lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20081218001250.GV9250@outflux.net>
Date: Wed, 17 Dec 2008 16:12:50 -0800
From: Kees Cook <kees@...ntu.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-693-1] LittleCMS vulnerability

===========================================================
Ubuntu Security Notice USN-693-1          December 17, 2008
LittleCMS vulnerability
CVE-2008-5317
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 7.10
Ubuntu 8.04 LTS
Ubuntu 8.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 7.10:
  liblcms1                        1.16-5ubuntu3.1

Ubuntu 8.04 LTS:
  liblcms1                        1.16-7ubuntu1.1

Ubuntu 8.10:
  liblcms1                        1.16-10ubuntu0.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

It was discovered that certain gamma operations in lcms were not
correctly bounds-checked.  If a user or automated system were tricked into
processing a malicious image, a remote attacker could crash applications
linked against liblcms1, leading to a denial of service, or possibly
execute arbitrary code with user privileges.


Updated packages for Ubuntu 7.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/l/lcms/lcms_1.16-5ubuntu3.1.diff.gz
      Size/MD5:    22270 1b07d069f29de87c948d397bb60f1c63
    http://security.ubuntu.com/ubuntu/pool/main/l/lcms/lcms_1.16-5ubuntu3.1.dsc
      Size/MD5:     1053 52d8cf3618b1d68c4d847807145ff300
    http://security.ubuntu.com/ubuntu/pool/main/l/lcms/lcms_1.16.orig.tar.gz
      Size/MD5:   911546 b07b623f3e712373ff713fb32cf23651

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/l/lcms/liblcms1-dev_1.16-5ubuntu3.1_amd64.deb
      Size/MD5:   674464 3ea01d1fb1e43a689d5aafe150702755
    http://security.ubuntu.com/ubuntu/pool/main/l/lcms/liblcms1_1.16-5ubuntu3.1_amd64.deb
      Size/MD5:   104172 ebeeb2d5b7dfc5df6cd759900d29f1bd
    http://security.ubuntu.com/ubuntu/pool/universe/l/lcms/liblcms-utils_1.16-5ubuntu3.1_amd64.deb
      Size/MD5:    58010 cfc5b383ff04d603270e5e129a100a35
    http://security.ubuntu.com/ubuntu/pool/universe/l/lcms/python-liblcms_1.16-5ubuntu3.1_amd64.deb
      Size/MD5:   160770 6ada95ac551daf18adf83eb0274eb15a

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/l/lcms/liblcms1-dev_1.16-5ubuntu3.1_i386.deb
      Size/MD5:   625654 5bca706031d3f2150a08ae8d4f252b5d
    http://security.ubuntu.com/ubuntu/pool/main/l/lcms/liblcms1_1.16-5ubuntu3.1_i386.deb
      Size/MD5:    98032 520b7d9b6f4e9ad58974ea574c594640
    http://security.ubuntu.com/ubuntu/pool/universe/l/lcms/liblcms-utils_1.16-5ubuntu3.1_i386.deb
      Size/MD5:    54488 fa816dc4c97ffc22d8200d390ccbfdc3
    http://security.ubuntu.com/ubuntu/pool/universe/l/lcms/python-liblcms_1.16-5ubuntu3.1_i386.deb
      Size/MD5:   151868 6a9d8575a81353384712b8b890c5d3db

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/l/lcms/liblcms1-dev_1.16-5ubuntu3.1_lpia.deb
      Size/MD5:   627708 35acd977e4ca7c9ba06c5a19d708f6a5
    http://ports.ubuntu.com/pool/main/l/lcms/liblcms1_1.16-5ubuntu3.1_lpia.deb
      Size/MD5:    96818 483f473b4ec36e5baa6cbd87644fb0db
    http://ports.ubuntu.com/pool/universe/l/lcms/liblcms-utils_1.16-5ubuntu3.1_lpia.deb
      Size/MD5:    54790 10144bba21291ab939b0cbdcc82b39a8
    http://ports.ubuntu.com/pool/universe/l/lcms/python-liblcms_1.16-5ubuntu3.1_lpia.deb
      Size/MD5:   148288 d638ba9bac48029ab63942b76086f9ec

