Debian Lenny: DSA-1745-2 Critical: Fixes for Lcms Memory Leak
debian
March 25, 2009
This update fixes a possible regression introduced in DSA-1745-1 and also enhances the security patch
Topics Covered
Summary
This update fixes a possible regression introduced in DSA-1745-1 and
also enhances the security patch. For reference the original advisory
text is below.
Several security issues have been discovered in lcms, a color management
library. The Common Vulnerabilities andi Exposures project identifies
the following problems:
CVE-2009-0581
Chris Evans discovered that lcms is affected by a memory leak, which
could result in a denial of service via specially crafted image files.
CVE-2009-0723
Chris Evans discovered that lcms is prone to several integer overflows
via specially crafted image files, which could lead to the execution of
arbitrary code.
CVE-2009-0733
Chris Evans discovered the lack of upper-gounds check on sizes leading
to a buffer overflow, which could be used to execute arbitrary code.
For the stable distribution (lenny), these problems have been fixed in
version 1.17.dfsg-1+lenny2.
For the oldstable distribution (etch), these problems have been fixed
in version 1.15-1.1+etch3.
For the testing dis...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!