what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2009-121

Mandriva Linux Security Advisory 2009-121
Posted May 21, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-121 - Multiple security vulnerabilities has been identified and fixed in Little CMS. A memory leak flaw allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted image file. Multiple integer overflows allow remote attackers to execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow. Multiple stack-based buffer overflows allow remote attackers to execute arbitrary code via a crafted image file associated with a large integer value for the (1) input or (2) output channel. A flaw in the transformations of monochrome profiles allows remote attackers to cause denial of service triggered by a NULL pointer dereference via a crafted image file. This update provides fixes for these issues.

tags | advisory, remote, denial of service, overflow, arbitrary, vulnerability, memory leak
systems | linux, mandriva
advisories | CVE-2009-0581, CVE-2009-0723, CVE-2009-0733, CVE-2009-0793
SHA-256 | 128b2e6b39bb8559db988ef3a065a0a1f8e056209cbe8d7fa77bda7e09b9db5f

Mandriva Linux Security Advisory 2009-121

Change Mirror Download

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2009:121
https://www.mandriva.com/security/
_______________________________________________________________________

Package : lcms
Date : May 21, 2009
Affected: 2008.1, 2009.0, 2009.1, Corporate 3.0, Corporate 4.0
_______________________________________________________________________

Problem Description:

Multiple security vulnerabilities has been identified and fixed in
Little cms:

A memory leak flaw allows remote attackers to cause a denial of service
(memory consumption and application crash) via a crafted image file
(CVE-2009-0581).

Multiple integer overflows allow remote attackers to execute arbitrary
code via a crafted image file that triggers a heap-based buffer
overflow (CVE-2009-0723).

Multiple stack-based buffer overflows allow remote attackers to
execute arbitrary code via a crafted image file associated with a large
integer value for the (1) input or (2) output channel (CVE-2009-0733).

A flaw in the transformations of monochrome profiles allows remote
attackers to cause denial of service triggered by a NULL pointer
dereference via a crafted image file (CVE-2009-0793).

This update provides fixes for these issues.
_______________________________________________________________________

References:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0581
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0723
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0733
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0793
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2008.1:
9a7580fe81323030908640bc50ad5627 2008.1/i586/lcms-1.18-0.1mdv2008.1.i586.rpm
a610fd40ca8dfa5a61dbc5aa0273a8ee 2008.1/i586/liblcms1-1.18-0.1mdv2008.1.i586.rpm
8dc0e54d1fe702960377a30485bda276 2008.1/i586/liblcms-devel-1.18-0.1mdv2008.1.i586.rpm
cee6b7b46b9264786e5f400c3df20431 2008.1/i586/python-lcms-1.18-0.1mdv2008.1.i586.rpm
fffadc37bb922b529603b92db03a60f8 2008.1/SRPMS/lcms-1.18-0.1mdv2008.1.src.rpm

Mandriva Linux 2008.1/X86_64:
905dda903e8d3bd75473da0e70f71fce 2008.1/x86_64/lcms-1.18-0.1mdv2008.1.x86_64.rpm
a19547982d852c7573d19af613572146 2008.1/x86_64/lib64lcms1-1.18-0.1mdv2008.1.x86_64.rpm
6b7b47196c922b9ce86378bb7b5eb61d 2008.1/x86_64/lib64lcms-devel-1.18-0.1mdv2008.1.x86_64.rpm
bef4303cf6b191434321d5b9cfd5d9c4 2008.1/x86_64/python-lcms-1.18-0.1mdv2008.1.x86_64.rpm
fffadc37bb922b529603b92db03a60f8 2008.1/SRPMS/lcms-1.18-0.1mdv2008.1.src.rpm

Mandriva Linux 2009.0:
f5bf2caf081de92c5799da37e83f39d0 2009.0/i586/lcms-1.18-0.1mdv2009.0.i586.rpm
85f6bbbbefbec9d3490a4c3fbdf9c231 2009.0/i586/liblcms1-1.18-0.1mdv2009.0.i586.rpm
5bcd989e9fedc7ee8c526cfd3d00fd65 2009.0/i586/liblcms-devel-1.18-0.1mdv2009.0.i586.rpm
6caf8993f41da57e0e158aa554354ccf 2009.0/i586/python-lcms-1.18-0.1mdv2009.0.i586.rpm
2c0d76ae5dfc1a23187c29f9fd273095 2009.0/SRPMS/lcms-1.18-0.1mdv2009.0.src.rpm