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/l/lcms/liblcms1-dev_1.16-5ubuntu3.1_powerpc.deb
      Size/MD5:   763170 75eb4df9ffc2343940521d61386232d8
    http://security.ubuntu.com/ubuntu/pool/main/l/lcms/liblcms1_1.16-5ubuntu3.1_powerpc.deb
      Size/MD5:   114370 0f56f9006b051e3f90ac255242ed55da
    http://security.ubuntu.com/ubuntu/pool/universe/l/lcms/liblcms-utils_1.16-5ubuntu3.1_powerpc.deb
      Size/MD5:    71750 313ced524c05c5b5524a43a6fe00b3b9
    http://security.ubuntu.com/ubuntu/pool/universe/l/lcms/python-liblcms_1.16-5ubuntu3.1_powerpc.deb
      Size/MD5:   169576 99c75e89acf4c53d2da192131832ab61

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/l/lcms/liblcms1-dev_1.16-5ubuntu3.1_sparc.deb
      Size/MD5:   657440 32a668d688b45caf1b576d375067bab4
    http://security.ubuntu.com/ubuntu/pool/main/l/lcms/liblcms1_1.16-5ubuntu3.1_sparc.deb
      Size/MD5:   100078 272239660086573a11e9117150e990a4
    http://security.ubuntu.com/ubuntu/pool/universe/l/lcms/liblcms-utils_1.16-5ubuntu3.1_sparc.deb
      Size/MD5:    58090 d337f0c2012f27b06923b7e3bcc151a7
    http://security.ubuntu.com/ubuntu/pool/universe/l/lcms/python-liblcms_1.16-5ubuntu3.1_sparc.deb
      Size/MD5:   160136 8b597e2f473e0df9a1d945f0e442940b

Updated packages for Ubuntu 8.04 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/l/lcms/lcms_1.16-7ubuntu1.1.diff.gz
      Size/MD5:    22469 fcf92c912c23a981e7e876e954d8744d
    http://security.ubuntu.com/ubuntu/pool/main/l/lcms/lcms_1.16-7ubuntu1.1.dsc
      Size/MD5:     1053 cf6e6b3ad7d4d531db951e64c96fa6ce
    http://security.ubuntu.com/ubuntu/pool/main/l/lcms/lcms_1.16.orig.tar.gz
      Size/MD5:   911546 b07b623f3e712373ff713fb32cf23651

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/l/lcms/liblcms1-dev_1.16-7ubuntu1.1_amd64.deb
      Size/MD5:   670458 389170d9ba5385e3b87abd7fea8f250b
    http://security.ubuntu.com/ubuntu/pool/main/l/lcms/liblcms1_1.16-7ubuntu1.1_amd64.deb
      Size/MD5:   101744 1cdd5f38017276817630c69944817b93
    http://security.ubuntu.com/ubuntu/pool/universe/l/lcms/liblcms-utils_1.16-7ubuntu1.1_amd64.deb
      Size/MD5:    58356 c0fefad25646dcb4e7f93159c42e6bcc
    http://security.ubuntu.com/ubuntu/pool/universe/l/lcms/python-liblcms_1.16-7ubuntu1.1_amd64.deb
      Size/MD5:   160436 b91c09489730b424726d26dfd8a4fe79

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/l/lcms/liblcms1-dev_1.16-7ubuntu1.1_i386.deb
      Size/MD5:   622152 844db5648952349416359497203ed5e1
    http://security.ubuntu.com/ubuntu/pool/main/l/lcms/liblcms1_1.16-7ubuntu1.1_i386.deb
      Size/MD5:    95466 e7d24a75c74c87e420f911d7365b07dc
    http://security.ubuntu.com/ubuntu/pool/universe/l/lcms/liblcms-utils_1.16-7ubuntu1.1_i386.deb
      Size/MD5:    54672 70c3a777cd083539ea74ba1e1564ab31
    http://security.ubuntu.com/ubuntu/pool/universe/l/lcms/python-liblcms_1.16-7ubuntu1.1_i386.deb
      Size/MD5:   151552 b6d5ab5fea28164ee431f2b453677519

