LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: July 28th, 2014
Linux Advisory Watch: July 25th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Debian: New lcms packages fix multiple vulnerabilities Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Debian Inadequate enforcement of fixed-length buffer limits allows an attacker to overflow a buffer on the stack, potentially enabling the execution of arbitrary code when a maliciously-crafted image is opened.
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1684                    security@debian.org
http://www.debian.org/security/                           Devin Carraway
December 10, 2008                     http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : lcms
Vulnerability  : multiple vulnerabilities
Problem type   : local (remote)
Debian-specific: no
CVE Id(s)      : CVE-2008-5316 CVE-2008-5317

Two vulnerabilities have been found in lcms, a library and set of
commandline utilities for image color management.  The Common
Vulnerabilities and Exposures project identifies the following
problems:

CVE-2008-5316

    Inadequate enforcement of fixed-length buffer limits allows an
    attacker to overflow a buffer on the stack, potentially enabling
    the execution of arbitrary code when a maliciously-crafted
    image is opened.

CVS-2008-5317

    An integer sign error in reading image gamma data could allow an
    attacker to cause an under-sized buffer to be allocated for
    subsequent image data, with unknown consequences potentially
    including the execution of arbitrary code if a maliciously-crafted
    image is opened.

For the stable distribution (etch), these problems have been fixed in
version 1.14-1.1+etch1.

For the upcoming stable distribution (lenny), and the unstable
distribution (sid), these problems are fixed in version 1.17.dfsg-1.

We recommend that you upgrade your lcms packages.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- -------------------------------

Debian (stable)
- ---------------

Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

  http://security.debian.org/pool/updates/main/l/lcms/lcms_1.15-1.1+etch1.diff.gz
    Size/MD5 checksum:     2000 10fb445280ea38542701017292ffb1ca
  http://security.debian.org/pool/updates/main/l/lcms/lcms_1.15.orig.tar.gz
    Size/MD5 checksum:   791543 95a710dc757504f6b02677c1fab68e73
  http://security.debian.org/pool/updates/main/l/lcms/lcms_1.15-1.1+etch1.dsc
    Size/MD5 checksum:      636 188344016765736e5690a669a6dce88b

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.15-1.1+etch1_alpha.deb
    Size/MD5 checksum:   179622 a64aa233ae03aa942c34e28af411f5fe
  http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.15-1.1+etch1_alpha.deb
    Size/MD5 checksum:   153452 12b7bbd297ef50a85f19da90d1c4f30f
  http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.15-1.1+etch1_alpha.deb
    Size/MD5 checksum:    61580 a821798d40f1d0990a053b825db129a8

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.15-1.1+etch1_amd64.deb
    Size/MD5 checksum:    53284 7eb60db022f80565251a0e4d9cadd8b2
  http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.15-1.1+etch1_amd64.deb
    Size/MD5 checksum:   140288 2b3fa89b3757f0431e2ab3e44f7d1c08
  http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.15-1.1+etch1_amd64.deb
    Size/MD5 checksum:   147692 e8be34ecb4af9f7cfe1e51c759fc2c27

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.15-1.1+etch1_arm.deb
    Size/MD5 checksum:   135546 523110a99549778b3a5a9ddf38b381e5
  http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.15-1.1+etch1_arm.deb
    Size/MD5 checksum:   135376 0e4f0fabbc9a04bc593f1887a1bcf35f
  http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.15-1.1+etch1_arm.deb
    Size/MD5 checksum:    50962 7f38a7371ca57f25080f227a3a3b373a

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.15-1.1+etch1_hppa.deb
    Size/MD5 checksum:   168420 e5aab4f34d88b9f8aefd43fed5f2fe78
  http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.15-1.1+etch1_hppa.deb
    Size/MD5 checksum:    59120 88bf9add52df55b353d0d26508486a96
  http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.15-1.1+etch1_hppa.deb
    Size/MD5 checksum:   157652 30f8396d4f78363befd2e0d72b9e56a8

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.15-1.1+etch1_i386.deb
    Size/MD5 checksum:   137296 46695836065eb7b734e02706191872f7
  http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.15-1.1+etch1_i386.deb
    Size/MD5 checksum:    50592 4a0ca0dc60e6e212bf3692b2785b088b
  http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.15-1.1+etch1_i386.deb
    Size/MD5 checksum:   143282 850ff5b97f347775c1daad08280a5b38

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.15-1.1+etch1_ia64.deb
    Size/MD5 checksum:   204162 abd829e3c02d54dc911aa4abe343e377
  http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.15-1.1+etch1_ia64.deb
    Size/MD5 checksum:   195094 5766c05fb15abe32d908f7b607464bb7
  http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.15-1.1+etch1_ia64.deb
    Size/MD5 checksum:    78422 6176b8abb40f4dc50ed80472fe835fa5

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.15-1.1+etch1_mips.deb
    Size/MD5 checksum:    51508 20274ee9af873cf1760fad77d4cb5720
  http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.15-1.1+etch1_mips.deb
    Size/MD5 checksum:   172570 4dc3f233db7f2c15b26b39a04e7dd1ba
  http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.15-1.1+etch1_mips.deb
    Size/MD5 checksum:   149190 db10ac87adfd9698890428f3119045fd

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.15-1.1+etch1_mipsel.deb
    Size/MD5 checksum:   150390 62a81236533a4b708919367d5939d34c
  http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.15-1.1+etch1_mipsel.deb
    Size/MD5 checksum:   173934 d8618284820cf47bc677c185c6ea5c39
  http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.15-1.1+etch1_mipsel.deb
    Size/MD5 checksum:    52142 2213c852eaab6fbfee23031401214ecd

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.15-1.1+etch1_powerpc.deb
    Size/MD5 checksum:   147308 d0c6bcfe7a23740f15b4e8dae4b9ea74
  http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.15-1.1+etch1_powerpc.deb
    Size/MD5 checksum:    57630 cc7b4fc9ca44268952ef4b9fc97fe631
  http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.15-1.1+etch1_powerpc.deb
    Size/MD5 checksum:   147710 8b586e00c2f39017bd2d51e0632297af

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.15-1.1+etch1_s390.deb
    Size/MD5 checksum:   142054 622fed5f31c26119ca611e5c5aa79b1d
  http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.15-1.1+etch1_s390.deb
    Size/MD5 checksum:    54150 45b3c4c471d977b53d40a2ab57e63591
  http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.15-1.1+etch1_s390.deb
    Size/MD5 checksum:   144324 f8f15540a7cdbcfe5fc32fe40b3e459b

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.15-1.1+etch1_sparc.deb
    Size/MD5 checksum:   146618 2e09901e82467a8e02e12c958bf699db
  http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.15-1.1+etch1_sparc.deb
    Size/MD5 checksum:    51410 7622942be787382b8abc72e9d709aeb8
  http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.15-1.1+etch1_sparc.deb
    Size/MD5 checksum:   137480 111c3ff8c742773fc12237147f6d138c


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
DARPA-derived secure microkernel goes open source tomorrow
Hacker Gary McKinnon turns into a search expert
Hackers seed Amazon cloud with potent denial-of-service bots
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.