From:
[email protected]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------ Debian Security Advisory DSA-1745-1
[email protected] http://www.debian.org/security/ Steffen Joeris
March 20, 2009
http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : lcms
Vulnerability : several vulnerabilities
Problem type : local (remote)
Debian-specific: no
CVE Ids : CVE-2009-0581 CVE-2009-0723 CVE-2009-0733
Several security issues have been discovered in lcms, a color management library. The Common Vulnerabilities and Exposures project identifies
the following problems:
CVE-2009-0581
Chris Evans discovered that lcms is affected by a memory leak, which
could result in a denial of service via specially crafted image files.
CVE-2009-0723
Chris Evans discovered that lcms is prone to several integer overflows
via specially crafted image files, which could lead to the execution of arbitrary code.
CVE-2009-0733
Chris Evans discovered the lack of upper-gounds check on sizes leading
to a buffer overflow, which could be used to execute arbitrary code.
For the stable distribution (lenny), these problems have been fixed in
version 1.17.dfsg-1+lenny1.
For the oldstable distribution (etch), these problems have been fixed
in version 1.15-1.1+etch2.
For the testing distribution (squeeze) and the unstable distribution
(sid), these problems will be fixed soon.
We recommend that you upgrade your lcms packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Debian (oldstable)
- ------------------
Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/l/lcms/lcms_1.15.orig.tar.gz
Size/MD5 checksum: 791543 95a710dc757504f6b02677c1fab68e73
http://security.debian.org/pool/updates/main/l/lcms/lcms_1.15-1.1+etch2.diff.gz
Size/MD5 checksum: 4632 9a790aa45cdeb69aa46f584689a99f98
http://security.debian.org/pool/updates/main/l/lcms/lcms_1.15-1.1+etch2.dsc
Size/MD5 checksum: 644 d4cb8388b8c902a533506ec16ca63501
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.15-1.1+etch2_alpha.deb
Size/MD5 checksum: 181050 b27152b25309aa9e6ad1c34bb3c26366
http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.15-1.1+etch2_alpha.deb
Size/MD5 checksum: 60202 53d74752d434e3c9ee30aa9129f0a1e8
http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.15-1.1+etch2_alpha.deb
Size/MD5 checksum: 154196 d4fa9270d9a8ca7de7129192ef998506
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.15-1.1+etch2_amd64.deb
Size/MD5 checksum: 149428 30c41aaae075c75890eebc1ce4e5a210
http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.15-1.1+etch2_amd64.deb
Size/MD5 checksum: 141048 0c6fa8d6f1d39976480ffc5a835a998a
http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.15-1.1+etch2_amd64.deb
Size/MD5 checksum: 53166 df6375dd38801b739fbc160e1eb57eaf
arm architecture (ARM)
http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.15-1.1+etch2_arm.deb
Size/MD5 checksum: 136286 d21fb48afe1c612b88a3cc65f6500e44
http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.15-1.1+etch2_arm.deb
Size/MD5 checksum: 51050 1c7d4e76aaf8c7ec7d9090ca04a492f5
http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.15-1.1+etch2_arm.deb
Size/MD5 checksum: 136060 20069a3b809cef749d92da5b0e04c583
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.15-1.1+etch2_hppa.deb
Size/MD5 checksum: 169382 3ed56562edaa688b42cd108a3ac468c3
http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.15-1.1+etch2_hppa.deb
Size/MD5 checksum: 158440 1616cbcfd9e8fcc8f1774b4aabb0bcf9
http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.15-1.1+etch2_hppa.deb
Size/MD5 checksum: 59212 602d13389c04ceba66b5a3f73dfc9f1b
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.15-1.1+etch2_i386.deb
Size/MD5 checksum: 50220 c5d54e09d401fa67c09112d1a63095f1
http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.15-1.1+etch2_i386.deb
Size/MD5 checksum: 144120 8d61daf63bcd2bc55d865713df0e70f1
http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.15-1.1+etch2_i386.deb
Size/MD5 checksum: 138154 6fc69c606a043b5bf111df8054535aa8
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.15-1.1+etch2_ia64.deb
Size/MD5 checksum: 205574 07b6686ad608cec0196b2c9c2498a485
http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.15-1.1+etch2_ia64.deb
Size/MD5 checksum: 78526 9d6a2701a89fc4bfa2a56a44f50f11df
http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.15-1.1+etch2_ia64.deb
Size/MD5 checksum: 196306 3e160f4f09edeb0c24d3e5fcd0ce09b1
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.15-1.1+etch2_mips.deb
Size/MD5 checksum: 173910 dcbde36d08fc2a2b293026b2eaaa67ab
http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.15-1.1+etch2_mips.deb
Size/MD5 checksum: 52050 27ba6a77d1fbb36be26592184b0f6f93
http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.15-1.1+etch2_mips.deb
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)