Debian: New lcms packages fix multiple vulnerabilities

    Date09 Dec 2008
    CategoryDebian
    3622
    Posted ByLinuxSecurity Advisories
    Inadequate enforcement of fixed-length buffer limits allows an attacker to overflow a buffer on the stack, potentially enabling the execution of arbitrary code when a maliciously-crafted image is opened.
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-1684                    This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                           Devin Carraway
    December 10, 2008                     http://www.debian.org/security/faq
    - ------------------------------------------------------------------------
    
    Package        : lcms
    Vulnerability  : multiple vulnerabilities
    Problem type   : local (remote)
    Debian-specific: no
    CVE Id(s)      : CVE-2008-5316 CVE-2008-5317
    
    Two vulnerabilities have been found in lcms, a library and set of
    commandline utilities for image color management.  The Common
    Vulnerabilities and Exposures project identifies the following
    problems:
    
    CVE-2008-5316
    
        Inadequate enforcement of fixed-length buffer limits allows an
        attacker to overflow a buffer on the stack, potentially enabling
        the execution of arbitrary code when a maliciously-crafted
        image is opened.
    
    CVS-2008-5317
    
        An integer sign error in reading image gamma data could allow an
        attacker to cause an under-sized buffer to be allocated for
        subsequent image data, with unknown consequences potentially
        including the execution of arbitrary code if a maliciously-crafted
        image is opened.
    
    For the stable distribution (etch), these problems have been fixed in
    version 1.14-1.1+etch1.
    
    For the upcoming stable distribution (lenny), and the unstable
    distribution (sid), these problems are fixed in version 1.17.dfsg-1.
    
    We recommend that you upgrade your lcms packages.
    
    Upgrade instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 4.0 alias etch
    - -------------------------------
    
    Debian (stable)
    - ---------------
    
    Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
    
    Source archives:
    
      http://security.debian.org/pool/updates/main/l/lcms/lcms_1.15-1.1+etch1.diff.gz
        Size/MD5 checksum:     2000 10fb445280ea38542701017292ffb1ca
      http://security.debian.org/pool/updates/main/l/lcms/lcms_1.15.orig.tar.gz
        Size/MD5 checksum:   791543 95a710dc757504f6b02677c1fab68e73
      http://security.debian.org/pool/updates/main/l/lcms/lcms_1.15-1.1+etch1.dsc
        Size/MD5 checksum:      636 188344016765736e5690a669a6dce88b
    
    alpha architecture (DEC Alpha)
    
      http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.15-1.1+etch1_alpha.deb
        Size/MD5 checksum:   179622 a64aa233ae03aa942c34e28af411f5fe
      http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.15-1.1+etch1_alpha.deb
        Size/MD5 checksum:   153452 12b7bbd297ef50a85f19da90d1c4f30f
      http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.15-1.1+etch1_alpha.deb
        Size/MD5 checksum:    61580 a821798d40f1d0990a053b825db129a8
    
    amd64 architecture (AMD x86_64 (AMD64))
    
      http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.15-1.1+etch1_amd64.deb
        Size/MD5 checksum:    53284 7eb60db022f80565251a0e4d9cadd8b2
      http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.15-1.1+etch1_amd64.deb
        Size/MD5 checksum:   140288 2b3fa89b3757f0431e2ab3e44f7d1c08
      http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.15-1.1+etch1_amd64.deb
        Size/MD5 checksum:   147692 e8be34ecb4af9f7cfe1e51c759fc2c27
    
    arm architecture (ARM)
    
      http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.15-1.1+etch1_arm.deb
        Size/MD5 checksum:   135546 523110a99549778b3a5a9ddf38b381e5
      http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.15-1.1+etch1_arm.deb
        Size/MD5 checksum:   135376 0e4f0fabbc9a04bc593f1887a1bcf35f
      http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.15-1.1+etch1_arm.deb
        Size/MD5 checksum:    50962 7f38a7371ca57f25080f227a3a3b373a
    
    hppa architecture (HP PA RISC)
    
      http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.15-1.1+etch1_hppa.deb
        Size/MD5 checksum:   168420 e5aab4f34d88b9f8aefd43fed5f2fe78
      http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.15-1.1+etch1_hppa.deb
        Size/MD5 checksum:    59120 88bf9add52df55b353d0d26508486a96
      http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.15-1.1+etch1_hppa.deb
        Size/MD5 checksum:   157652 30f8396d4f78363befd2e0d72b9e56a8
    
    i386 architecture (Intel ia32)
    
      http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.15-1.1+etch1_i386.deb
        Size/MD5 checksum:   137296 46695836065eb7b734e02706191872f7
      http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.15-1.1+etch1_i386.deb
        Size/MD5 checksum:    50592 4a0ca0dc60e6e212bf3692b2785b088b
      http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.15-1.1+etch1_i386.deb
        Size/MD5 checksum:   143282 850ff5b97f347775c1daad08280a5b38
    
    ia64 architecture (Intel ia64)
    
      http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.15-1.1+etch1_ia64.deb
        Size/MD5 checksum:   204162 abd829e3c02d54dc911aa4abe343e377
      http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.15-1.1+etch1_ia64.deb
        Size/MD5 checksum:   195094 5766c05fb15abe32d908f7b607464bb7
      http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.15-1.1+etch1_ia64.deb
        Size/MD5 checksum:    78422 6176b8abb40f4dc50ed80472fe835fa5
    
    mips architecture (MIPS (Big Endian))
    
      http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.15-1.1+etch1_mips.deb
        Size/MD5 checksum:    51508 20274ee9af873cf1760fad77d4cb5720
      http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.15-1.1+etch1_mips.deb
        Size/MD5 checksum:   172570 4dc3f233db7f2c15b26b39a04e7dd1ba
      http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.15-1.1+etch1_mips.deb
        Size/MD5 checksum:   149190 db10ac87adfd9698890428f3119045fd
    
    mipsel architecture (MIPS (Little Endian))
    
      http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.15-1.1+etch1_mipsel.deb
        Size/MD5 checksum:   150390 62a81236533a4b708919367d5939d34c
      http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.15-1.1+etch1_mipsel.deb
        Size/MD5 checksum:   173934 d8618284820cf47bc677c185c6ea5c39
      http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.15-1.1+etch1_mipsel.deb
        Size/MD5 checksum:    52142 2213c852eaab6fbfee23031401214ecd
    
    powerpc architecture (PowerPC)
    
      http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.15-1.1+etch1_powerpc.deb
        Size/MD5 checksum:   147308 d0c6bcfe7a23740f15b4e8dae4b9ea74
      http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.15-1.1+etch1_powerpc.deb
        Size/MD5 checksum:    57630 cc7b4fc9ca44268952ef4b9fc97fe631
      http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.15-1.1+etch1_powerpc.deb
        Size/MD5 checksum:   147710 8b586e00c2f39017bd2d51e0632297af
    
    s390 architecture (IBM S/390)
    
      http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.15-1.1+etch1_s390.deb
        Size/MD5 checksum:   142054 622fed5f31c26119ca611e5c5aa79b1d
      http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.15-1.1+etch1_s390.deb
        Size/MD5 checksum:    54150 45b3c4c471d977b53d40a2ab57e63591
      http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.15-1.1+etch1_s390.deb
        Size/MD5 checksum:   144324 f8f15540a7cdbcfe5fc32fe40b3e459b
    
    sparc architecture (Sun SPARC/UltraSPARC)
    
      http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.15-1.1+etch1_sparc.deb
        Size/MD5 checksum:   146618 2e09901e82467a8e02e12c958bf699db
      http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.15-1.1+etch1_sparc.deb
        Size/MD5 checksum:    51410 7622942be787382b8abc72e9d709aeb8
      http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.15-1.1+etch1_sparc.deb
        Size/MD5 checksum:   137480 111c3ff8c742773fc12237147f6d138c
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"8","type":"x","order":"1","pct":57.14,"resources":[]},{"id":"88","title":"Should be more technical","votes":"3","type":"x","order":"2","pct":21.43,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"3","type":"x","order":"3","pct":21.43,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.