[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20110112130259.GC3988@nxnw.org>
Date: Wed, 12 Jan 2011 07:02:59 -0600
From: Steve Beattie <sbeattie@...ntu.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-1043-1] Little CMS vulnerability
===========================================================
Ubuntu Security Notice USN-1043-1 January 12, 2011
lcms vulnerability
CVE-2009-0793
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 8.04 LTS
Ubuntu 9.10
Ubuntu 10.04 LTS
Ubuntu 10.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 8.04 LTS:
liblcms1 1.16-7ubuntu1.3
Ubuntu 9.10:
liblcms1 1.18.dfsg-1ubuntu1.1
Ubuntu 10.04 LTS:
liblcms1 1.18.dfsg-1ubuntu2.10.04.1
Ubuntu 10.10:
liblcms1 1.18.dfsg-1ubuntu2.10.10.1
In general, a standard system update will make all the necessary changes.
Details follow:
It was discovered that a NULL pointer dereference in the code for
handling transformations of monochrome profiles could allow an attacker
to cause a denial of service through a specially crafted image.
(CVE-2009-0793)
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/l/lcms/lcms_1.16-7ubuntu1.3.diff.gz
Size/MD5: 26887 e6f7f18b9c8c161cb28b1050ae37a7dc
http://security.ubuntu.com/ubuntu/pool/main/l/lcms/lcms_1.16-7ubuntu1.3.dsc
Size/MD5: 1651 061a51a9590122c929a55f97c9af18fe
http://security.ubuntu.com/ubuntu/pool/main/l/lcms/lcms_1.16.orig.tar.gz
Size/MD5: 911546 b07b623f3e712373ff713fb32cf23651
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/l/lcms/liblcms1-dev_1.16-7ubuntu1.3_amd64.deb
Size/MD5: 670522 387faeb68c6f2905f4d4dc2e92281394
http://security.ubuntu.com/ubuntu/pool/main/l/lcms/liblcms1_1.16-7ubuntu1.3_amd64.deb
Size/MD5: 102812 6c0de134fe6e13d9084017c8a848948a
http://security.ubuntu.com/ubuntu/pool/universe/l/lcms/liblcms-utils_1.16-7ubuntu1.3_amd64.deb
Size/MD5: 58336 faea24641f0e5dc794162a38b8094fbf
http://security.ubuntu.com/ubuntu/pool/universe/l/lcms/python-liblcms_1.16-7ubuntu1.3_amd64.deb
Size/MD5: 160930 658fad1a8975dfa01c7c339f57dedff2
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/l/lcms/liblcms1-dev_1.16-7ubuntu1.3_i386.deb
Size/MD5: 623192 b25d76f8313405e1769b4d90fbedb59c
http://security.ubuntu.com/ubuntu/pool/main/l/lcms/liblcms1_1.16-7ubuntu1.3_i386.deb
Size/MD5: 96346 573a2703a7a72dce8eac9814eefd972e
http://security.ubuntu.com/ubuntu/pool/universe/l/lcms/liblcms-utils_1.16-7ubuntu1.3_i386.deb
Size/MD5: 55076 889cd8eea3a342112ebde9cb1f64ddaa
http://security.ubuntu.com/ubuntu/pool/universe/l/lcms/python-liblcms_1.16-7ubuntu1.3_i386.deb
Size/MD5: 151876 193ce09714ae6406c9cb3fc651f5db37
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/l/lcms/liblcms1-dev_1.16-7ubuntu1.3_lpia.deb
Size/MD5: 629032 f61b32be0b27f2e22a8ba6900adcba69
http://ports.ubuntu.com/pool/main/l/lcms/liblcms1_1.16-7ubuntu1.3_lpia.deb
Size/MD5: 95696 b09d6d68c67b6059af6c1f66cde7532d
http://ports.ubuntu.com/pool/universe/l/lcms/liblcms-utils_1.16-7ubuntu1.3_lpia.deb
