From:
[email protected]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------ Debian Security Advisory DSA-1684
[email protected] http://www.debian.org/security/ Devin Carraway December 10, 2008
http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : lcms
Vulnerability : multiple vulnerabilities
Problem type : local (remote)
Debian-specific: no
CVE Id(s) : CVE-2008-5316 CVE-2008-5317
Two vulnerabilities have been found in lcms, a library and set of
commandline utilities for image color management. The Common
Vulnerabilities and Exposures project identifies the following
problems:
CVE-2008-5316
Inadequate enforcement of fixed-length buffer limits allows an
attacker to overflow a buffer on the stack, potentially enabling
the execution of arbitrary code when a maliciously-crafted
image is opened.
CVS-2008-5317
An integer sign error in reading image gamma data could allow an
attacker to cause an under-sized buffer to be allocated for
subsequent image data, with unknown consequences potentially
including the execution of arbitrary code if a maliciously-crafted
image is opened.
For the stable distribution (etch), these problems have been fixed in
version 1.14-1.1+etch1.
For the upcoming stable distribution (lenny), and the unstable
distribution (sid), these problems are fixed in version 1.17.dfsg-1.
We recommend that you upgrade your lcms packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Debian (stable)
- ---------------
Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/l/lcms/lcms_1.15-1.1+etch1.diff.gz
Size/MD5 checksum: 2000 10fb445280ea38542701017292ffb1ca
http://security.debian.org/pool/updates/main/l/lcms/lcms_1.15.orig.tar.gz
Size/MD5 checksum: 791543 95a710dc757504f6b02677c1fab68e73
http://security.debian.org/pool/updates/main/l/lcms/lcms_1.15-1.1+etch1.dsc
Size/MD5 checksum: 636 188344016765736e5690a669a6dce88b
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.15-1.1+etch1_alpha.deb
Size/MD5 checksum: 179622 a64aa233ae03aa942c34e28af411f5fe
http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.15-1.1+etch1_alpha.deb
Size/MD5 checksum: 153452 12b7bbd297ef50a85f19da90d1c4f30f
http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.15-1.1+etch1_alpha.deb
Size/MD5 checksum: 61580 a821798d40f1d0990a053b825db129a8
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.15-1.1+etch1_amd64.deb
Size/MD5 checksum: 53284 7eb60db022f80565251a0e4d9cadd8b2
http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.15-1.1+etch1_amd64.deb
Size/MD5 checksum: 140288 2b3fa89b3757f0431e2ab3e44f7d1c08
http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.15-1.1+etch1_amd64.deb
Size/MD5 checksum: 147692 e8be34ecb4af9f7cfe1e51c759fc2c27
arm architecture (ARM)
http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.15-1.1+etch1_arm.deb
Size/MD5 checksum: 135546 523110a99549778b3a5a9ddf38b381e5
http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.15-1.1+etch1_arm.deb
Size/MD5 checksum: 135376 0e4f0fabbc9a04bc593f1887a1bcf35f
http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.15-1.1+etch1_arm.deb
Size/MD5 checksum: 50962 7f38a7371ca57f25080f227a3a3b373a
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.15-1.1+etch1_hppa.deb
Size/MD5 checksum: 168420 e5aab4f34d88b9f8aefd43fed5f2fe78
http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.15-1.1+etch1_hppa.deb
Size/MD5 checksum: 59120 88bf9add52df55b353d0d26508486a96
http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.15-1.1+etch1_hppa.deb
Size/MD5 checksum: 157652 30f8396d4f78363befd2e0d72b9e56a8
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.15-1.1+etch1_i386.deb
Size/MD5 checksum: 137296 46695836065eb7b734e02706191872f7
http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.15-1.1+etch1_i386.deb
Size/MD5 checksum: 50592 4a0ca0dc60e6e212bf3692b2785b088b
http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.15-1.1+etch1_i386.deb
Size/MD5 checksum: 143282 850ff5b97f347775c1daad08280a5b38
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.15-1.1+etch1_ia64.deb
Size/MD5 checksum: 204162 abd829e3c02d54dc911aa4abe343e377
http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.15-1.1+etch1_ia64.deb
Size/MD5 checksum: 195094 5766c05fb15abe32d908f7b607464bb7
http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.15-1.1+etch1_ia64.deb
Size/MD5 checksum: 78422 6176b8abb40f4dc50ed80472fe835fa5
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.15-1.1+etch1_mips.deb
Size/MD5 checksum: 51508 20274ee9af873cf1760fad77d4cb5720
http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.15-1.1+etch1_mips.deb
Size/MD5 checksum: 172570 4dc3f233db7f2c15b26b39a04e7dd1ba
http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.15-1.1+etch1_mips.deb
Size/MD5 checksum: 149190 db10ac87adfd9698890428f3119045fd
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.15-1.1+etch1_mipsel.deb
Size/MD5 checksum: 150390 62a81236533a4b708919367d5939d34c
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)