The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


[USN-693-1] LittleCMS vulnerability


<< Previous INDEX Search src / Print Next >>
Date: Wed, 17 Dec 2008 16:12:50 -0800
From: Kees Cook <kees@ubuntu.com.>
To: [email protected]
Subject: [USN-693-1] LittleCMS vulnerability
Message-ID: <20081218001250.GV9250@outflux.net.>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
        protocol="application/pgp-signature"; boundary="xXmbgvnjoT4axfJE"
Content-Disposition: inline
Organization: Ubuntu
X-MIMEDefang-Filter: outflux$Revision: 1.316 $
X-HELO: www.outflux.net
X-Scanned-By: MIMEDefang 2.63 on 10.2.0.1
X-Virus-Scanned: antivirus-gw at tyumen.ru


--xXmbgvnjoT4axfJE
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline


Ubuntu Security Notice USN-693-1 December 17, 2008 LittleCMS vulnerability CVE-2008-5317
A security issue affects the following Ubuntu releases: Ubuntu 7.10 Ubuntu 8.04 LTS Ubuntu 8.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 7.10: liblcms1 1.16-5ubuntu3.1 Ubuntu 8.04 LTS: liblcms1 1.16-7ubuntu1.1 Ubuntu 8.10: liblcms1 1.16-10ubuntu0.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that certain gamma operations in lcms were not correctly bounds-checked. If a user or automated system were tricked into processing a malicious image, a remote attacker could crash applications linked against liblcms1, leading to a denial of service, or possibly execute arbitrary code with user privileges. Updated packages for Ubuntu 7.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/l/lcms/lcms_1.16-5ubuntu3.1.diff.gz Size/MD5: 22270 1b07d069f29de87c948d397bb60f1c63 http://security.ubuntu.com/ubuntu/pool/main/l/lcms/lcms_1.16-5ubuntu3.1.dsc Size/MD5: 1053 52d8cf3618b1d68c4d847807145ff300 http://security.ubuntu.com/ubuntu/pool/main/l/lcms/lcms_1.16.orig.tar.gz Size/MD5: 911546 b07b623f3e712373ff713fb32cf23651 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/l/lcms/liblcms1-dev_1.16-5ubuntu3.1_amd64.deb Size/MD5: 674464 3ea01d1fb1e43a689d5aafe150702755 http://security.ubuntu.com/ubuntu/pool/main/l/lcms/liblcms1_1.16-5ubuntu3.1_amd64.deb Size/MD5: 104172 ebeeb2d5b7dfc5df6cd759900d29f1bd http://security.ubuntu.com/ubuntu/pool/universe/l/lcms/liblcms-utils_1.16-5ubuntu3.1_amd64.deb Size/MD5: 58010 cfc5b383ff04d603270e5e129a100a35 http://security.ubuntu.com/ubuntu/pool/universe/l/lcms/python-liblcms_1.16-5ubuntu3.1_amd64.deb Size/MD5: 160770 6ada95ac551daf18adf83eb0274eb15a i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/l/lcms/liblcms1-dev_1.16-5ubuntu3.1_i386.deb Size/MD5: 625654 5bca706031d3f2150a08ae8d4f252b5d http://security.ubuntu.com/ubuntu/pool/main/l/lcms/liblcms1_1.16-5ubuntu3.1_i386.deb Size/MD5: 98032 520b7d9b6f4e9ad58974ea574c594640 http://security.ubuntu.com/ubuntu/pool/universe/l/lcms/liblcms-utils_1.16-5ubuntu3.1_i386.deb Size/MD5: 54488 fa816dc4c97ffc22d8200d390ccbfdc3 