LISTSERV - SCIENTIFIC-LINUX-ERRATA Archives

Synopsis:	Moderate: lcms security update
Issue date:	2009-01-07
CVE Names:	CVE-2008-5316 CVE-2008-5317

Multiple insufficient input validation flaws were discovered in LittleCMS.
An attacker could use these flaws to create a specially-crafted image file
which could cause an application using LittleCMS to crash, or, possibly,
execute arbitrary code when opened. (CVE-2008-5316, CVE-2008-5317)

SL 5.x

    SRPMS:
lcms-1.15-1.2.2.el5_2.2.src.rpm
    i386:
lcms-1.15-1.2.2.el5_2.2.i386.rpm
lcms-devel-1.15-1.2.2.el5_2.2.i386.rpm
python-lcms-1.15-1.2.2.el5_2.2.i386.rpm
    x86_64:
lcms-1.15-1.2.2.el5_2.2.i386.rpm
lcms-1.15-1.2.2.el5_2.2.x86_64.rpm
lcms-devel-1.15-1.2.2.el5_2.2.i386.rpm
lcms-devel-1.15-1.2.2.el5_2.2.x86_64.rpm
python-lcms-1.15-1.2.2.el5_2.2.x86_64.rpm

-Connie Sieh
-Troy Dawson