drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Pufferüberlauf in LittleCMS
| Name: |
Pufferüberlauf in LittleCMS |
|
| ID: |
USN-652-1 |
|
| Distribution: |
Ubuntu |
|
| Plattformen: |
Ubuntu 6.06 |
|
| Datum: |
Di, 14. Oktober 2008, 19:28 |
|
| Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2741 |
|
| Applikationen: |
Little CMS |
|
Originalnachricht |
--===============7377892665869335572==
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature";
boundary="48TaNjbzBVislYPb"
Content-Disposition: inline
--48TaNjbzBVislYPb
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
===========================================================
Ubuntu Security Notice USN-652-1 October 14, 2008
lcms vulnerability
CVE-2007-2741
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
liblcms1 1.13-1ubuntu0.1
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
Chris Evans discovered that certain ICC operations in lcms were not
correctly bounds-checked. If a user or automated system were tricked
into processing an image with malicious ICC tags, a remote attacker could
crash applications linked against liblcms1, leading to a denial of service,
or possibly execute arbitrary code with user privileges.
Updated packages for Ubuntu 6.06 LTS:
Source archives:
lcms_1.13-1ubuntu0.1.diff.gz
Size/MD5: 13103 4617c440a02960e1f962a88c1c21a9cc
http://security.ubuntu.com/ubuntu/pool/main/l/lcms/lcms_1.13-1ubuntu0.1.dsc
Size/MD5: 685 507f6385801f19716737a5089d33116d
http://security.ubuntu.com/ubuntu/pool/main/l/lcms/lcms_1.13.orig.tar.gz
Size/MD5: 585735 e627f43bbbd238895502402d942a6cfd
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
liblcms1-dev_1.13-1ubuntu0.1_amd64.deb
Size/MD5: 136682 f085666f76c9bf1a53942baa18b8e052
liblcms1_1.13-1ubuntu0.1_amd64.deb
Size/MD5: 129070 e50c4bfb5b0e32ec7f3da1ce9e1ee21f
liblcms-utils_1.13-1ubuntu0.1_amd64.deb
Size/MD5: 40296 5c58c601e0d9802394cf25b33319b2c9
i386 architecture (x86 compatible Intel/AMD):
liblcms1-dev_1.13-1ubuntu0.1_i386.deb
Size/MD5: 123518 fd6961be0da7aaf2e2dcb8257d3787da
liblcms1_1.13-1ubuntu0.1_i386.deb
Size/MD5: 118222 86dcc1004a11232740c2d6d6903f02a4
liblcms-utils_1.13-1ubuntu0.1_i386.deb
Size/MD5: 37112 d4ffa7a920a4e4aba5f8d197d1ad14f0
powerpc architecture (Apple Macintosh G3/G4/G5):
liblcms1-dev_1.13-1ubuntu0.1_powerpc.deb
Size/MD5: 130806 3da85714083d3d4f1252ae0b1b1fe6e3
liblcms1_1.13-1ubuntu0.1_powerpc.deb
Size/MD5: 131834 38aba2a645449be653dd11be439afcce
liblcms-utils_1.13-1ubuntu0.1_powerpc.deb
Size/MD5: 44136 04799ca5393e6acc70592f648b6b846a
sparc architecture (Sun SPARC/UltraSPARC):
liblcms1-dev_1.13-1ubuntu0.1_sparc.deb
Size/MD5: 133960 ab907a81dcb99819e9d125b76a34742c
liblcms1_1.13-1ubuntu0.1_sparc.deb
Size/MD5: 124964 42864911b8a3f680a7aae8d28701a6c1
liblcms-utils_1.13-1ubuntu0.1_sparc.deb
Size/MD5: 38498 5d040f607c0ec6d411349b0d27b52e73
--48TaNjbzBVislYPb
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Kees Cook <kees@outflux.net>
iEYEARECAAYFAkj01bcACgkQH/9LqRcGPm3TcACghKI6Y4hKQm5RvJ9G2QlHxuI8
mnsAn3hmwtfSw7DPin2n1ITAcdgB4UpT
=0fkh
-----END PGP SIGNATURE-----
--48TaNjbzBVislYPb--
--===============7377892665869335572==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============7377892665869335572==--
|
|
|
|
