Säkerhetsbulletin från Debian
DSA-1684-1 lcms -- flera sårbarheter
- Rapporterat den:
- 2008-12-10
- Berörda paket:
- lcms
- Sårbara:
- Ja
- Referenser i säkerhetsdatabaser:
- I Mitres CVE-förteckning: CVE-2008-5316, CVE-2008-5317.
- Ytterligare information:
-
Två sårbarheter har upptäckts i lcms, ett bibliotek och en uppsättning kommandoradsverktyg för bildfärgshantering. Projektet Common Vulnerabilities and Exposures identifierar följande problem:
- CVE-2008-5316
Otillräckligt upprätthållande av fixlängsbuffertgränser tillåter en angripare att skapa ett buffertspill på stacken, vilket kan möjliggöra exekvering av godtycklig kod när en specialskriven bild öppnas.
- CVS-2008-5317
Ett heltalsteckenfel vid läsning av en bilds gammadata kunde tillåta en angripare att göra så att en underdimensionerad buffert allokerades för efterföljande bilddata, med okända konsekvenser och som möjligen kan tillåta exekvering av godtycklig kod om en specialskriven bild öppnas.
För den stabila utgåvan (Etch) har dessa problem rättats i version 1.15-1.1+etch1.
För den kommande stabila utgåvan (Lenny) och den instabila utgåvan (Sid) har dessa problem rättats i version 1.17.dfsg-1.
Vi rekommenderar att ni uppgraderar era lcms-paket.
- CVE-2008-5316
- Rättat i:
-
Debian GNU/Linux 4.0 (etch)
- Källkod:
- http://security.debian.org/pool/updates/main/l/lcms/lcms_1.15-1.1+etch1.diff.gz
- http://security.debian.org/pool/updates/main/l/lcms/lcms_1.15.orig.tar.gz
- http://security.debian.org/pool/updates/main/l/lcms/lcms_1.15-1.1+etch1.dsc
- http://security.debian.org/pool/updates/main/l/lcms/lcms_1.15.orig.tar.gz
- Alpha:
- http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.15-1.1+etch1_alpha.deb
- http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.15-1.1+etch1_alpha.deb
- http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.15-1.1+etch1_alpha.deb
- http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.15-1.1+etch1_alpha.deb
- AMD64:
- http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.15-1.1+etch1_amd64.deb
- http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.15-1.1+etch1_amd64.deb
- http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.15-1.1+etch1_amd64.deb
- http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.15-1.1+etch1_amd64.deb
- ARM:
- http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.15-1.1+etch1_arm.deb
- http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.15-1.1+etch1_arm.deb
- http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.15-1.1+etch1_arm.deb
- http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.15-1.1+etch1_arm.deb
- HP Precision:
- http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.15-1.1+etch1_hppa.deb
- http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.15-1.1+etch1_hppa.deb
- http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.15-1.1+etch1_hppa.deb
- http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.15-1.1+etch1_hppa.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.15-1.1+etch1_i386.deb
- http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.15-1.1+etch1_i386.deb
- http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.15-1.1+etch1_i386.deb
- http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.15-1.1+etch1_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.15-1.1+etch1_ia64.deb
- http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.15-1.1+etch1_ia64.deb
- http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.15-1.1+etch1_ia64.deb
- http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.15-1.1+etch1_ia64.deb
- Big-endian MIPS:
- http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.15-1.1+etch1_mips.deb
- http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.15-1.1+etch1_mips.deb
- http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.15-1.1+etch1_mips.deb
- http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.15-1.1+etch1_mips.deb
- Little-endian MIPS:
- http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.15-1.1+etch1_mipsel.deb
- http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.15-1.1+etch1_mipsel.deb
- http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.15-1.1+etch1_mipsel.deb
- http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.15-1.1+etch1_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.15-1.1+etch1_powerpc.deb
- http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.15-1.1+etch1_powerpc.deb
- http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.15-1.1+etch1_powerpc.deb
- http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.15-1.1+etch1_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.15-1.1+etch1_s390.deb
- http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.15-1.1+etch1_s390.deb
- http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.15-1.1+etch1_s390.deb
- http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.15-1.1+etch1_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.15-1.1+etch1_sparc.deb
- http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.15-1.1+etch1_sparc.deb
- http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.15-1.1+etch1_sparc.deb
- http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.15-1.1+etch1_sparc.deb
MD5-kontrollsummor för dessa filer finns i originalbulletinen.