Size/MD5: 55482 e03b3e83151acf00e8424be1fa559c27
http://ports.ubuntu.com/pool/universe/l/lcms/python-liblcms_1.16-7ubuntu1.3_lpia.deb
Size/MD5: 148576 eea063a2108327909f558a7557472655
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/l/lcms/liblcms1-dev_1.16-7ubuntu1.3_powerpc.deb
Size/MD5: 756434 602ae82dcfe35b986dc0d6d7b91953b0
http://ports.ubuntu.com/pool/main/l/lcms/liblcms1_1.16-7ubuntu1.3_powerpc.deb
Size/MD5: 111268 ef7755b8247f285f679e19e317107992
http://ports.ubuntu.com/pool/universe/l/lcms/liblcms-utils_1.16-7ubuntu1.3_powerpc.deb
Size/MD5: 72292 4cfe0928f7f1e79300384fea59b547bc
http://ports.ubuntu.com/pool/universe/l/lcms/python-liblcms_1.16-7ubuntu1.3_powerpc.deb
Size/MD5: 169436 4f66b2ebaace414adb1b92c9b30c1130
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/l/lcms/liblcms1-dev_1.16-7ubuntu1.3_sparc.deb
Size/MD5: 655626 d02eadf3af5519883a25e056fdaafce1
http://ports.ubuntu.com/pool/main/l/lcms/liblcms1_1.16-7ubuntu1.3_sparc.deb
Size/MD5: 98876 f9edda48f4d3051452fb694f2f05c1df
http://ports.ubuntu.com/pool/universe/l/lcms/liblcms-utils_1.16-7ubuntu1.3_sparc.deb
Size/MD5: 57910 b32b9a857d42b1b0578d749d166b878e
http://ports.ubuntu.com/pool/universe/l/lcms/python-liblcms_1.16-7ubuntu1.3_sparc.deb
Size/MD5: 159914 d77eeb49466255f257aa1e11cc696a5f
Updated packages for Ubuntu 9.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/l/lcms/lcms_1.18.dfsg-1ubuntu1.1.diff.gz
Size/MD5: 9795 2a5bc68b26b8727643fbb5ea97a74b3b
http://security.ubuntu.com/ubuntu/pool/main/l/lcms/lcms_1.18.dfsg-1ubuntu1.1.dsc
Size/MD5: 2024 cf857a038ae254d4b107c5d81d6cf64b
http://security.ubuntu.com/ubuntu/pool/main/l/lcms/lcms_1.18.dfsg.orig.tar.gz
Size/MD5: 894456 2d4078499413febf56db0bcc1d8d4eb9
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/l/lcms/liblcms1-dev_1.18.dfsg-1ubuntu1.1_amd64.deb
Size/MD5: 202526 6348d916764c5cb8f6382079843f324a
http://security.ubuntu.com/ubuntu/pool/main/l/lcms/liblcms1_1.18.dfsg-1ubuntu1.1_amd64.deb
Size/MD5: 110408 f9c75298dba3171ba1109b1120ad0831
http://security.ubuntu.com/ubuntu/pool/universe/l/lcms/liblcms-utils_1.18.dfsg-1ubuntu1.1_amd64.deb
Size/MD5: 62414 8d3b0a4822016b31a2bb1214a183a75a
http://security.ubuntu.com/ubuntu/pool/universe/l/lcms/python-liblcms_1.18.dfsg-1ubuntu1.1_amd64.deb
Size/MD5: 157812 ab4a2662a35f8909c2c0dfbf35122963
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/l/lcms/liblcms1-dev_1.18.dfsg-1ubuntu1.1_i386.deb
Size/MD5: 195170 5256a4ac32e45fb6e08331b736e25aad
http://security.ubuntu.com/ubuntu/pool/main/l/lcms/liblcms1_1.18.dfsg-1ubuntu1.1_i386.deb
Size/MD5: 103200 583eba21821f02dd1c65a6df84f970c8
http://security.ubuntu.com/ubuntu/pool/universe/l/lcms/liblcms-utils_1.18.dfsg-1ubuntu1.1_i386.deb
Size/MD5: 56996 aaf30568cb8da7faf3a07650445874c7
http://security.ubuntu.com/ubuntu/pool/universe/l/lcms/python-liblcms_1.18.dfsg-1ubuntu1.1_i386.deb
Size/MD5: 151354 13d4ece3945be36a6f440f50195c827b
