Debian: New lcms packages fix multiple vulnerabilities
Summary
- ------------------------------------------------------------------------Debian Security Advisory DSA-1684 security@debian.org http://www.debian.org/security/ Devin Carraway December 10, 2008 http://www.debian.org/security/faq - ------------------------------------------------------------------------Package : lcms Vulnerability : multiple vulnerabilities Problem type : local (remote) Debian-specific: no CVE Id(s) : CVE-2008-5316 CVE-2008-5317 Two vulnerabilities have been found in lcms, a library and set of commandline utilities for image color management. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-5316 Inadequate enforcement of fixed-length buffer limits allows an attacker to overflow a buffer on the stack, potentially enabling the execution of arbitrary code when a maliciously-crafted image is opened. CVS-2008-5317 An integer sign error in reading image gamma data could allow an attacker to cause an under-sized buffer to be allocated for subsequent image data, with unknown consequences potentially including the execution of arbitrary code if a maliciously-crafted image is opened. For the stable distribution (etch), these problems have been fixed in version 1.14-1.1+etch1. For the upcoming stable distribution (lenny), and the unstable distribution (sid), these problems are fixed in version 1.17.dfsg-1. We recommend that you upgrade your lcms packages. Upgrade instructions - --------------------wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - -------------------------------Debian (stable) - ---------------Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: Size/MD5 checksum: 2000 10fb445280ea38542701017292ffb1ca Size/MD5 checksum: 791543 95a710dc757504f6b02677c1fab68e73 Size/MD5 checksum: 636 188344016765736e5690a669a6dce88b alpha architecture (DEC Alpha) Size/MD5 checksum: 179622 a64aa233ae03aa942c34e28af411f5fe Size/MD5 checksum: 153452 12b7bbd297ef50a85f19da90d1c4f30f Size/MD5 checksum: 61580 a821798d40f1d0990a053b825db129a8 amd64 architecture (AMD x86_64 (AMD64)) Size/MD5 checksum: 53284 7eb60db022f80565251a0e4d9cadd8b2 Size/MD5 checksum: 140288 2b3fa89b3757f0431e2ab3e44f7d1c08 Size/MD5 checksum: 147692 e8be34ecb4af9f7cfe1e51c759fc2c27 arm architecture (ARM) Size/MD5 checksum: 135546 523110a99549778b3a5a9ddf38b381e5 Size/MD5 checksum: 135376 0e4f0fabbc9a04bc593f1887a1bcf35f Size/MD5 checksum: 50962 7f38a7371ca57f25080f227a3a3b373a hppa architecture (HP PA RISC) Size/MD5 checksum: 168420 e5aab4f34d88b9f8aefd43fed5f2fe78 Size/MD5 checksum: 59120 88bf9add52df55b353d0d26508486a96 Size/MD5 checksum: 157652 30f8396d4f78363befd2e0d72b9e56a8 i386 architecture (Intel ia32) Size/MD5 checksum: 137296 46695836065eb7b734e02706191872f7 Size/MD5 checksum: 50592 4a0ca0dc60e6e212bf3692b2785b088b Size/MD5 checksum: 143282 850ff5b97f347775c1daad08280a5b38 ia64 architecture (Intel ia64) Size/MD5 checksum: 204162 abd829e3c02d54dc911aa4abe343e377 Size/MD5 checksum: 195094 5766c05fb15abe32d908f7b607464bb7 Size/MD5 checksum: 78422 6176b8abb40f4dc50ed80472fe835fa5 mips architecture (MIPS (Big Endian)) Size/MD5 checksum: 51508 20274ee9af873cf1760fad77d4cb5720 Size/MD5 checksum: 172570 4dc3f233db7f2c15b26b39a04e7dd1ba Size/MD5 checksum: 149190 db10ac87adfd9698890428f3119045fd mipsel architecture (MIPS (Little Endian)) Size/MD5 checksum: 150390 62a81236533a4b708919367d5939d34c Size/MD5 checksum: 173934 d8618284820cf47bc677c185c6ea5c39 Size/MD5 checksum: 52142 2213c852eaab6fbfee23031401214ecd powerpc architecture (PowerPC) Size/MD5 checksum: 147308 d0c6bcfe7a23740f15b4e8dae4b9ea74 Size/MD5 checksum: 57630 cc7b4fc9ca44268952ef4b9fc97fe631 Size/MD5 checksum: 147710 8b586e00c2f39017bd2d51e0632297af s390 architecture (IBM S/390) Size/MD5 checksum: 142054 622fed5f31c26119ca611e5c5aa79b1d Size/MD5 checksum: 54150 45b3c4c471d977b53d40a2ab57e63591 Size/MD5 checksum: 144324 f8f15540a7cdbcfe5fc32fe40b3e459b sparc architecture (Sun SPARC/UltraSPARC) Size/MD5 checksum: 146618 2e09901e82467a8e02e12c958bf699db Size/MD5 checksum: 51410 7622942be787382b8abc72e9d709aeb8 Size/MD5 checksum: 137480 111c3ff8c742773fc12237147f6d138c These files will probably be moved into the stable distribution on its next update. - ---------------------------------------------------------------------------------For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org
Sign up to get the latest security news affecting Linux and
open source delivered straight to your inbox
Powered By
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.