Mandriva Linux 2009.0/X86_64:
dd6a45fc122f1ef0011a8359d932227b 2009.0/x86_64/lcms-1.18-0.1mdv2009.0.x86_64.rpm
de681b3655fef3bfcf9856280053b50d 2009.0/x86_64/lib64lcms1-1.18-0.1mdv2009.0.x86_64.rpm
a91bcf179c1131d0fe60a9d73bdad9ac 2009.0/x86_64/lib64lcms-devel-1.18-0.1mdv2009.0.x86_64.rpm
4260c271642bc12a5f79ab5a3220f5f3 2009.0/x86_64/python-lcms-1.18-0.1mdv2009.0.x86_64.rpm
2c0d76ae5dfc1a23187c29f9fd273095 2009.0/SRPMS/lcms-1.18-0.1mdv2009.0.src.rpm

Mandriva Linux 2009.1:
a02457ee1cc925a81fc0a77ac9b98c24 2009.1/i586/lcms-1.18-1.1mdv2009.1.i586.rpm
d6c2717a575aeb525648263e95625c2f 2009.1/i586/liblcms1-1.18-1.1mdv2009.1.i586.rpm
8e087ea8d40a2aa6e8d9dfa2dd0950c1 2009.1/i586/liblcms-devel-1.18-1.1mdv2009.1.i586.rpm
98f26f39aa5640e222466cdcf6ed24f6 2009.1/i586/python-lcms-1.18-1.1mdv2009.1.i586.rpm
32b9e76718ef78efbbe7a597fd4bdb06 2009.1/SRPMS/lcms-1.18-1.1mdv2009.1.src.rpm

Mandriva Linux 2009.1/X86_64:
b4aace6b015870306b4c1c8d2adcefe2 2009.1/x86_64/lcms-1.18-1.1mdv2009.1.x86_64.rpm
f05c6dab9d818b0602efa75a929a171a 2009.1/x86_64/lib64lcms1-1.18-1.1mdv2009.1.x86_64.rpm
4d1a1e554c33d73173bc5930fc1a92f6 2009.1/x86_64/lib64lcms-devel-1.18-1.1mdv2009.1.x86_64.rpm
194fc36923e4914fb27c40af8dc80c7a 2009.1/x86_64/python-lcms-1.18-1.1mdv2009.1.x86_64.rpm
32b9e76718ef78efbbe7a597fd4bdb06 2009.1/SRPMS/lcms-1.18-1.1mdv2009.1.src.rpm

Corporate 3.0:
1ace45d4de049e1d52a91c5fe84e17b5 corporate/3.0/i586/liblcms1-1.10-1.2.C30mdk.i586.rpm
b59d77bd5a8ed230a2a2bc6bfbfeaa8c corporate/3.0/i586/liblcms1-devel-1.10-1.2.C30mdk.i586.rpm
ee53e5c9feee02e5289561db727858e7 corporate/3.0/SRPMS/liblcms-1.10-1.2.C30mdk.src.rpm

Corporate 3.0/X86_64:
32db1a46a9820ed9661ac8827e57e8c6 corporate/3.0/x86_64/lib64lcms1-1.10-1.2.C30mdk.x86_64.rpm
746aa607bad4b1905a74d002118bdf56 corporate/3.0/x86_64/lib64lcms1-devel-1.10-1.2.C30mdk.x86_64.rpm
ee53e5c9feee02e5289561db727858e7 corporate/3.0/SRPMS/liblcms-1.10-1.2.C30mdk.src.rpm

Corporate 4.0:
24361175b29470601a26390c8fa3080d corporate/4.0/i586/liblcms1-1.14-1.2.20060mlcs4.i586.rpm
2caf72d253d56cf51cebfcaba3560eee corporate/4.0/i586/liblcms1-devel-1.14-1.2.20060mlcs4.i586.rpm
a40dbfb4e5a44e09f101e9e6f8d62c17 corporate/4.0/SRPMS/liblcms-1.14-1.2.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
642ce065be2e8f7a2dd78c1bf9f01652 corporate/4.0/x86_64/lib64lcms1-1.14-1.2.20060mlcs4.x86_64.rpm
013930f39a842e899e93ca570a06f339 corporate/4.0/x86_64/lib64lcms1-devel-1.14-1.2.20060mlcs4.x86_64.rpm
a40dbfb4e5a44e09f101e9e6f8d62c17 corporate/4.0/SRPMS/liblcms-1.14-1.2.20060mlcs4.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

https://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFKFZjvmqjQ0CJFipgRAkeFAJ9ykO79nVFB8pNFu6GP5pHU2+pq4gCgunzs
+XW2vViKxpqHnmeM+tTFN4s=
=wTDp
-----END PGP SIGNATURE-----

Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    17 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close