Ubuntu 744-1: LittleCMS vulnerabilities

==========================================================Ubuntu Security Notice USN-744-1             March 23, 2009
lcms vulnerabilities
CVE-2009-0581, CVE-2009-0723, CVE-2009-0733
==========================================================
A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 7.10
Ubuntu 8.04 LTS
Ubuntu 8.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  liblcms1                        1.13-1ubuntu0.2

Ubuntu 7.10:
  liblcms1                        1.16-5ubuntu3.2
  python-liblcms                  1.16-5ubuntu3.2

Ubuntu 8.04 LTS:
  liblcms1                        1.16-7ubuntu1.2
  python-liblcms                  1.16-7ubuntu1.2

Ubuntu 8.10:
  liblcms1                        1.16-10ubuntu0.2
  python-liblcms                  1.16-10ubuntu0.2

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Chris Evans discovered that LittleCMS did not properly handle certain error
conditions, resulting in a large memory leak. If a user or automated system
were tricked into processing an image with malicious ICC tags, a remote
attacker could cause a denial of service. (CVE-2009-0581)

Chris Evans discovered that LittleCMS contained multiple integer overflows.
If a user or automated system were tricked into processing an image with
malicious ICC tags, a remote attacker could crash applications linked
against liblcms1, leading to a denial of service, or possibly execute
arbitrary code with user privileges. (CVE-2009-0723)

Chris Evans discovered that LittleCMS did not properly perform bounds
checking, leading to a buffer overflow. If a user or automated system were
tricked into processing an image with malicious ICC tags, a remote attacker
could execute arbitrary code with user privileges. (CVE-2009-0733)


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

          Size/MD5:    16399 ed8d931b572458a98ad21c867d5f2487
          Size/MD5:      647 a3baf912284c86827f6c3fb0dcac98ef
          Size/MD5:   585735 e627f43bbbd238895502402d942a6cfd

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

          Size/MD5:   137660 29da157489a51641ae67d41b30be3ede
          Size/MD5:   129768 f4d40f5a5f5e1ab682b10f672f6b4854
          Size/MD5:    40502 a7cbcd2f32516ff4b5b9a852a4b9f70b

  i386 architecture (x86 compatible Intel/AMD):

          Size/MD5:   124334 03d7898a87db8d20e2605fdb12ba1106
          Size/MD5:   118866 92d506d6462e2a1a8664171f9ea794c5
          Size/MD5:    37308 70dfcdb72c41765ad6e2eeb28ad547f1

  powerpc architecture (Apple Macintosh G3/G4/G5):

          Size/MD5:   132024 f5353a5fe0ecfd5aa08a3b7f03c998d5
          Size/MD5:   132484 c241cd5c31b808480852bcd888d7bf33
          Size/MD5:    44362 492040ce637ad39508f0a23f8e70887b

  sparc architecture (Sun SPARC/UltraSPARC):

          Size/MD5:   134932 e075347c7c6baca7ee5d3ae60f4c63f1
          Size/MD5:   125634 ea807c79db6752f9595f6eba6f2d0111
          Size/MD5:    38698 d0a84d8c4cf1a810a68a295f4639f1ea

Updated packages for Ubuntu 7.10:

  Source archives:

          Size/MD5:    25546 6d57bd85f90041967dd888a13c543c6b
          Size/MD5:     1015 e4d0440673a46a5bd817b9eceaecaecf
          Size/MD5:   911546 b07b623f3e712373ff713fb32cf23651

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

          Size/MD5:   675488 388c442370fc7967bd286897c4f239d6
          Size/MD5:   105052 16ab9288c04e0b94a9a8738b47a97110
          Size/MD5:    58286 e73aa168732afdb0910ee116a6eef129
          Size/MD5:   161084 e4436b4fedf7b2a6191450784cca3d16

  i386 architecture (x86 compatible Intel/AMD):

          Size/MD5:   626656 f40f43aab6f5c0a1e1f7f7f495e54589
          Size/MD5:    98788 b73751edf000dbf987ddb9df72d65bb1
          Size/MD5:    54738 9b8bde7acdc4d5b1ff0a6b64e01f6d70
          Size/MD5:   152060 5727b6b98955c53cecb3b25c8848e419

  lpia architecture (Low Power Intel Architecture):

          Size/MD5:   628756 21ef105956daf49e251122f9bc9f1c6b
          Size/MD5:    97530 5be86a2f6d2307ccf0d93557132cc76b
          Size/MD5:    55090 91144d0968cde6dd6c4c015f4f7d9627
          Size/MD5:   148344 7117264c524024da8165a35e9e28a058

  powerpc architecture (Apple Macintosh G3/G4/G5):

          Size/MD5:   764002 ed174a8221d6465cdb29553ee885a72f
          Size/MD5:   115248 7f73acafbfe531d4f0f9540b6dc7412f
          Size/MD5:    71982 ad80e7128d1853c63971f413435f9a71
          Size/MD5:   169926 d388443a572601382b2bfa06656e239a

  sparc architecture (Sun SPARC/UltraSPARC):