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/l/lcms/liblcms1-dev_1.16-7ubuntu1.1_lpia.deb
      Size/MD5:   627770 b95154ae17f67303fa343c5e54a8c9af
    http://ports.ubuntu.com/pool/main/l/lcms/liblcms1_1.16-7ubuntu1.1_lpia.deb
      Size/MD5:    94872 53b3adcbc246094250ec98163a46b573
    http://ports.ubuntu.com/pool/universe/l/lcms/liblcms-utils_1.16-7ubuntu1.1_lpia.deb
      Size/MD5:    55092 350254ecdd74305e75127fb3f9e8dd79
    http://ports.ubuntu.com/pool/universe/l/lcms/python-liblcms_1.16-7ubuntu1.1_lpia.deb
      Size/MD5:   148254 2cd35a66c405452243b4a38b0a1e4453

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/l/lcms/liblcms1-dev_1.16-7ubuntu1.1_powerpc.deb
      Size/MD5:   755162 40848281cf1cb5f3bf5c122a7783e391
    http://ports.ubuntu.com/pool/main/l/lcms/liblcms1_1.16-7ubuntu1.1_powerpc.deb
      Size/MD5:   110340 df518facbac1fa8fa3552b44057bc548
    http://ports.ubuntu.com/pool/universe/l/lcms/liblcms-utils_1.16-7ubuntu1.1_powerpc.deb
      Size/MD5:    71892 caa429129d946b7213880e57c0f61b84
    http://ports.ubuntu.com/pool/universe/l/lcms/python-liblcms_1.16-7ubuntu1.1_powerpc.deb
      Size/MD5:   168896 ca6554614940fced2f6f802e8eb77750

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/l/lcms/liblcms1-dev_1.16-7ubuntu1.1_sparc.deb
      Size/MD5:   654668 782d69b57421c081f2016fd9dad8b43d
    http://ports.ubuntu.com/pool/main/l/lcms/liblcms1_1.16-7ubuntu1.1_sparc.deb
      Size/MD5:    98028 3661278c58ed7be1aa7fa65d4ec49203
    http://ports.ubuntu.com/pool/universe/l/lcms/liblcms-utils_1.16-7ubuntu1.1_sparc.deb
      Size/MD5:    57514 71726d5636e96491a3a3fdc1600743b7
    http://ports.ubuntu.com/pool/universe/l/lcms/python-liblcms_1.16-7ubuntu1.1_sparc.deb
      Size/MD5:   159470 25cdabf9bf9b16771588d58d42503007

Updated packages for Ubuntu 8.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/l/lcms/lcms_1.16-10ubuntu0.1.diff.gz
      Size/MD5:    29404 eacd820823911007b6b21265abdae350
    http://security.ubuntu.com/ubuntu/pool/main/l/lcms/lcms_1.16-10ubuntu0.1.dsc
      Size/MD5:     1392 c16d4901c439d15942787ce7b9ac6cfb
    http://security.ubuntu.com/ubuntu/pool/main/l/lcms/lcms_1.16.orig.tar.gz
      Size/MD5:   911546 b07b623f3e712373ff713fb32cf23651

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/l/lcms/liblcms1-dev_1.16-10ubuntu0.1_amd64.deb
      Size/MD5:   197204 4b79b0c8731fdf766005eaff996150dc
    http://security.ubuntu.com/ubuntu/pool/main/l/lcms/liblcms1_1.16-10ubuntu0.1_amd64.deb
      Size/MD5:   106476 5ecee5ef79c27485f1b0129b9d4c1b93
    http://security.ubuntu.com/ubuntu/pool/universe/l/lcms/liblcms-utils_1.16-10ubuntu0.1_amd64.deb
      Size/MD5:    59174 401a56d3d9cd7bab04a10c6b2cd33365
    http://security.ubuntu.com/ubuntu/pool/universe/l/lcms/python-liblcms_1.16-10ubuntu0.1_amd64.deb
      Size/MD5:   158102 9efb209d3c595f41f66d7d26ad8e3588

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/l/lcms/liblcms1-dev_1.16-10ubuntu0.1_i386.deb
      Size/MD5:   191302 98aba1dab86b168b6e951f6f3956b5ba
    http://security.ubuntu.com/ubuntu/pool/main/l/lcms/liblcms1_1.16-10ubuntu0.1_i386.deb
      Size/MD5:    99828 7845d9d8f2fbfa21ee32c3729c2d9868
    http://security.ubuntu.com/ubuntu/pool/universe/l/lcms/liblcms-utils_1.16-10ubuntu0.1_i386.deb
      Size/MD5:    55068 5efbdd09f294552f6ccabd0e5629c3a2
    http://security.ubuntu.com/ubuntu/pool/universe/l/lcms/python-liblcms_1.16-10ubuntu0.1_i386.deb
      Size/MD5:   150090 7666a4cbf4388488b619197f64330064

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/l/lcms/liblcms1-dev_1.16-10ubuntu0.1_lpia.deb
      Size/MD5:   187792 8a3293477e04f876ff7c75564536be6b
    http://ports.ubuntu.com/pool/main/l/lcms/liblcms1_1.16-10ubuntu0.1_lpia.deb
      Size/MD5:    98944 79a6c1e8506d75c4dbd35e3e0a4503c9
    http://ports.ubuntu.com/pool/universe/l/lcms/liblcms-utils_1.16-10ubuntu0.1_lpia.deb
      Size/MD5:    55426 28af10c678fd5115a92eba1c163ae720
    http://ports.ubuntu.com/pool/universe/l/lcms/python-liblcms_1.16-10ubuntu0.1_lpia.deb
      Size/MD5:   144842 f33dbd92568f48569d8f94bfa26c51f8

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/l/lcms/liblcms1-dev_1.16-10ubuntu0.1_powerpc.deb
      Size/MD5:   196914 012cf48172fedf8948325e3a256e9af2
    http://ports.ubuntu.com/pool/main/l/lcms/liblcms1_1.16-10ubuntu0.1_powerpc.deb
      Size/MD5:   112694 47dae0b542510d60b1b09d88c5cef85e
    http://ports.ubuntu.com/pool/universe/l/lcms/liblcms-utils_1.16-10ubuntu0.1_powerpc.deb
      Size/MD5:    71708 b6cfa22b59f238b33a9910a7883784cf
    http://ports.ubuntu.com/pool/universe/l/lcms/python-liblcms_1.16-10ubuntu0.1_powerpc.deb
      Size/MD5:   165428 b390b6ee91a623610fe31af830238711

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/l/lcms/liblcms1-dev_1.16-10ubuntu0.1_sparc.deb
      Size/MD5:   194928 32851f26520fcf3c9648262ef8e9f789
    http://ports.ubuntu.com/pool/main/l/lcms/liblcms1_1.16-10ubuntu0.1_sparc.deb
      Size/MD5:   100278 41519fa060778d9262e9a1213f6f5377
    http://ports.ubuntu.com/pool/universe/l/lcms/liblcms-utils_1.16-10ubuntu0.1_sparc.deb
      Size/MD5:    60870 fe6c4d54bda7e4666ab6204dd298941c
    http://ports.ubuntu.com/pool/universe/l/lcms/python-liblcms_1.16-10ubuntu0.1_sparc.deb
      Size/MD5:   157904 1fe77086778f73964b4caa015182003e


Download attachment "signature.asc" of type "application/pgp-signature" (236 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