Linux Security
    Linux Security
    Linux Security

    Debian: New lcms packages fix multiple vulnerabilities

    Date 09 Dec 2008
    Posted By LinuxSecurity Advisories
    Inadequate enforcement of fixed-length buffer limits allows an attacker to overflow a buffer on the stack, potentially enabling the execution of arbitrary code when a maliciously-crafted image is opened.
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-1684                    This email address is being protected from spambots. You need JavaScript enabled to view it.                           Devin Carraway
    December 10, 2008           
    - ------------------------------------------------------------------------
    Package        : lcms
    Vulnerability  : multiple vulnerabilities
    Problem type   : local (remote)
    Debian-specific: no
    CVE Id(s)      : CVE-2008-5316 CVE-2008-5317
    Two vulnerabilities have been found in lcms, a library and set of
    commandline utilities for image color management.  The Common
    Vulnerabilities and Exposures project identifies the following
        Inadequate enforcement of fixed-length buffer limits allows an
        attacker to overflow a buffer on the stack, potentially enabling
        the execution of arbitrary code when a maliciously-crafted
        image is opened.
        An integer sign error in reading image gamma data could allow an
        attacker to cause an under-sized buffer to be allocated for
        subsequent image data, with unknown consequences potentially
        including the execution of arbitrary code if a maliciously-crafted
        image is opened.
    For the stable distribution (etch), these problems have been fixed in
    version 1.14-1.1+etch1.
    For the upcoming stable distribution (lenny), and the unstable
    distribution (sid), these problems are fixed in version 1.17.dfsg-1.
    We recommend that you upgrade your lcms packages.
    Upgrade instructions
    - --------------------
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    Debian GNU/Linux 4.0 alias etch
    - -------------------------------
    Debian (stable)
    - ---------------
    Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
    Source archives:
        Size/MD5 checksum:     2000 10fb445280ea38542701017292ffb1ca
        Size/MD5 checksum:   791543 95a710dc757504f6b02677c1fab68e73
        Size/MD5 checksum:      636 188344016765736e5690a669a6dce88b
    alpha architecture (DEC Alpha)
        Size/MD5 checksum:   179622 a64aa233ae03aa942c34e28af411f5fe
        Size/MD5 checksum:   153452 12b7bbd297ef50a85f19da90d1c4f30f
        Size/MD5 checksum:    61580 a821798d40f1d0990a053b825db129a8
    amd64 architecture (AMD x86_64 (AMD64))
        Size/MD5 checksum:    53284 7eb60db022f80565251a0e4d9cadd8b2
        Size/MD5 checksum:   140288 2b3fa89b3757f0431e2ab3e44f7d1c08
        Size/MD5 checksum:   147692 e8be34ecb4af9f7cfe1e51c759fc2c27
    arm architecture (ARM)
        Size/MD5 checksum:   135546 523110a99549778b3a5a9ddf38b381e5
        Size/MD5 checksum:   135376 0e4f0fabbc9a04bc593f1887a1bcf35f
        Size/MD5 checksum:    50962 7f38a7371ca57f25080f227a3a3b373a
    hppa architecture (HP PA RISC)
        Size/MD5 checksum:   168420 e5aab4f34d88b9f8aefd43fed5f2fe78
        Size/MD5 checksum:    59120 88bf9add52df55b353d0d26508486a96
        Size/MD5 checksum:   157652 30f8396d4f78363befd2e0d72b9e56a8
    i386 architecture (Intel ia32)
        Size/MD5 checksum:   137296 46695836065eb7b734e02706191872f7
        Size/MD5 checksum:    50592 4a0ca0dc60e6e212bf3692b2785b088b
        Size/MD5 checksum:   143282 850ff5b97f347775c1daad08280a5b38
    ia64 architecture (Intel ia64)
        Size/MD5 checksum:   204162 abd829e3c02d54dc911aa4abe343e377
        Size/MD5 checksum:   195094 5766c05fb15abe32d908f7b607464bb7
        Size/MD5 checksum:    78422 6176b8abb40f4dc50ed80472fe835fa5
    mips architecture (MIPS (Big Endian))
        Size/MD5 checksum:    51508 20274ee9af873cf1760fad77d4cb5720
        Size/MD5 checksum:   172570 4dc3f233db7f2c15b26b39a04e7dd1ba
        Size/MD5 checksum:   149190 db10ac87adfd9698890428f3119045fd
    mipsel architecture (MIPS (Little Endian))
        Size/MD5 checksum:   150390 62a81236533a4b708919367d5939d34c
        Size/MD5 checksum:   173934 d8618284820cf47bc677c185c6ea5c39
        Size/MD5 checksum:    52142 2213c852eaab6fbfee23031401214ecd
    powerpc architecture (PowerPC)
        Size/MD5 checksum:   147308 d0c6bcfe7a23740f15b4e8dae4b9ea74
        Size/MD5 checksum:    57630 cc7b4fc9ca44268952ef4b9fc97fe631
        Size/MD5 checksum:   147710 8b586e00c2f39017bd2d51e0632297af
    s390 architecture (IBM S/390)
        Size/MD5 checksum:   142054 622fed5f31c26119ca611e5c5aa79b1d
        Size/MD5 checksum:    54150 45b3c4c471d977b53d40a2ab57e63591
        Size/MD5 checksum:   144324 f8f15540a7cdbcfe5fc32fe40b3e459b
    sparc architecture (Sun SPARC/UltraSPARC)
        Size/MD5 checksum:   146618 2e09901e82467a8e02e12c958bf699db
        Size/MD5 checksum:    51410 7622942be787382b8abc72e9d709aeb8
        Size/MD5 checksum:   137480 111c3ff8c742773fc12237147f6d138c
      These files will probably be moved into the stable distribution on
      its next update.
    - ---------------------------------------------------------------------------------
    For apt-get: deb stable/updates main
    For dpkg-ftp: dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.


    LinuxSecurity Poll

    'Tis the season of giving! How have you given back to the open-source community?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    [{"id":"171","title":"I've contributed to the development of an open-source project.","votes":"11","type":"x","order":"1","pct":34.38,"resources":[]},{"id":"172","title":"I've reviewed open-source code for security bugs.","votes":"6","type":"x","order":"2","pct":18.75,"resources":[]},{"id":"173","title":"I've made a donation to an open-source project.","votes":"15","type":"x","order":"3","pct":46.88,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.