The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


[USN-652-1] LittleCMS vulnerability


<< Previous INDEX Search src / Print Next >>
Date: Tue, 14 Oct 2008 10:24:07 -0700
From: Kees Cook <kees@ubuntu.com.>
To: [email protected]
Subject: [USN-652-1] LittleCMS vulnerability
Message-ID: <20081014172407.GX17241@outflux.net.>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
        protocol="application/pgp-signature"; boundary="48TaNjbzBVislYPb"
Content-Disposition: inline
Organization: Ubuntu
X-MIMEDefang-Filter: outflux$Revision: 1.316 $
X-HELO: www.outflux.net
X-Scanned-By: MIMEDefang 2.63 on 10.2.0.1
X-Virus-Scanned: antivirus-gw at tyumen.ru


--48TaNjbzBVislYPb
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline


Ubuntu Security Notice USN-652-1 October 14, 2008 lcms vulnerability CVE-2007-2741
A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: liblcms1 1.13-1ubuntu0.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Chris Evans discovered that certain ICC operations in lcms were not correctly bounds-checked. If a user or automated system were tricked into processing an image with malicious ICC tags, a remote attacker could crash applications linked against liblcms1, leading to a denial of service, or possibly execute arbitrary code with user privileges. Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/l/lcms/lcms_1.13-1ubuntu0.1.diff.gz Size/MD5: 13103 4617c440a02960e1f962a88c1c21a9cc http://security.ubuntu.com/ubuntu/pool/main/l/lcms/lcms_1.13-1ubuntu0.1.dsc Size/MD5: 685 507f6385801f19716737a5089d33116d http://security.ubuntu.com/ubuntu/pool/main/l/lcms/lcms_1.13.orig.tar.gz Size/MD5: 585735 e627f43bbbd238895502402d942a6cfd amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/l/lcms/liblcms1-dev_1.13-1ubuntu0.1_amd64.deb Size/MD5: 136682 f085666f76c9bf1a53942baa18b8e052 http://security.ubuntu.com/ubuntu/pool/main/l/lcms/liblcms1_1.13-1ubuntu0.1_amd64.deb Size/MD5: 129070 e50c4bfb5b0e32ec7f3da1ce9e1ee21f http://security.ubuntu.com/ubuntu/pool/universe/l/lcms/liblcms-utils_1.13-1ubuntu0.1_amd64.deb Size/MD5: 40296 5c58c601e0d9802394cf25b33319b2c9 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/l/lcms/liblcms1-dev_1.13-1ubuntu0.1_i386.deb Size/MD5: 123518 fd6961be0da7aaf2e2dcb8257d3787da http://security.ubuntu.com/ubuntu/pool/main/l/lcms/liblcms1_1.13-1ubuntu0.1_i386.deb Size/MD5: 118222 86dcc1004a11232740c2d6d6903f02a4 http://security.ubuntu.com/ubuntu/pool/universe/l/lcms/liblcms-utils_1.13-1ubuntu0.1_i386.deb Size/MD5: 37112 d4ffa7a920a4e4aba5f8d197d1ad14f0 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/l/lcms/liblcms1-dev_1.13-1ubuntu0.1_powerpc.deb Size/MD5: 130806 3da85714083d3d4f1252ae0b1b1fe6e3 http://security.ubuntu.com/ubuntu/pool/main/l/lcms/liblcms1_1.13-1ubuntu0.1_powerpc.deb Size/MD5: 131834 38aba2a645449be653dd11be439afcce http://security.ubuntu.com/ubuntu/pool/universe/l/lcms/liblcms-utils_1.13-1ubuntu0.1_powerpc.deb Size/MD5: 44136 04799ca5393e6acc70592f648b6b846a sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/l/lcms/liblcms1-dev_1.13-1ubuntu0.1_sparc.deb Size/MD5: 133960 ab907a81dcb99819e9d125b76a34742c http://security.ubuntu.com/ubuntu/pool/main/l/lcms/liblcms1_1.13-1ubuntu0.1_sparc.deb Size/MD5: 124964 42864911b8a3f680a7aae8d28701a6c1 http://security.ubuntu.com/ubuntu/pool/universe/l/lcms/liblcms-utils_1.13-1ubuntu0.1_sparc.deb Size/MD5: 38498 5d040f607c0ec6d411349b0d27b52e73 --48TaNjbzBVislYPb Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Kees Cook <kees@outflux.net.> iEYEARECAAYFAkj01bcACgkQH/9LqRcGPm3TcACghKI6Y4hKQm5RvJ9G2QlHxuI8 mnsAn3hmwtfSw7DPin2n1ITAcdgB4UpT =0fkh -----END PGP SIGNATURE----- --48TaNjbzBVislYPb--

<< Previous INDEX Search src / Print Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру