LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: April 21st, 2014
Linux Security Week: April 7th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Debian: New lcms packages fix regression Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Debian Several security issues have been discovered in lcms, a color management library.
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1745-2                  security@debian.org
http://www.debian.org/security/                      Steffen Joeris
March 25, 2009                   	http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : lcms
Vulnerability  : several vulnerabilities
Problem type   : local (remote)
Debian-specific: no
CVE Ids        : CVE-2009-0581 CVE-2009-0723 CVE-2009-0733


This update fixes a possible regression introduced in DSA-1745-1 and
also enhances the security patch. For reference the original advisory
text is below.

Several security issues have been discovered in lcms, a color management
library. The Common Vulnerabilities andi Exposures project identifies
the following problems:


CVE-2009-0581

Chris Evans discovered that lcms is affected by a memory leak, which
could result in a denial of service via specially crafted image files.

CVE-2009-0723

Chris Evans discovered that lcms is prone to several integer overflows
via specially crafted image files, which could lead to the execution of
arbitrary code.

CVE-2009-0733

Chris Evans discovered the lack of upper-gounds check on sizes leading
to a buffer overflow, which could be used to execute arbitrary code.


For the stable distribution (lenny), these problems have been fixed in
version 1.17.dfsg-1+lenny2.

For the oldstable distribution (etch), these problems have been fixed
in version 1.15-1.1+etch3.

For the testing distribution (squeeze) and the unstable distribution
(sid), these problems will be fixed soon.


We recommend that you upgrade your lcms packages.


Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- -------------------------------

Debian (oldstable)
- ------------------

Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

  http://security.debian.org/pool/updates/main/l/lcms/lcms_1.15-1.1+etch3.diff.gz
    Size/MD5 checksum:     5160 16d7404b4dc2f31cfe8c83336013cddd
  http://security.debian.org/pool/updates/main/l/lcms/lcms_1.15-1.1+etch3.dsc
    Size/MD5 checksum:      644 5fe77039701cfa261d3ef84842d0e81e
  http://security.debian.org/pool/updates/main/l/lcms/lcms_1.15.orig.tar.gz
    Size/MD5 checksum:   791543 95a710dc757504f6b02677c1fab68e73

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.15-1.1+etch3_alpha.deb
    Size/MD5 checksum:   181316 b06ba5e4b64f5199ef241bd9fe8f293c
  http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.15-1.1+etch3_alpha.deb
    Size/MD5 checksum:    60246 89c087c9dd7e2d5dd2d78cbfb80c4017
  http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.15-1.1+etch3_alpha.deb
    Size/MD5 checksum:   154378 9ab10ab4eae2ad103b2a7abc18e6cfc4

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.15-1.1+etch3_amd64.deb
    Size/MD5 checksum:   149534 1c06e35f87a683ad05c0fb1503859b4b
  http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.15-1.1+etch3_amd64.deb
    Size/MD5 checksum:   141016 f957d77d929d2e5ab9a4749cafab3b65
  http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.15-1.1+etch3_amd64.deb
    Size/MD5 checksum:    53242 52fe759a62f8b111a65550f074c5037b

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.15-1.1+etch3_arm.deb
    Size/MD5 checksum:   136610 d7c849cdf0eef3e2c0c1318a31f9e7c1
  http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.15-1.1+etch3_arm.deb
    Size/MD5 checksum:   135176 501beeb4b4309ae863c8c0d46fde6b1a
  http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.15-1.1+etch3_arm.deb
    Size/MD5 checksum:    51742 bc7e60d9b5ac44efdf24a0b384f0f173

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.15-1.1+etch3_hppa.deb
    Size/MD5 checksum:   169464 312f7f7f841c09396a6c30ca76a35754
  http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.15-1.1+etch3_hppa.deb
    Size/MD5 checksum:   158496 9d0fa35be0159f82709447b53df2a003
  http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.15-1.1+etch3_hppa.deb
    Size/MD5 checksum:    59260 88e7279014e0482a797d54140e74e828

