Linux Security
Linux Security
Linux Security

Debian: New lcms packages fix multiple vulnerabilities

Date 09 Dec 2008
Posted By LinuxSecurity Advisories
Inadequate enforcement of fixed-length buffer limits allows an attacker to overflow a buffer on the stack, potentially enabling the execution of arbitrary code when a maliciously-crafted image is opened.
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1684                    This email address is being protected from spambots. You need JavaScript enabled to view it.                           Devin Carraway
December 10, 2008           
- ------------------------------------------------------------------------

Package        : lcms
Vulnerability  : multiple vulnerabilities
Problem type   : local (remote)
Debian-specific: no
CVE Id(s)      : CVE-2008-5316 CVE-2008-5317

Two vulnerabilities have been found in lcms, a library and set of
commandline utilities for image color management.  The Common
Vulnerabilities and Exposures project identifies the following


    Inadequate enforcement of fixed-length buffer limits allows an
    attacker to overflow a buffer on the stack, potentially enabling
    the execution of arbitrary code when a maliciously-crafted
    image is opened.


    An integer sign error in reading image gamma data could allow an
    attacker to cause an under-sized buffer to be allocated for
    subsequent image data, with unknown consequences potentially
    including the execution of arbitrary code if a maliciously-crafted
    image is opened.

For the stable distribution (etch), these problems have been fixed in
version 1.14-1.1+etch1.

For the upcoming stable distribution (lenny), and the unstable
distribution (sid), these problems are fixed in version 1.17.dfsg-1.

We recommend that you upgrade your lcms packages.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch
- -------------------------------

Debian (stable)
- ---------------

Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:
    Size/MD5 checksum:     2000 10fb445280ea38542701017292ffb1ca
    Size/MD5 checksum:   791543 95a710dc757504f6b02677c1fab68e73
    Size/MD5 checksum:      636 188344016765736e5690a669a6dce88b

alpha architecture (DEC Alpha)
    Size/MD5 checksum:   179622 a64aa233ae03aa942c34e28af411f5fe
    Size/MD5 checksum:   153452 12b7bbd297ef50a85f19da90d1c4f30f
    Size/MD5 checksum:    61580 a821798d40f1d0990a053b825db129a8

amd64 architecture (AMD x86_64 (AMD64))
    Size/MD5 checksum:    53284 7eb60db022f80565251a0e4d9cadd8b2
    Size/MD5 checksum:   140288 2b3fa89b3757f0431e2ab3e44f7d1c08
    Size/MD5 checksum:   147692 e8be34ecb4af9f7cfe1e51c759fc2c27

arm architecture (ARM)
    Size/MD5 checksum:   135546 523110a99549778b3a5a9ddf38b381e5
    Size/MD5 checksum:   135376 0e4f0fabbc9a04bc593f1887a1bcf35f
    Size/MD5 checksum:    50962 7f38a7371ca57f25080f227a3a3b373a

hppa architecture (HP PA RISC)
    Size/MD5 checksum:   168420 e5aab4f34d88b9f8aefd43fed5f2fe78
    Size/MD5 checksum:    59120 88bf9add52df55b353d0d26508486a96
    Size/MD5 checksum:   157652 30f8396d4f78363befd2e0d72b9e56a8

i386 architecture (Intel ia32)
    Size/MD5 checksum:   137296 46695836065eb7b734e02706191872f7
    Size/MD5 checksum:    50592 4a0ca0dc60e6e212bf3692b2785b088b
    Size/MD5 checksum:   143282 850ff5b97f347775c1daad08280a5b38

ia64 architecture (Intel ia64)
    Size/MD5 checksum:   204162 abd829e3c02d54dc911aa4abe343e377
    Size/MD5 checksum:   195094 5766c05fb15abe32d908f7b607464bb7
    Size/MD5 checksum:    78422 6176b8abb40f4dc50ed80472fe835fa5

mips architecture (MIPS (Big Endian))
    Size/MD5 checksum:    51508 20274ee9af873cf1760fad77d4cb5720
    Size/MD5 checksum:   172570 4dc3f233db7f2c15b26b39a04e7dd1ba
    Size/MD5 checksum:   149190 db10ac87adfd9698890428f3119045fd

mipsel architecture (MIPS (Little Endian))
    Size/MD5 checksum:   150390 62a81236533a4b708919367d5939d34c
    Size/MD5 checksum:   173934 d8618284820cf47bc677c185c6ea5c39
    Size/MD5 checksum:    52142 2213c852eaab6fbfee23031401214ecd

powerpc architecture (PowerPC)
    Size/MD5 checksum:   147308 d0c6bcfe7a23740f15b4e8dae4b9ea74
    Size/MD5 checksum:    57630 cc7b4fc9ca44268952ef4b9fc97fe631
    Size/MD5 checksum:   147710 8b586e00c2f39017bd2d51e0632297af

s390 architecture (IBM S/390)
    Size/MD5 checksum:   142054 622fed5f31c26119ca611e5c5aa79b1d
    Size/MD5 checksum:    54150 45b3c4c471d977b53d40a2ab57e63591
    Size/MD5 checksum:   144324 f8f15540a7cdbcfe5fc32fe40b3e459b

sparc architecture (Sun SPARC/UltraSPARC)
    Size/MD5 checksum:   146618 2e09901e82467a8e02e12c958bf699db
    Size/MD5 checksum:    51410 7622942be787382b8abc72e9d709aeb8
    Size/MD5 checksum:   137480 111c3ff8c742773fc12237147f6d138c

  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.


LinuxSecurity Poll

How frequently do you patch/update your system?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum 0 answer(s) and maximum 3 answer(s).
[{"id":"179","title":"As soon as patches\/updates are released - I track advisories for my distro(s) diligently","votes":"50","type":"x","order":"1","pct":80.65,"resources":[]},{"id":"180","title":"Every so often, when I think of it","votes":"7","type":"x","order":"2","pct":11.29,"resources":[]},{"id":"181","title":"Hardly ever","votes":"5","type":"x","order":"3","pct":8.06,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

Please vote first in order to view vote results.



bottom 200

Please enable / Bitte aktiviere JavaScript!
Veuillez activer / Por favor activa el Javascript![ ? ]

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.