fc36923e4914fb27c40af8dc80c7a  2009.1/x86_64/python-lcms-1.18-1.1mdv2009.1.x86_64.rpm 
 32b9e76718ef78efbbe7a597fd4bdb06  2009.1/SRPMS/lcms-1.18-1.1mdv2009.1.src.rpm

 Corporate 3.0:
 1ace45d4de049e1d52a91c5fe84e17b5  corporate/3.0/i586/liblcms1-1.10-1.2.C30mdk.i586.rpm
 b59d77bd5a8ed230a2a2bc6bfbfeaa8c  corporate/3.0/i586/liblcms1-devel-1.10-1.2.C30mdk.i586.rpm 
 ee53e5c9feee02e5289561db727858e7  corporate/3.0/SRPMS/liblcms-1.10-1.2.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 32db1a46a9820ed9661ac8827e57e8c6  corporate/3.0/x86_64/lib64lcms1-1.10-1.2.C30mdk.x86_64.rpm
 746aa607bad4b1905a74d002118bdf56  corporate/3.0/x86_64/lib64lcms1-devel-1.10-1.2.C30mdk.x86_64.rpm 
 ee53e5c9feee02e5289561db727858e7  corporate/3.0/SRPMS/liblcms-1.10-1.2.C30mdk.src.rpm

 Corporate 4.0:
 24361175b29470601a26390c8fa3080d  corporate/4.0/i586/liblcms1-1.14-1.2.20060mlcs4.i586.rpm
 2caf72d253d56cf51cebfcaba3560eee  corporate/4.0/i586/liblcms1-devel-1.14-1.2.20060mlcs4.i586.rpm 
 a40dbfb4e5a44e09f101e9e6f8d62c17  corporate/4.0/SRPMS/liblcms-1.14-1.2.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 642ce065be2e8f7a2dd78c1bf9f01652  corporate/4.0/x86_64/lib64lcms1-1.14-1.2.20060mlcs4.x86_64.rpm
 013930f39a842e899e93ca570a06f339  corporate/4.0/x86_64/lib64lcms1-devel-1.14-1.2.20060mlcs4.x86_64.rpm 
 a40dbfb4e5a44e09f101e9e6f8d62c17  corporate/4.0/SRPMS/liblcms-1.14-1.2.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFKFZjvmqjQ0CJFipgRAkeFAJ9ykO79nVFB8pNFu6GP5pHU2+pq4gCgunzs
+XW2vViKxpqHnmeM+tTFN4s=
=wTDp
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
  • [ MDVSA-2009:121 ] lcms security (May 21)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]