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.15-1.1+etch3_i386.deb
    Size/MD5 checksum:    50258 fa63f21e62c9fc8b863b60a3b470a840
  http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.15-1.1+etch3_i386.deb
    Size/MD5 checksum:   144134 58a63611f27e80b39537c28171211699
  http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.15-1.1+etch3_i386.deb
    Size/MD5 checksum:   138128 4c01410bae1d6508a77708206032871d

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.15-1.1+etch3_ia64.deb
    Size/MD5 checksum:    78588 17da81143523be8e6ea70be3c4044422
  http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.15-1.1+etch3_ia64.deb
    Size/MD5 checksum:   196180 68a05087486894adae92031ed3c7d510
  http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.15-1.1+etch3_ia64.deb
    Size/MD5 checksum:   205450 66244f6ebdf34dd656cf7bbbe649e110

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.15-1.1+etch3_mips.deb
    Size/MD5 checksum:   149686 8d5cb21c8f47d5576aa8d7aa5bfc6aa8
  http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.15-1.1+etch3_mips.deb
    Size/MD5 checksum:   173982 7101d5218722dc09f7c89e09b93bd9be
  http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.15-1.1+etch3_mips.deb
    Size/MD5 checksum:    52094 72ec336e06cf4042648d9ddd00509f35

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.15-1.1+etch3_mipsel.deb
    Size/MD5 checksum:   150926 c6a286b60bc31d2f48f3fb05209f0c83
  http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.15-1.1+etch3_mipsel.deb
    Size/MD5 checksum:    52290 91070dc723d6e000a7b78cb3221ef280
  http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.15-1.1+etch3_mipsel.deb
    Size/MD5 checksum:   175070 6f59ce0571035853680e96134062857d

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.15-1.1+etch3_powerpc.deb
    Size/MD5 checksum:   148372 30e1c544cbe11d7b207a361d0f8fadc7
  http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.15-1.1+etch3_powerpc.deb
    Size/MD5 checksum:   148342 68e7d1bd20e8a05ea8edc165e746a784
  http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.15-1.1+etch3_powerpc.deb
    Size/MD5 checksum:    57778 ac6467e6d888c9e64aed8612f0ec0f16

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.15-1.1+etch3_s390.deb
    Size/MD5 checksum:    54298 37e6c4d12f4f33b9b0e95119a27e9714
  http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.15-1.1+etch3_s390.deb
    Size/MD5 checksum:   143172 a95270d1b8a7c1f282fabdf349bea783
  http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.15-1.1+etch3_s390.deb
    Size/MD5 checksum:   145324 619d5b581922e40d17de03b31db02faf

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.15-1.1+etch3_sparc.deb
    Size/MD5 checksum:    51562 bf67e60a217cf1157fcd0a29a8ac1907
  http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.15-1.1+etch3_sparc.deb
    Size/MD5 checksum:   147482 cfef0937ca2d432f04bacbd1e7f8472a
  http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.15-1.1+etch3_sparc.deb
    Size/MD5 checksum:   138088 e40a9fb196fd26caec11619fbaf60cda


Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Debian (stable)
- ---------------

Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

  http://security.debian.org/pool/updates/main/l/lcms/lcms_1.17.dfsg-1+lenny2.dsc
    Size/MD5 checksum:     1299 196c0beecdeffca26d4fd76bfa1f13fa
  http://security.debian.org/pool/updates/main/l/lcms/lcms_1.17.dfsg.orig.tar.gz
    Size/MD5 checksum:   883148 efe7467bac4f10d9b354d5733489334d
  http://security.debian.org/pool/updates/main/l/lcms/lcms_1.17.dfsg-1+lenny2.diff.gz
    Size/MD5 checksum:    11880 df69500e72128def5994ef29c66a213a

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/l/lcms/python-liblcms_1.17.dfsg-1+lenny2_alpha.deb
    Size/MD5 checksum:   153634 0e6eec2a3310e2e1f700b2a05fd9130d
  http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.17.dfsg-1+lenny2_alpha.deb
    Size/MD5 checksum:    66082 d78ea1ba9b77d499abfcd32762a1cb4d
  http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.17.dfsg-1+lenny2_alpha.deb
    Size/MD5 checksum:   227824 daa5711586870a1c9ed8d3e522e13a5f
  http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.17.dfsg-1+lenny2_alpha.deb
    Size/MD5 checksum:   117318 d9a92db2a1208ce29f0907156c0f21ec