armel architecture (ARM Architecture):
http://ports.ubuntu.com/pool/main/l/lcms/liblcms1-dev_1.18.dfsg-1ubuntu1.1_armel.deb
Size/MD5: 190306 8d22c071ec2838bb21302efdcbeb626d
http://ports.ubuntu.com/pool/main/l/lcms/liblcms1_1.18.dfsg-1ubuntu1.1_armel.deb
Size/MD5: 102332 2c29a8beaece5d77c988725e7c6b25ee
http://ports.ubuntu.com/pool/universe/l/lcms/liblcms-utils_1.18.dfsg-1ubuntu1.1_armel.deb
Size/MD5: 57332 f4d5286b2a3bc760af9cd5c405dc2d93
http://ports.ubuntu.com/pool/universe/l/lcms/python-liblcms_1.18.dfsg-1ubuntu1.1_armel.deb
Size/MD5: 134906 41d7f494e2ace18cbbf4c3b86fda3359
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/l/lcms/liblcms1-dev_1.18.dfsg-1ubuntu1.1_lpia.deb
Size/MD5: 190880 361076583a35d44798ce89d5638adf91
http://ports.ubuntu.com/pool/main/l/lcms/liblcms1_1.18.dfsg-1ubuntu1.1_lpia.deb
Size/MD5: 101256 bfcb8f35dcefa052b08bbd5e5728ccae
http://ports.ubuntu.com/pool/universe/l/lcms/liblcms-utils_1.18.dfsg-1ubuntu1.1_lpia.deb
Size/MD5: 57728 c4f8b20d28d231af6c16e226c403ffe5
http://ports.ubuntu.com/pool/universe/l/lcms/python-liblcms_1.18.dfsg-1ubuntu1.1_lpia.deb
Size/MD5: 147322 f80f89bd1b6babf76e71f90b86d40e42
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/l/lcms/liblcms1-dev_1.18.dfsg-1ubuntu1.1_powerpc.deb
Size/MD5: 203148 d8506d1f197640d414916324fa4267d5
http://ports.ubuntu.com/pool/main/l/lcms/liblcms1_1.18.dfsg-1ubuntu1.1_powerpc.deb
Size/MD5: 114880 2ed6d9e05b95392506086045306fd3cb
http://ports.ubuntu.com/pool/universe/l/lcms/liblcms-utils_1.18.dfsg-1ubuntu1.1_powerpc.deb
Size/MD5: 59120 b2e59befb313a9aa02a524153529d79a
http://ports.ubuntu.com/pool/universe/l/lcms/python-liblcms_1.18.dfsg-1ubuntu1.1_powerpc.deb
Size/MD5: 165064 0a390a3e26bbbac204169e9a33a8b70f
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/l/lcms/liblcms1-dev_1.18.dfsg-1ubuntu1.1_sparc.deb
Size/MD5: 201662 210aec30d1353f9a3f2d6fb3f1984236
http://ports.ubuntu.com/pool/main/l/lcms/liblcms1_1.18.dfsg-1ubuntu1.1_sparc.deb
Size/MD5: 106348 8621813760664bb1be69ccc10dc193c4
http://ports.ubuntu.com/pool/universe/l/lcms/liblcms-utils_1.18.dfsg-1ubuntu1.1_sparc.deb
Size/MD5: 62910 84de59111b2ffc6af10604c8dbf2f918
http://ports.ubuntu.com/pool/universe/l/lcms/python-liblcms_1.18.dfsg-1ubuntu1.1_sparc.deb
Size/MD5: 157730 2e8617fa92b8fe5a1b3408606e0aedc4
Updated packages for Ubuntu 10.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/l/lcms/lcms_1.18.dfsg-1ubuntu2.10.04.1.diff.gz
Size/MD5: 9897 50c87fff6501f9194d8417254fbeaa00
http://security.ubuntu.com/ubuntu/pool/main/l/lcms/lcms_1.18.dfsg-1ubuntu2.10.04.1.dsc
Size/MD5: 2048 6316f6fdaca98550248d454f218c8aa8
http://security.ubuntu.com/ubuntu/pool/main/l/lcms/lcms_1.18.dfsg.orig.tar.gz
Size/MD5: 894456 2d4078499413febf56db0bcc1d8d4eb9
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/l/lcms/liblcms1-dev_1.18.dfsg-1ubuntu2.10.04.1_amd64.deb
Size/MD5: 202574 4e5ca751960544d924b6121281992160