http://security.ubuntu.com/ubuntu/pool/universe/l/lcms/python-liblcms_1.16-5ubuntu3.1_i386.deb Size/MD5: 151868 6a9d8575a81353384712b8b890c5d3db lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/l/lcms/liblcms1-dev_1.16-5ubuntu3.1_lpia.deb Size/MD5: 627708 35acd977e4ca7c9ba06c5a19d708f6a5 http://ports.ubuntu.com/pool/main/l/lcms/liblcms1_1.16-5ubuntu3.1_lpia.deb Size/MD5: 96818 483f473b4ec36e5baa6cbd87644fb0db http://ports.ubuntu.com/pool/universe/l/lcms/liblcms-utils_1.16-5ubuntu3.1_lpia.deb Size/MD5: 54790 10144bba21291ab939b0cbdcc82b39a8 http://ports.ubuntu.com/pool/universe/l/lcms/python-liblcms_1.16-5ubuntu3.1_lpia.deb Size/MD5: 148288 d638ba9bac48029ab63942b76086f9ec powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/l/lcms/liblcms1-dev_1.16-5ubuntu3.1_powerpc.deb Size/MD5: 763170 75eb4df9ffc2343940521d61386232d8 http://security.ubuntu.com/ubuntu/pool/main/l/lcms/liblcms1_1.16-5ubuntu3.1_powerpc.deb Size/MD5: 114370 0f56f9006b051e3f90ac255242ed55da http://security.ubuntu.com/ubuntu/pool/universe/l/lcms/liblcms-utils_1.16-5ubuntu3.1_powerpc.deb Size/MD5: 71750 313ced524c05c5b5524a43a6fe00b3b9 http://security.ubuntu.com/ubuntu/pool/universe/l/lcms/python-liblcms_1.16-5ubuntu3.1_powerpc.deb Size/MD5: 169576 99c75e89acf4c53d2da192131832ab61 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/l/lcms/liblcms1-dev_1.16-5ubuntu3.1_sparc.deb Size/MD5: 657440 32a668d688b45caf1b576d375067bab4 http://security.ubuntu.com/ubuntu/pool/main/l/lcms/liblcms1_1.16-5ubuntu3.1_sparc.deb Size/MD5: 100078 272239660086573a11e9117150e990a4 http://security.ubuntu.com/ubuntu/pool/universe/l/lcms/liblcms-utils_1.16-5ubuntu3.1_sparc.deb Size/MD5: 58090 d337f0c2012f27b06923b7e3bcc151a7 http://security.ubuntu.com/ubuntu/pool/universe/l/lcms/python-liblcms_1.16-5ubuntu3.1_sparc.deb Size/MD5: 160136 8b597e2f473e0df9a1d945f0e442940b Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/l/lcms/lcms_1.16-7ubuntu1.1.diff.gz Size/MD5: 22469 fcf92c912c23a981e7e876e954d8744d http://security.ubuntu.com/ubuntu/pool/main/l/lcms/lcms_1.16-7ubuntu1.1.dsc Size/MD5: 1053 cf6e6b3ad7d4d531db951e64c96fa6ce http://security.ubuntu.com/ubuntu/pool/main/l/lcms/lcms_1.16.orig.tar.gz Size/MD5: 911546 b07b623f3e712373ff713fb32cf23651 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/l/lcms/liblcms1-dev_1.16-7ubuntu1.1_amd64.deb Size/MD5: 670458 389170d9ba5385e3b87abd7fea8f250b http://security.ubuntu.com/ubuntu/pool/main/l/lcms/liblcms1_1.16-7ubuntu1.1_amd64.deb Size/MD5: 101744 1cdd5f38017276817630c69944817b93 http://security.ubuntu.com/ubuntu/pool/universe/l/lcms/liblcms-utils_1.16-7ubuntu1.1_amd64.deb Size/MD5: 58356 c0fefad25646dcb4e7f93159c42e6bcc http://security.ubuntu.com/ubuntu/pool/universe/l/lcms/python-liblcms_1.16-7ubuntu1.1_amd64.deb Size/MD5: 160436 b91c09489730b424726d26dfd8a4fe79 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/l/lcms/liblcms1-dev_1.16-7ubuntu1.1_i386.deb