          Size/MD5:   658642 0b9646029e86357185a8f9c4f091bc69
          Size/MD5:   100794 3b0522813ccc70f75fb4e9dec7fc4e9c
          Size/MD5:    58342 1339297fb81a7414b0df67fce4f0ee3a
          Size/MD5:   160214 06a65eb2ee41a155152efa32faabc3b5

Updated packages for Ubuntu 8.04 LTS:

  Source archives:

          Size/MD5:    25728 059a45efcc1bae919504f7ec802efdd6
          Size/MD5:     1015 f6b20c88c9806747f5de29c02f9894b5
          Size/MD5:   911546 b07b623f3e712373ff713fb32cf23651

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

          Size/MD5:   671500 c7dca7c05efcac13d42129f5b49fa885
          Size/MD5:   102618 93fef15514a704d2de1eaed4b252c115
          Size/MD5:    58628 88880fd38759ffe74bcf4d2c7a02bcc7
          Size/MD5:   160744 cfb18ac1863e146b46191c44e2dc6a5f

  i386 architecture (x86 compatible Intel/AMD):

          Size/MD5:   623060 9933b7312e23ffa180ff4c09aede9120
          Size/MD5:    96198 3e217ba7f1f32576b7d02ae8bd4aadca
          Size/MD5:    54934 d68dd91d1a1aee88b63c8340f4d01344
          Size/MD5:   151784 776a7e1b5560fef837f23a5ace115002

  lpia architecture (Low Power Intel Architecture):

          Size/MD5:   628870 774bd02c36c944c2dac2269a94cc0100
          Size/MD5:    95566 ab3d60ec5641de6d0662e0219cd57e5a
          Size/MD5:    55350 50e094f7ac8eedf5936e5c7ddef90e1c
          Size/MD5:   148450 217cbd4b8c02ff8df23c728373236d33

  powerpc architecture (Apple Macintosh G3/G4/G5):

          Size/MD5:   756288 55d0c64d4159f90858507748f22999e0
          Size/MD5:   111106 cbb834eea02a261ff95f91ae8b2831d3
          Size/MD5:    72152 409259595d3216ddeedde008b3cf1cf5
          Size/MD5:   169264 a470e01317920a9e5a169f4250243a4d

  sparc architecture (Sun SPARC/UltraSPARC):

          Size/MD5:   655476 09dd2eb67d0e13e2461db7cf00ae085c
          Size/MD5:    98740 9fc94b2b933ca0e3a86af914b124ee58
          Size/MD5:    57760 3cbc1e97417d5e121a4f626bd2f28654
          Size/MD5:   159758 f64230560e7cba2256388e0f91c25e00

Updated packages for Ubuntu 8.10:

  Source archives:

          Size/MD5:    33307 b347c006de69915c5dab5bbd99aa82fa
          Size/MD5:     1354 572c5d2e2c22dbaef635368021b8a7c3
          Size/MD5:   911546 b07b623f3e712373ff713fb32cf23651

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

          Size/MD5:   198456 d881445e1669f437f889fe6845ea55b8
          Size/MD5:   107286 9d55d0afc3c28443074e65465916ac45
          Size/MD5:    59438 f72f735da78cf9c678df511f5164236f
          Size/MD5:   158234 691c0c50bf7184e662b4fba0693f70d0

  i386 architecture (x86 compatible Intel/AMD):

          Size/MD5:   192370 a5d482eecd04afac2970757520dd47c1
          Size/MD5:   100628 55e942db0d7beea1795285a98469fbe1
          Size/MD5:    55308 2c788031380f52c237f514796446a75b
          Size/MD5:   150304 b99f9f88a6952c84ad54e39c3b2bb622

  lpia architecture (Low Power Intel Architecture):

          Size/MD5:   188986 990370df3b90c3d51bc22c837f738b8b
          Size/MD5:    99768 ab5ae2fac0345f04dac2cd41de8d5528
          Size/MD5:    55666 da79498a812abdc927a21f660f271353
          Size/MD5:   145044 f79ee78633706be128a33f544396b26e

  powerpc architecture (Apple Macintosh G3/G4/G5):

          Size/MD5:   198206 bdbbcaf53c01e4c2241ae253b55af402
          Size/MD5:   113512 eda7c793d4b1f084986a6712a9ec63c2
          Size/MD5:    71934 b26d5a054f022131c138b5a68fa841f5
          Size/MD5:   165790 357084a7ac7fb3fd61bd5cb23a407e35

  sparc architecture (Sun SPARC/UltraSPARC):

          Size/MD5:   195826 9232d7265dc65c88420985ee565d02a6
          Size/MD5:   101024 64c774ed7d767b8d24e07fd19aa1ad24
          Size/MD5:    61116 c60bbdcb8ff337b9f9ef9750ff1acfab
          Size/MD5:   158180 268ea56e1620676c9e4bf866814fb99e
Ubuntu 744-1: LittleCMS vulnerabilities

Summary

Update Instructions

References

Package Information

Related News

Get the Latest News & Insights

News

Advisories

HOWTOs

Features

About Us

Powered By
