Subject: | |
From: | |
Reply To: | |
Date: | Fri, 20 Mar 2009 15:49:42 -0500 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Synopsis: Moderate: lcms security update
Issue date: 2009-03-19
CVE Names: CVE-2009-0581 CVE-2009-0723 CVE-2009-0733
Multiple integer overflow flaws which could lead to heap-based buffer
overflows, as well as multiple insufficient input validation flaws, were
found in LittleCMS. An attacker could use these flaws to create a
specially-crafted image file which could cause an application using
LittleCMS to crash, or, possibly, execute arbitrary code when opened by
a victim. (CVE-2009-0723, CVE-2009-0733)
A memory leak flaw was found in LittleCMS. An application using
LittleCMS could use excessive amount of memory, and possibly crash after
using all available memory, if used to open specially-crafted images.
(CVE-2009-0581)
All running applications using the lcms library must be restarted for
the update to take effect.
SL 5.x
SRPMS:
lcms-1.18-0.1.beta1.el5_3.2.src.rpm
i386:
lcms-1.18-0.1.beta1.el5_3.2.i386.rpm
lcms-devel-1.18-0.1.beta1.el5_3.2.i386.rpm
python-lcms-1.18-0.1.beta1.el5_3.2.i386.rpm
x86_64:
lcms-1.18-0.1.beta1.el5_3.2.i386.rpm
lcms-1.18-0.1.beta1.el5_3.2.x86_64.rpm
lcms-devel-1.18-0.1.beta1.el5_3.2.i386.rpm
lcms-devel-1.18-0.1.beta1.el5_3.2.x86_64.rpm
python-lcms-1.18-0.1.beta1.el5_3.2.x86_64.rpm
-Connie Sieh
-Troy Dawson
|
|
|