Size/MD5: 622152 844db5648952349416359497203ed5e1 http://security.ubuntu.com/ubuntu/pool/main/l/lcms/liblcms1_1.16-7ubuntu1.1_i386.deb Size/MD5: 95466 e7d24a75c74c87e420f911d7365b07dc http://security.ubuntu.com/ubuntu/pool/universe/l/lcms/liblcms-utils_1.16-7ubuntu1.1_i386.deb Size/MD5: 54672 70c3a777cd083539ea74ba1e1564ab31 http://security.ubuntu.com/ubuntu/pool/universe/l/lcms/python-liblcms_1.16-7ubuntu1.1_i386.deb Size/MD5: 151552 b6d5ab5fea28164ee431f2b453677519 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/l/lcms/liblcms1-dev_1.16-7ubuntu1.1_lpia.deb Size/MD5: 627770 b95154ae17f67303fa343c5e54a8c9af http://ports.ubuntu.com/pool/main/l/lcms/liblcms1_1.16-7ubuntu1.1_lpia.deb Size/MD5: 94872 53b3adcbc246094250ec98163a46b573 http://ports.ubuntu.com/pool/universe/l/lcms/liblcms-utils_1.16-7ubuntu1.1_lpia.deb Size/MD5: 55092 350254ecdd74305e75127fb3f9e8dd79 http://ports.ubuntu.com/pool/universe/l/lcms/python-liblcms_1.16-7ubuntu1.1_lpia.deb Size/MD5: 148254 2cd35a66c405452243b4a38b0a1e4453 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/l/lcms/liblcms1-dev_1.16-7ubuntu1.1_powerpc.deb Size/MD5: 755162 40848281cf1cb5f3bf5c122a7783e391 http://ports.ubuntu.com/pool/main/l/lcms/liblcms1_1.16-7ubuntu1.1_powerpc.deb Size/MD5: 110340 df518facbac1fa8fa3552b44057bc548 http://ports.ubuntu.com/pool/universe/l/lcms/liblcms-utils_1.16-7ubuntu1.1_powerpc.deb Size/MD5: 71892 caa429129d946b7213880e57c0f61b84 http://ports.ubuntu.com/pool/universe/l/lcms/python-liblcms_1.16-7ubuntu1.1_powerpc.deb Size/MD5: 168896 ca6554614940fced2f6f802e8eb77750 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/l/lcms/liblcms1-dev_1.16-7ubuntu1.1_sparc.deb Size/MD5: 654668 782d69b57421c081f2016fd9dad8b43d http://ports.ubuntu.com/pool/main/l/lcms/liblcms1_1.16-7ubuntu1.1_sparc.deb Size/MD5: 98028 3661278c58ed7be1aa7fa65d4ec49203 http://ports.ubuntu.com/pool/universe/l/lcms/liblcms-utils_1.16-7ubuntu1.1_sparc.deb Size/MD5: 57514 71726d5636e96491a3a3fdc1600743b7 http://ports.ubuntu.com/pool/universe/l/lcms/python-liblcms_1.16-7ubuntu1.1_sparc.deb Size/MD5: 159470 25cdabf9bf9b16771588d58d42503007 Updated packages for Ubuntu 8.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/l/lcms/lcms_1.16-10ubuntu0.1.diff.gz Size/MD5: 29404 eacd820823911007b6b21265abdae350 http://security.ubuntu.com/ubuntu/pool/main/l/lcms/lcms_1.16-10ubuntu0.1.dsc Size/MD5: 1392 c16d4901c439d15942787ce7b9ac6cfb http://security.ubuntu.com/ubuntu/pool/main/l/lcms/lcms_1.16.orig.tar.gz Size/MD5: 911546 b07b623f3e712373ff713fb32cf23651 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/l/lcms/liblcms1-dev_1.16-10ubuntu0.1_amd64.deb Size/MD5: 197204 4b79b0c8731fdf766005eaff996150dc http://security.ubuntu.com/ubuntu/pool/main/l/lcms/liblcms1_1.16-10ubuntu0.1_amd64.deb Size/MD5: 106476 5ecee5ef79c27485f1b0129b9d4c1b93 