Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Security Week: March 23rd, 2015
Linux Advisory Watch: March 20th, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Debian: New lcms packages fix multiple vulnerabilities Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Debian Inadequate enforcement of fixed-length buffer limits allows an attacker to overflow a buffer on the stack, potentially enabling the execution of arbitrary code when a maliciously-crafted image is opened.
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1684                                     Devin Carraway
December 10, 2008           
- ------------------------------------------------------------------------

Package        : lcms
Vulnerability  : multiple vulnerabilities
Problem type   : local (remote)
Debian-specific: no
CVE Id(s)      : CVE-2008-5316 CVE-2008-5317

Two vulnerabilities have been found in lcms, a library and set of
commandline utilities for image color management.  The Common
Vulnerabilities and Exposures project identifies the following


    Inadequate enforcement of fixed-length buffer limits allows an
    attacker to overflow a buffer on the stack, potentially enabling
    the execution of arbitrary code when a maliciously-crafted
    image is opened.


    An integer sign error in reading image gamma data could allow an
    attacker to cause an under-sized buffer to be allocated for
    subsequent image data, with unknown consequences potentially
    including the execution of arbitrary code if a maliciously-crafted
    image is opened.

For the stable distribution (etch), these problems have been fixed in
version 1.14-1.1+etch1.

For the upcoming stable distribution (lenny), and the unstable
distribution (sid), these problems are fixed in version 1.17.dfsg-1.

We recommend that you upgrade your lcms packages.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch
- -------------------------------

Debian (stable)
- ---------------

Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:
    Size/MD5 checksum:     2000 10fb445280ea38542701017292ffb1ca
    Size/MD5 checksum:   791543 95a710dc757504f6b02677c1fab68e73
    Size/MD5 checksum:      636 188344016765736e5690a669a6dce88b

alpha architecture (DEC Alpha)
    Size/MD5 checksum:   179622 a64aa233ae03aa942c34e28af411f5fe
    Size/MD5 checksum:   153452 12b7bbd297ef50a85f19da90d1c4f30f
    Size/MD5 checksum:    61580 a821798d40f1d0990a053b825db129a8

amd64 architecture (AMD x86_64 (AMD64))
    Size/MD5 checksum:    53284 7eb60db022f80565251a0e4d9cadd8b2
    Size/MD5 checksum:   140288 2b3fa89b3757f0431e2ab3e44f7d1c08
    Size/MD5 checksum:   147692 e8be34ecb4af9f7cfe1e51c759fc2c27

arm architecture (ARM)
    Size/MD5 checksum:   135546 523110a99549778b3a5a9ddf38b381e5
    Size/MD5 checksum:   135376 0e4f0fabbc9a04bc593f1887a1bcf35f
    Size/MD5 checksum:    50962 7f38a7371ca57f25080f227a3a3b373a

hppa architecture (HP PA RISC)
    Size/MD5 checksum:   168420 e5aab4f34d88b9f8aefd43fed5f2fe78
    Size/MD5 checksum:    59120 88bf9add52df55b353d0d26508486a96
    Size/MD5 checksum:   157652 30f8396d4f78363befd2e0d72b9e56a8

i386 architecture (Intel ia32)
    Size/MD5 checksum:   137296 46695836065eb7b734e02706191872f7
    Size/MD5 checksum:    50592 4a0ca0dc60e6e212bf3692b2785b088b
    Size/MD5 checksum:   143282 850ff5b97f347775c1daad08280a5b38

ia64 architecture (Intel ia64)
    Size/MD5 checksum:   204162 abd829e3c02d54dc911aa4abe343e377
    Size/MD5 checksum:   195094 5766c05fb15abe32d908f7b607464bb7
    Size/MD5 checksum:    78422 6176b8abb40f4dc50ed80472fe835fa5

mips architecture (MIPS (Big Endian))
    Size/MD5 checksum:    51508 20274ee9af873cf1760fad77d4cb5720
    Size/MD5 checksum:   172570 4dc3f233db7f2c15b26b39a04e7dd1ba
    Size/MD5 checksum:   149190 db10ac87adfd9698890428f3119045fd

mipsel architecture (MIPS (Little Endian))
    Size/MD5 checksum:   150390 62a81236533a4b708919367d5939d34c
    Size/MD5 checksum:   173934 d8618284820cf47bc677c185c6ea5c39
    Size/MD5 checksum:    52142 2213c852eaab6fbfee23031401214ecd

powerpc architecture (PowerPC)
    Size/MD5 checksum:   147308 d0c6bcfe7a23740f15b4e8dae4b9ea74
    Size/MD5 checksum:    57630 cc7b4fc9ca44268952ef4b9fc97fe631
    Size/MD5 checksum:   147710 8b586e00c2f39017bd2d51e0632297af

s390 architecture (IBM S/390)
    Size/MD5 checksum:   142054 622fed5f31c26119ca611e5c5aa79b1d
    Size/MD5 checksum:    54150 45b3c4c471d977b53d40a2ab57e63591
    Size/MD5 checksum:   144324 f8f15540a7cdbcfe5fc32fe40b3e459b

sparc architecture (Sun SPARC/UltraSPARC)
    Size/MD5 checksum:   146618 2e09901e82467a8e02e12c958bf699db
    Size/MD5 checksum:    51410 7622942be787382b8abc72e9d709aeb8
    Size/MD5 checksum:   137480 111c3ff8c742773fc12237147f6d138c

  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list:
< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Tech Companies, Privacy Advocates Call for NSA Reform
Google warns of unauthorized TLS certificates trusted by almost all OSes
How Kevin Mitnick hacked the audience at CeBIT 2015
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.