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.17.dfsg-1+lenny2_amd64.deb
    Size/MD5 checksum:   109436 ca441d44b110249b98976d93ee948968
  http://security.debian.org/pool/updates/main/l/lcms/python-liblcms_1.17.dfsg-1+lenny2_amd64.deb
    Size/MD5 checksum:   156844 eeaac6c774c317469343296904f2d8f2
  http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.17.dfsg-1+lenny2_amd64.deb
    Size/MD5 checksum:   198650 cba03a4c26fbf1d306d669301375d741
  http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.17.dfsg-1+lenny2_amd64.deb
    Size/MD5 checksum:    59352 5d8f067f54a1a1d1236100ec3198e07b

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.17.dfsg-1+lenny2_arm.deb
    Size/MD5 checksum:   187620 69df7534d2350b0d746a4c54c822a272
  http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.17.dfsg-1+lenny2_arm.deb
    Size/MD5 checksum:   100818 03391efaf6b0e8a2a557fa18fb593a96
  http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.17.dfsg-1+lenny2_arm.deb
    Size/MD5 checksum:    56184 d40c2a788175ea465fddf9695ae0c74e
  http://security.debian.org/pool/updates/main/l/lcms/python-liblcms_1.17.dfsg-1+lenny2_arm.deb
    Size/MD5 checksum:   135840 b184dfae5d2bc6f63118183b70746792

armel architecture (ARM EABI)

  http://security.debian.org/pool/updates/main/l/lcms/python-liblcms_1.17.dfsg-1+lenny2_armel.deb
    Size/MD5 checksum:   136226 0bbf79f1a6a8be0ff7543c3cd4e42140
  http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.17.dfsg-1+lenny2_armel.deb
    Size/MD5 checksum:   108536 e28f48cfbca91daa41344b019cf7d5c0
  http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.17.dfsg-1+lenny2_armel.deb
    Size/MD5 checksum:   195116 6460336eb5a0445b0c03d9696fb5fcbc
  http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.17.dfsg-1+lenny2_armel.deb
    Size/MD5 checksum:    60304 e851d20fb24e31bde2831f74c1fd73d8

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.17.dfsg-1+lenny2_hppa.deb
    Size/MD5 checksum:   217310 640dccdf2c7840500c4d4df9f53d1764
  http://security.debian.org/pool/updates/main/l/lcms/python-liblcms_1.17.dfsg-1+lenny2_hppa.deb
    Size/MD5 checksum:   181886 dff1392a724aec6efe449767176dfd48
  http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.17.dfsg-1+lenny2_hppa.deb
    Size/MD5 checksum:    63650 6108c4ddbb4d2b168fb9579e263d89ec
  http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.17.dfsg-1+lenny2_hppa.deb
    Size/MD5 checksum:   120824 fa7b2afd7746de92c8dbbf777a63be00

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/l/lcms/python-liblcms_1.17.dfsg-1+lenny2_i386.deb
    Size/MD5 checksum:   149512 a52ab7fa8e0e8b7876770443f7b33d26
  http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.17.dfsg-1+lenny2_i386.deb
    Size/MD5 checksum:   191776 67f020fc2fee74112c13c67b62bd33ac
  http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.17.dfsg-1+lenny2_i386.deb
    Size/MD5 checksum:    55334 d67ca2db867df6f180f370ea71352ba9
  http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.17.dfsg-1+lenny2_i386.deb
    Size/MD5 checksum:   102528 fce72bbf31189287d737104df10fb860

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.17.dfsg-1+lenny2_ia64.deb
    Size/MD5 checksum:    85106 bdb601f8e0628a183552ca9662395003
  http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.17.dfsg-1+lenny2_ia64.deb
    Size/MD5 checksum:   261388 1f4587b160e1417f7862062607aa9428
  http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.17.dfsg-1+lenny2_ia64.deb
    Size/MD5 checksum:   168410 32803bd752ab02745c1f5421d77e76e4
  http://security.debian.org/pool/updates/main/l/lcms/python-liblcms_1.17.dfsg-1+lenny2_ia64.deb
    Size/MD5 checksum:   184744 c1fc1cfab42a15f14069c7b4291b58d5