http://security.ubuntu.com/ubuntu/pool/universe/l/lcms/liblcms-utils_1.16-10ubuntu0.1_amd64.deb Size/MD5: 59174 401a56d3d9cd7bab04a10c6b2cd33365 http://security.ubuntu.com/ubuntu/pool/universe/l/lcms/python-liblcms_1.16-10ubuntu0.1_amd64.deb Size/MD5: 158102 9efb209d3c595f41f66d7d26ad8e3588 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/l/lcms/liblcms1-dev_1.16-10ubuntu0.1_i386.deb Size/MD5: 191302 98aba1dab86b168b6e951f6f3956b5ba http://security.ubuntu.com/ubuntu/pool/main/l/lcms/liblcms1_1.16-10ubuntu0.1_i386.deb Size/MD5: 99828 7845d9d8f2fbfa21ee32c3729c2d9868 http://security.ubuntu.com/ubuntu/pool/universe/l/lcms/liblcms-utils_1.16-10ubuntu0.1_i386.deb Size/MD5: 55068 5efbdd09f294552f6ccabd0e5629c3a2 http://security.ubuntu.com/ubuntu/pool/universe/l/lcms/python-liblcms_1.16-10ubuntu0.1_i386.deb Size/MD5: 150090 7666a4cbf4388488b619197f64330064 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/l/lcms/liblcms1-dev_1.16-10ubuntu0.1_lpia.deb Size/MD5: 187792 8a3293477e04f876ff7c75564536be6b http://ports.ubuntu.com/pool/main/l/lcms/liblcms1_1.16-10ubuntu0.1_lpia.deb Size/MD5: 98944 79a6c1e8506d75c4dbd35e3e0a4503c9 http://ports.ubuntu.com/pool/universe/l/lcms/liblcms-utils_1.16-10ubuntu0.1_lpia.deb Size/MD5: 55426 28af10c678fd5115a92eba1c163ae720 http://ports.ubuntu.com/pool/universe/l/lcms/python-liblcms_1.16-10ubuntu0.1_lpia.deb Size/MD5: 144842 f33dbd92568f48569d8f94bfa26c51f8 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/l/lcms/liblcms1-dev_1.16-10ubuntu0.1_powerpc.deb Size/MD5: 196914 012cf48172fedf8948325e3a256e9af2 http://ports.ubuntu.com/pool/main/l/lcms/liblcms1_1.16-10ubuntu0.1_powerpc.deb Size/MD5: 112694 47dae0b542510d60b1b09d88c5cef85e http://ports.ubuntu.com/pool/universe/l/lcms/liblcms-utils_1.16-10ubuntu0.1_powerpc.deb Size/MD5: 71708 b6cfa22b59f238b33a9910a7883784cf http://ports.ubuntu.com/pool/universe/l/lcms/python-liblcms_1.16-10ubuntu0.1_powerpc.deb Size/MD5: 165428 b390b6ee91a623610fe31af830238711 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/l/lcms/liblcms1-dev_1.16-10ubuntu0.1_sparc.deb Size/MD5: 194928 32851f26520fcf3c9648262ef8e9f789 http://ports.ubuntu.com/pool/main/l/lcms/liblcms1_1.16-10ubuntu0.1_sparc.deb Size/MD5: 100278 41519fa060778d9262e9a1213f6f5377 http://ports.ubuntu.com/pool/universe/l/lcms/liblcms-utils_1.16-10ubuntu0.1_sparc.deb Size/MD5: 60870 fe6c4d54bda7e4666ab6204dd298941c http://ports.ubuntu.com/pool/universe/l/lcms/python-liblcms_1.16-10ubuntu0.1_sparc.deb Size/MD5: 157904 1fe77086778f73964b4caa015182003e --xXmbgvnjoT4axfJE Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Kees Cook <kees@outflux.net.> iEYEARECAAYFAklJlYIACgkQH/9LqRcGPm0mHwCfYMWCipR6LACwxtBq4cLe8Ana scIAnjCHZN5TpyvxrxtILmtSIcwpm1g+ =uAXt -----END PGP SIGNATURE----- --xXmbgvnjoT4axfJE--

<< Previous INDEX Search src / Print Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру