MDVSA-2009:121-1
- Package name
- lcms
- Date
- 2009-12-02
- Advisory ID
- MDVSA-2009:121-1
- Affected versions
- 2008.0 i586 , 2008.0 x86_64
Problem description
Multiple security vulnerabilities has been identified and fixed in
Little cms:
A memory leak flaw allows remote attackers to cause a denial of service
(memory consumption and application crash) via a crafted image file
(CVE-2009-0581).
Multiple integer overflows allow remote attackers to execute arbitrary
code via a crafted image file that triggers a heap-based buffer
overflow (CVE-2009-0723).
Multiple stack-based buffer overflows allow remote attackers to
execute arbitrary code via a crafted image file associated with a large
integer value for the (1) input or (2) output channel (CVE-2009-0733).
A flaw in the transformations of monochrome profiles allows remote
attackers to cause denial of service triggered by a NULL pointer
dereference via a crafted image file (CVE-2009-0793).
This update provides fixes for these issues.
Update:
Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers
Updated packages
2008.0 i586
01ea2178c04452079b300c237a0bb21a 2008.0/i586/lcms-1.18-0.1mdv2008.0.i586.rpm 9d6e6424a4e9487cde5c12cfe958c94c 2008.0/i586/liblcms1-1.18-0.1mdv2008.0.i586.rpm 3b013ce5dc1da79da14815d18b5b7fc8 2008.0/i586/liblcms-devel-1.18-0.1mdv2008.0.i586.rpm 0637a9b11dca1342bced0eb697e0fde0 2008.0/i586/python-lcms-1.18-0.1mdv2008.0.i586.rpm 475e24d51d168208c431ffc814bf4c54 2008.0/SRPMS/lcms-1.18-0.1mdv2008.0.src.rpm
2008.0 x86_64
255e40215beea1b0192ac56c532a50ad 2008.0/x86_64/lcms-1.18-0.1mdv2008.0.x86_64.rpm 7c8d49f46ecb615a593e39ad512d4f9e 2008.0/x86_64/lib64lcms1-1.18-0.1mdv2008.0.x86_64.rpm b8e5511a200edaadaafa7ca62a058338 2008.0/x86_64/lib64lcms-devel-1.18-0.1mdv2008.0.x86_64.rpm ec3f3be64abd7a1c746fb759299382d2 2008.0/x86_64/python-lcms-1.18-0.1mdv2008.0.x86_64.rpm 475e24d51d168208c431ffc814bf4c54 2008.0/SRPMS/lcms-1.18-0.1mdv2008.0.src.rpm