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.17.dfsg-1+lenny2_mips.deb
    Size/MD5 checksum:   113914 720820898fadfe0f5c9577b94d7d596d
  http://security.debian.org/pool/updates/main/l/lcms/python-liblcms_1.17.dfsg-1+lenny2_mips.deb
    Size/MD5 checksum:   133806 7c5158967ab58f8361c728470a8cf3ca
  http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.17.dfsg-1+lenny2_mips.deb
    Size/MD5 checksum:    57094 0c5f8a8e4b11636ee422e67a400d276a
  http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.17.dfsg-1+lenny2_mips.deb
    Size/MD5 checksum:   221442 cf73eb40bf7fca081eb72164cbad007b

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.17.dfsg-1+lenny2_mipsel.deb
    Size/MD5 checksum:   116858 5cc0672b4e6631a065822c4dbef8f6dd
  http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.17.dfsg-1+lenny2_mipsel.deb
    Size/MD5 checksum:    57180 e788b1715e993fd87bd450c05c8a4edb
  http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.17.dfsg-1+lenny2_mipsel.deb
    Size/MD5 checksum:   224906 9af1ae4fd0719c03af6bcd20c06fe8b1
  http://security.debian.org/pool/updates/main/l/lcms/python-liblcms_1.17.dfsg-1+lenny2_mipsel.deb
    Size/MD5 checksum:   130228 d0ab9d0595147cc05012d6d85c649c16

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.17.dfsg-1+lenny2_powerpc.deb
    Size/MD5 checksum:   197118 e968b8dc68cade76a972984ee7be6a42
  http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.17.dfsg-1+lenny2_powerpc.deb
    Size/MD5 checksum:   115862 6c63f6f6e720988973299bb7aaf16be1
  http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.17.dfsg-1+lenny2_powerpc.deb
    Size/MD5 checksum:    70946 87bf7ecd279df9b7a4378ad2aa0568b9
  http://security.debian.org/pool/updates/main/l/lcms/python-liblcms_1.17.dfsg-1+lenny2_powerpc.deb
    Size/MD5 checksum:   163524 888ccce8725b23b03e19ff03cd7c1dba

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.17.dfsg-1+lenny2_s390.deb
    Size/MD5 checksum:    61034 91931f080c60c2bed98b07c93a1d815c
  http://security.debian.org/pool/updates/main/l/lcms/python-liblcms_1.17.dfsg-1+lenny2_s390.deb
    Size/MD5 checksum:   137822 57fe47c765d8dd2bd68282180786a22a
  http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.17.dfsg-1+lenny2_s390.deb
    Size/MD5 checksum:   109236 12d604eb4030d11e5396cab3ad2be461
  http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.17.dfsg-1+lenny2_s390.deb
    Size/MD5 checksum:   191326 ab66b338cb32e84f441c45d07e44c744

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.17.dfsg-1+lenny2_sparc.deb
    Size/MD5 checksum:    58624 973b4ab50eaf18dbb55648a3b49e982c
  http://security.debian.org/pool/updates/main/l/lcms/python-liblcms_1.17.dfsg-1+lenny2_sparc.deb
    Size/MD5 checksum:   156994 d5a82f96ef78ee2739e35548c1d89953
  http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.17.dfsg-1+lenny2_sparc.deb
    Size/MD5 checksum:   102080 5aa8adf1027ae2a771f538b0630bcc77
  http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.17.dfsg-1+lenny2_sparc.deb
    Size/MD5 checksum:   195704 5040b60f738977f0686ab32e1b705bcc


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Fixing OpenSSL's Heartbleed flaw will take MONTHS, warns Secunia
Even the most secure cloud storage may not be so secure, study finds
Targeted Attack Uses Heartbleed to Hijack VPN Sessions
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.