SCIENTIFIC-LINUX-ERRATA Archives

March 2009

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Security ERRATA Moderate: lcms on SL5.x i386/x86_64
From:
Troy Dawson <[log in to unmask]>
Reply To:
Troy Dawson <[log in to unmask]>
Date:
Fri, 20 Mar 2009 15:49:42 -0500
Content-Type:
text/plain
Parts/Attachments:
text/plain (37 lines) 
Synopsis:	Moderate: lcms security update
Issue date:	2009-03-19
CVE Names:	CVE-2009-0581 CVE-2009-0723 CVE-2009-0733

Multiple integer overflow flaws which could lead to heap-based buffer
overflows, as well as multiple insufficient input validation flaws, were
found in LittleCMS. An attacker could use these flaws to create a
specially-crafted image file which could cause an application using
LittleCMS to crash, or, possibly, execute arbitrary code when opened by 
a victim. (CVE-2009-0723, CVE-2009-0733)

A memory leak flaw was found in LittleCMS. An application using 
LittleCMS could use excessive amount of memory, and possibly crash after 
using all available memory, if used to open specially-crafted images. 
(CVE-2009-0581)

All running applications using the lcms library must be restarted for 
the update to take effect.

SL 5.x

     SRPMS:
lcms-1.18-0.1.beta1.el5_3.2.src.rpm
     i386:
lcms-1.18-0.1.beta1.el5_3.2.i386.rpm
lcms-devel-1.18-0.1.beta1.el5_3.2.i386.rpm
python-lcms-1.18-0.1.beta1.el5_3.2.i386.rpm
     x86_64:
lcms-1.18-0.1.beta1.el5_3.2.i386.rpm
lcms-1.18-0.1.beta1.el5_3.2.x86_64.rpm
lcms-devel-1.18-0.1.beta1.el5_3.2.i386.rpm
lcms-devel-1.18-0.1.beta1.el5_3.2.x86_64.rpm
python-lcms-1.18-0.1.beta1.el5_3.2.x86_64.rpm

-Connie Sieh
-Troy Dawson

ATOM RSS1 RSS2