Paketname
lcms
Datum
2009-05-21
Advisory ID
MDVSA-2009:121
Betroffene Versionen
2009.0 x86_64 , CS4.0 x86_64 , 2009.1 i586 , 2009.0 i586 , 2008.1 i586 , CS3.0 x86_64 , CS4.0 i586 , CS3.0 i586 , 2008.1 x86_64 , 2009.1 x86_64

Problembeschreibung

Multiple security vulnerabilities has been identified and fixed in
Little cms:

A memory leak flaw allows remote attackers to cause a denial of service
(memory consumption and application crash) via a crafted image file
(CVE-2009-0581).

Multiple integer overflows allow remote attackers to execute arbitrary
code via a crafted image file that triggers a heap-based buffer
overflow (CVE-2009-0723).

Multiple stack-based buffer overflows allow remote attackers to
execute arbitrary code via a crafted image file associated with a large
integer value for the (1) input or (2) output channel (CVE-2009-0733).

A flaw in the transformations of monochrome profiles allows remote
attackers to cause denial of service triggered by a NULL pointer
dereference via a crafted image file (CVE-2009-0793).

This update provides fixes for these issues.

Aktualisierte Pakete

2009.0 x86_64

 dd6a45fc122f1ef0011a8359d932227b  2009.0/x86_64/lcms-1.18-0.1mdv2009.0.x86_64.rpm
 de681b3655fef3bfcf9856280053b50d  2009.0/x86_64/lib64lcms1-1.18-0.1mdv2009.0.x86_64.rpm
 a91bcf179c1131d0fe60a9d73bdad9ac  2009.0/x86_64/lib64lcms-devel-1.18-0.1mdv2009.0.x86_64.rpm
 4260c271642bc12a5f79ab5a3220f5f3  2009.0/x86_64/python-lcms-1.18-0.1mdv2009.0.x86_64.rpm 
 2c0d76ae5dfc1a23187c29f9fd273095  2009.0/SRPMS/lcms-1.18-0.1mdv2009.0.src.rpm

CS4.0 x86_64

 642ce065be2e8f7a2dd78c1bf9f01652  corporate/4.0/x86_64/lib64lcms1-1.14-1.2.20060mlcs4.x86_64.rpm
 013930f39a842e899e93ca570a06f339  corporate/4.0/x86_64/lib64lcms1-devel-1.14-1.2.20060mlcs4.x86_64.rpm 
 a40dbfb4e5a44e09f101e9e6f8d62c17  corporate/4.0/SRPMS/liblcms-1.14-1.2.20060mlcs4.src.rpm

2009.1 i586

 a02457ee1cc925a81fc0a77ac9b98c24  2009.1/i586/lcms-1.18-1.1mdv2009.1.i586.rpm
 d6c2717a575aeb525648263e95625c2f  2009.1/i586/liblcms1-1.18-1.1mdv2009.1.i586.rpm
 8e087ea8d40a2aa6e8d9dfa2dd0950c1  2009.1/i586/liblcms-devel-1.18-1.1mdv2009.1.i586.rpm
 98f26f39aa5640e222466cdcf6ed24f6  2009.1/i586/python-lcms-1.18-1.1mdv2009.1.i586.rpm 
 32b9e76718ef78efbbe7a597fd4bdb06  2009.1/SRPMS/lcms-1.18-1.1mdv2009.1.src.rpm

2009.0 i586

 f5bf2caf081de92c5799da37e83f39d0  2009.0/i586/lcms-1.18-0.1mdv2009.0.i586.rpm
 85f6bbbbefbec9d3490a4c3fbdf9c231  2009.0/i586/liblcms1-1.18-0.1mdv2009.0.i586.rpm
 5bcd989e9fedc7ee8c526cfd3d00fd65  2009.0/i586/liblcms-devel-1.18-0.1mdv2009.0.i586.rpm
 6caf8993f41da57e0e158aa554354ccf  2009.0/i586/python-lcms-1.18-0.1mdv2009.0.i586.rpm 
 2c0d76ae5dfc1a23187c29f9fd273095  2009.0/SRPMS/lcms-1.18-0.1mdv2009.0.src.rpm

2008.1 i586

 9a7580fe81323030908640bc50ad5627  2008.1/i586/lcms-1.18-0.1mdv2008.1.i586.rpm
 a610fd40ca8dfa5a61dbc5aa0273a8ee  2008.1/i586/liblcms1-1.18-0.1mdv2008.1.i586.rpm
 8dc0e54d1fe702960377a30485bda276  2008.1/i586/liblcms-devel-1.18-0.1mdv2008.1.i586.rpm
 cee6b7b46b9264786e5f400c3df20431  2008.1/i586/python-lcms-1.18-0.1mdv2008.1.i586.rpm 
 fffadc37bb922b529603b92db03a60f8  2008.1/SRPMS/lcms-1.18-0.1mdv2008.1.src.rpm

CS3.0 x86_64

 32db1a46a9820ed9661ac8827e57e8c6  corporate/3.0/x86_64/lib64lcms1-1.10-1.2.C30mdk.x86_64.rpm
 746aa607bad4b1905a74d002118bdf56  corporate/3.0/x86_64/lib64lcms1-devel-1.10-1.2.C30mdk.x86_64.rpm 
 ee53e5c9feee02e5289561db727858e7  corporate/3.0/SRPMS/liblcms-1.10-1.2.C30mdk.src.rpm

CS4.0 i586

 24361175b29470601a26390c8fa3080d  corporate/4.0/i586/liblcms1-1.14-1.2.20060mlcs4.i586.rpm
 2caf72d253d56cf51cebfcaba3560eee  corporate/4.0/i586/liblcms1-devel-1.14-1.2.20060mlcs4.i586.rpm 
 a40dbfb4e5a44e09f101e9e6f8d62c17  corporate/4.0/SRPMS/liblcms-1.14-1.2.20060mlcs4.src.rpm

CS3.0 i586

 1ace45d4de049e1d52a91c5fe84e17b5  corporate/3.0/i586/liblcms1-1.10-1.2.C30mdk.i586.rpm
 b59d77bd5a8ed230a2a2bc6bfbfeaa8c  corporate/3.0/i586/liblcms1-devel-1.10-1.2.C30mdk.i586.rpm 
 ee53e5c9feee02e5289561db727858e7  corporate/3.0/SRPMS/liblcms-1.10-1.2.C30mdk.src.rpm

2008.1 x86_64

 905dda903e8d3bd75473da0e70f71fce  2008.1/x86_64/lcms-1.18-0.1mdv2008.1.x86_64.rpm
 a19547982d852c7573d19af613572146  2008.1/x86_64/lib64lcms1-1.18-0.1mdv2008.1.x86_64.rpm
 6b7b47196c922b9ce86378bb7b5eb61d  2008.1/x86_64/lib64lcms-devel-1.18-0.1mdv2008.1.x86_64.rpm
 bef4303cf6b191434321d5b9cfd5d9c4  2008.1/x86_64/python-lcms-1.18-0.1mdv2008.1.x86_64.rpm 
 fffadc37bb922b529603b92db03a60f8  2008.1/SRPMS/lcms-1.18-0.1mdv2008.1.src.rpm

2009.1 x86_64

 b4aace6b015870306b4c1c8d2adcefe2  2009.1/x86_64/lcms-1.18-1.1mdv2009.1.x86_64.rpm
 f05c6dab9d818b0602efa75a929a171a  2009.1/x86_64/lib64lcms1-1.18-1.1mdv2009.1.x86_64.rpm
 4d1a1e554c33d73173bc5930fc1a92f6  2009.1/x86_64/lib64lcms-devel-1.18-1.1mdv2009.1.x86_64.rpm
 194fc36923e4914fb27c40af8dc80c7a  2009.1/x86_64/python-lcms-1.18-1.1mdv2009.1.x86_64.rpm 
 32b9e76718ef78efbbe7a597fd4bdb06  2009.1/SRPMS/lcms-1.18-1.1mdv2009.1.src.rpm

Referenzen