http://security.ubuntu.com/ubuntu/pool/main/l/lcms/liblcms1_1.18.dfsg-1ubuntu2.10.04.1_amd64.deb
Size/MD5: 110512 5206b4b12680e17805854d22ceda3937
http://security.ubuntu.com/ubuntu/pool/universe/l/lcms/liblcms-utils_1.18.dfsg-1ubuntu2.10.04.1_amd64.deb
Size/MD5: 62666 49174698da1bfbe2d92f81a5ec14d343
http://security.ubuntu.com/ubuntu/pool/universe/l/lcms/python-liblcms_1.18.dfsg-1ubuntu2.10.04.1_amd64.deb
Size/MD5: 160052 9656fec5eb5151ec51aa5d3db5ec99c2
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/l/lcms/liblcms1-dev_1.18.dfsg-1ubuntu2.10.04.1_i386.deb
Size/MD5: 195106 cd26a05adb7ccae9d3d63200d743f788
http://security.ubuntu.com/ubuntu/pool/main/l/lcms/liblcms1_1.18.dfsg-1ubuntu2.10.04.1_i386.deb
Size/MD5: 103198 5c206024aa735e47cc50fd87d475e2e2
http://security.ubuntu.com/ubuntu/pool/universe/l/lcms/liblcms-utils_1.18.dfsg-1ubuntu2.10.04.1_i386.deb
Size/MD5: 57140 4599e95ee9101596195863e723e5093a
http://security.ubuntu.com/ubuntu/pool/universe/l/lcms/python-liblcms_1.18.dfsg-1ubuntu2.10.04.1_i386.deb
Size/MD5: 153566 a11f5a31a4246f0a385e6c9d9ea7ab83
armel architecture (ARM Architecture):
http://ports.ubuntu.com/pool/main/l/lcms/liblcms1-dev_1.18.dfsg-1ubuntu2.10.04.1_armel.deb
Size/MD5: 181894 0c3fe9347b13d10251b14c3d22037275
http://ports.ubuntu.com/pool/main/l/lcms/liblcms1_1.18.dfsg-1ubuntu2.10.04.1_armel.deb
Size/MD5: 97396 a7275c6d01601e9ba3a36c0f46e38dee
http://ports.ubuntu.com/pool/universe/l/lcms/liblcms-utils_1.18.dfsg-1ubuntu2.10.04.1_armel.deb
Size/MD5: 56768 59f92a7982c01a2340547d093930373b
http://ports.ubuntu.com/pool/universe/l/lcms/python-liblcms_1.18.dfsg-1ubuntu2.10.04.1_armel.deb
Size/MD5: 137474 7af33a654f466ffe55554f05b3652bf6
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/l/lcms/liblcms1-dev_1.18.dfsg-1ubuntu2.10.04.1_powerpc.deb
Size/MD5: 203320 1d35c8ed6530d60354667944d75ce757
http://ports.ubuntu.com/pool/main/l/lcms/liblcms1_1.18.dfsg-1ubuntu2.10.04.1_powerpc.deb
Size/MD5: 115178 4f7d8c233e5f27e0794fd2a1f753fb7d
http://ports.ubuntu.com/pool/universe/l/lcms/liblcms-utils_1.18.dfsg-1ubuntu2.10.04.1_powerpc.deb
Size/MD5: 59198 5354d3f927fb0957a7280ad20522cd5f
http://ports.ubuntu.com/pool/universe/l/lcms/python-liblcms_1.18.dfsg-1ubuntu2.10.04.1_powerpc.deb
Size/MD5: 167004 4181e185eb4290f4a506cc6a5ef23332
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/l/lcms/liblcms1-dev_1.18.dfsg-1ubuntu2.10.04.1_sparc.deb
Size/MD5: 206764 60b6b0499d3d70b45b0c12e160ccfaea
http://ports.ubuntu.com/pool/main/l/lcms/liblcms1_1.18.dfsg-1ubuntu2.10.04.1_sparc.deb
Size/MD5: 110080 ee7259f8b863616c4fc1d5a85695b5ea
http://ports.ubuntu.com/pool/universe/l/lcms/liblcms-utils_1.18.dfsg-1ubuntu2.10.04.1_sparc.deb
Size/MD5: 64514 7d23af820f62f7efdcadcb8e08d3675d
http://ports.ubuntu.com/pool/universe/l/lcms/python-liblcms_1.18.dfsg-1ubuntu2.10.04.1_sparc.deb
Size/MD5: 159334 974383cd3fd688a1003ec99b3a9113b6
Updated packages for Ubuntu 10.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/l/lcms/lcms_1.18.dfsg-1ubuntu2.10.10.1.diff.gz
