Package name
Advisory ID
Affected versions
2008.0 i586 , 2008.0 x86_64

Problem description

Multiple security vulnerabilities has been identified and fixed in
Little cms:

A memory leak flaw allows remote attackers to cause a denial of service
(memory consumption and application crash) via a crafted image file

Multiple integer overflows allow remote attackers to execute arbitrary
code via a crafted image file that triggers a heap-based buffer
overflow (CVE-2009-0723).

Multiple stack-based buffer overflows allow remote attackers to
execute arbitrary code via a crafted image file associated with a large
integer value for the (1) input or (2) output channel (CVE-2009-0733).

A flaw in the transformations of monochrome profiles allows remote
attackers to cause denial of service triggered by a NULL pointer
dereference via a crafted image file (CVE-2009-0793).

This update provides fixes for these issues.


Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers

Updated packages

2008.0 i586

 01ea2178c04452079b300c237a0bb21a  2008.0/i586/lcms-1.18-0.1mdv2008.0.i586.rpm
 9d6e6424a4e9487cde5c12cfe958c94c  2008.0/i586/liblcms1-1.18-0.1mdv2008.0.i586.rpm
 3b013ce5dc1da79da14815d18b5b7fc8  2008.0/i586/liblcms-devel-1.18-0.1mdv2008.0.i586.rpm
 0637a9b11dca1342bced0eb697e0fde0  2008.0/i586/python-lcms-1.18-0.1mdv2008.0.i586.rpm 
 475e24d51d168208c431ffc814bf4c54  2008.0/SRPMS/lcms-1.18-0.1mdv2008.0.src.rpm

2008.0 x86_64

 255e40215beea1b0192ac56c532a50ad  2008.0/x86_64/lcms-1.18-0.1mdv2008.0.x86_64.rpm
 7c8d49f46ecb615a593e39ad512d4f9e  2008.0/x86_64/lib64lcms1-1.18-0.1mdv2008.0.x86_64.rpm
 b8e5511a200edaadaafa7ca62a058338  2008.0/x86_64/lib64lcms-devel-1.18-0.1mdv2008.0.x86_64.rpm
 ec3f3be64abd7a1c746fb759299382d2  2008.0/x86_64/python-lcms-1.18-0.1mdv2008.0.x86_64.rpm 
 475e24d51d168208c431ffc814bf4c54  2008.0/SRPMS/lcms-1.18-0.1mdv2008.0.src.rpm