Size/MD5: 10114 20e7514ba0acbe330b94a4cbce98c605
http://security.ubuntu.com/ubuntu/pool/main/l/lcms/lcms_1.18.dfsg-1ubuntu2.10.10.1.dsc
Size/MD5: 2051 fafeffac18c542d6de316209251f73ad
http://security.ubuntu.com/ubuntu/pool/main/l/lcms/lcms_1.18.dfsg.orig.tar.gz
Size/MD5: 894456 2d4078499413febf56db0bcc1d8d4eb9
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/l/lcms/liblcms1-dev_1.18.dfsg-1ubuntu2.10.10.1_amd64.deb
Size/MD5: 202754 cfdbfd84af2006dc76a1372cd15f6190
http://security.ubuntu.com/ubuntu/pool/main/l/lcms/liblcms1_1.18.dfsg-1ubuntu2.10.10.1_amd64.deb
Size/MD5: 109764 abd8626f2895847dcfa2ab2ab6159797
http://security.ubuntu.com/ubuntu/pool/universe/l/lcms/liblcms-utils_1.18.dfsg-1ubuntu2.10.10.1_amd64.deb
Size/MD5: 60076 f1a2fa552f9e06608800457d84fcba5c
http://security.ubuntu.com/ubuntu/pool/universe/l/lcms/python-liblcms_1.18.dfsg-1ubuntu2.10.10.1_amd64.deb
Size/MD5: 159182 8bd5175d44cc41372d483d3c6f5826f4
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/l/lcms/liblcms1-dev_1.18.dfsg-1ubuntu2.10.10.1_i386.deb
Size/MD5: 194744 f32a720f427204fed94e710d68af64fa
http://security.ubuntu.com/ubuntu/pool/main/l/lcms/liblcms1_1.18.dfsg-1ubuntu2.10.10.1_i386.deb
Size/MD5: 101774 18c07cb47c8aa5d98eea25a88addb09e
http://security.ubuntu.com/ubuntu/pool/universe/l/lcms/liblcms-utils_1.18.dfsg-1ubuntu2.10.10.1_i386.deb
Size/MD5: 55894 6eb6f435d3fb932825a889cb907a61eb
http://security.ubuntu.com/ubuntu/pool/universe/l/lcms/python-liblcms_1.18.dfsg-1ubuntu2.10.10.1_i386.deb
Size/MD5: 150354 5bd5c8298068a83dc7d4340899d3cdbf
armel architecture (ARM Architecture):
http://ports.ubuntu.com/pool/main/l/lcms/liblcms1-dev_1.18.dfsg-1ubuntu2.10.10.1_armel.deb
Size/MD5: 193432 2385281b25960d18f6c11fed43bd5db3
http://ports.ubuntu.com/pool/main/l/lcms/liblcms1_1.18.dfsg-1ubuntu2.10.10.1_armel.deb
Size/MD5: 107328 48594ec3346b71b7f8d57654f011dc88
http://ports.ubuntu.com/pool/universe/l/lcms/liblcms-utils_1.18.dfsg-1ubuntu2.10.10.1_armel.deb
Size/MD5: 57502 167efcb36ab71e3d7ffb5d02ccd6d2b3
http://ports.ubuntu.com/pool/universe/l/lcms/python-liblcms_1.18.dfsg-1ubuntu2.10.10.1_armel.deb
Size/MD5: 139296 cf71751aeb49497b7c277faa31f02d81
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/l/lcms/liblcms1-dev_1.18.dfsg-1ubuntu2.10.10.1_powerpc.deb
Size/MD5: 203088 05a41447398de2349516957ec6bfcd9c
http://ports.ubuntu.com/pool/main/l/lcms/liblcms1_1.18.dfsg-1ubuntu2.10.10.1_powerpc.deb
Size/MD5: 114178 c62a0f29535d5422ede2b40daeb75ca2
http://ports.ubuntu.com/pool/universe/l/lcms/liblcms-utils_1.18.dfsg-1ubuntu2.10.10.1_powerpc.deb
Size/MD5: 57940 53f47bd1f12f0f15faf1e04cd4827dc9
http://ports.ubuntu.com/pool/universe/l/lcms/python-liblcms_1.18.dfsg-1ubuntu2.10.10.1_powerpc.deb
Size/MD5: 166136 d069de5b989d6d11fff002a0f823e0f3
Download attachment "signature.asc" of type "application/pgp-signature" (837 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists