[gentoo-announce] [ GLSA 200904-19 ] LittleCMS: Multiple vulnerabilities - gentoo-announce

From:	Pierre-Yves Rofes <py@g.o>
To:	gentoo-announce@l.g.o
Cc:	full-disclosure@××××××××××××××.uk, bugtraq@×××××××××××××.com, security-alerts@×××××××××××××.com
Subject:	[gentoo-announce] [ GLSA 200904-19 ] LittleCMS: Multiple vulnerabilities
Date:	Sun, 19 Apr 2009 15:43:52
Message-Id:	`49EB46A1.2070706@gentoo.org`

1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

2

Gentoo Linux Security Advisory                           GLSA 200904-19

3

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

4

                                            http://security.gentoo.org/

5

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

6

7

  Severity: Normal

8

     Title: LittleCMS: Multiple vulnerabilities

9

      Date: April 19, 2009

10

      Bugs: #260269, #264604

11

        ID: 200904-19

12

13

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

14

15

Synopsis

16

========

17

18

Multiple errors in LittleCMS allow for attacks including the remote

19

execution of arbitrary code.

20

21

Background

22

==========

23

24

LittleCMS, or short lcms, is a color management system for working with

25

ICC profiles. It is used by many applications including GIMP and

26

Firefox.

27

28

Affected packages

29

=================

30

31

    -------------------------------------------------------------------

32

     Package          /  Vulnerable  /                      Unaffected

33

    -------------------------------------------------------------------

34

  1  media-libs/lcms      < 1.18-r1                         >= 1.18-r1

35

36

Description

37

===========

38

39

RedHat reported a null-pointer dereference flaw while processing

40

monochrome ICC profiles (CVE-2009-0793).

41

42

Chris Evans of Google discovered the following vulnerabilities:

43

44

* LittleCMS contains severe memory leaks (CVE-2009-0581).

45

46

* LittleCMS is prone to multiple integer overflows, leading to a

47

  heap-based buffer overflow (CVE-2009-0723).

48

49

* The ReadSetOfCurves() function is vulnerable to stack-based buffer

50

  overflows when called from code paths without a bounds check on

51

  channel counts (CVE-2009-0733).

52

53

Impact

54

======

55

56

A remote attacker could entice a user or automated system to open a

57

specially crafted file containing a malicious ICC profile, possibly

58

resulting in the execution of arbitrary code with the privileges of the

59

user running the application or memory exhaustion, leading to a Denial

60

of Service condition.

61

62

Workaround

63

==========

64

65

There is no known workaround at this time.

66

67

Resolution

68

==========

69

70

All LittleCMS users should upgrade to the latest version:

71

72

    # emerge --sync

73

    # emerge --ask --oneshot --verbose ">=media-libs/lcms-1.18-r1"

74

75

References

76

==========

77

78

  [ 1 ] CVE-2009-0581

79

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0581

80

  [ 2 ] CVE-2009-0723

81

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0723

82

  [ 3 ] CVE-2009-0733

83

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0733

84

  [ 4 ] CVE-2009-0793

85

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0793

86

87

Availability

88

============

89

90

This GLSA and any updates to it are available for viewing at

91

the Gentoo Security Website:

92

93

  http://security.gentoo.org/glsa/glsa-200904-19.xml

94

95

Concerns?

96

=========

97

98

Security is a primary focus of Gentoo Linux and ensuring the

99

confidentiality and security of our users machines is of utmost

100

importance to us. Any security concerns should be addressed to

101

security@g.o or alternatively, you may file a bug at

102

http://bugs.gentoo.org.

103

104

License

105

=======

106

107

Copyright 2009 Gentoo Foundation, Inc; referenced text

108

belongs to its owner(s).

109

110

The contents of this document are licensed under the

111

Creative Commons - Attribution / Share Alike license.

112

113

http://creativecommons.org/licenses/by-sa/2.5

Gentoo Archives: gentoo-announce

Attachments

1	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2	Gentoo Linux Security Advisory GLSA 200904-19
3	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4	http://security.gentoo.org/
5	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7	Severity: Normal
8	Title: LittleCMS: Multiple vulnerabilities
9	Date: April 19, 2009
10	Bugs: #260269, #264604
11	ID: 200904-19
12
13	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15	Synopsis
16	========
17
18	Multiple errors in LittleCMS allow for attacks including the remote
19	execution of arbitrary code.
20
21	Background
22	==========
23
24	LittleCMS, or short lcms, is a color management system for working with
25	ICC profiles. It is used by many applications including GIMP and
26	Firefox.
27
28	Affected packages
29	=================
30
31	-------------------------------------------------------------------
32	Package / Vulnerable / Unaffected
33	-------------------------------------------------------------------
34	1 media-libs/lcms < 1.18-r1 >= 1.18-r1
35
36	Description
37	===========
38
39	RedHat reported a null-pointer dereference flaw while processing
40	monochrome ICC profiles (CVE-2009-0793).
41
42	Chris Evans of Google discovered the following vulnerabilities:
43
44	* LittleCMS contains severe memory leaks (CVE-2009-0581).
45
46	* LittleCMS is prone to multiple integer overflows, leading to a
47	heap-based buffer overflow (CVE-2009-0723).
48
49	* The ReadSetOfCurves() function is vulnerable to stack-based buffer
50	overflows when called from code paths without a bounds check on
51	channel counts (CVE-2009-0733).
52
53	Impact
54	======
55
56	A remote attacker could entice a user or automated system to open a
57	specially crafted file containing a malicious ICC profile, possibly
58	resulting in the execution of arbitrary code with the privileges of the
59	user running the application or memory exhaustion, leading to a Denial
60	of Service condition.
61
62	Workaround
63	==========
64
65	There is no known workaround at this time.
66
67	Resolution
68	==========
69
70	All LittleCMS users should upgrade to the latest version:
71
72	# emerge --sync
73	# emerge --ask --oneshot --verbose ">=media-libs/lcms-1.18-r1"
74
75	References
76	==========
77
78	[ 1 ] CVE-2009-0581
79	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0581
80	[ 2 ] CVE-2009-0723
81	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0723
82	[ 3 ] CVE-2009-0733
83	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0733
84	[ 4 ] CVE-2009-0793
85	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0793
86
87	Availability
88	============
89
90	This GLSA and any updates to it are available for viewing at
91	the Gentoo Security Website:
92
93	http://security.gentoo.org/glsa/glsa-200904-19.xml
94
95	Concerns?
96	=========
97
98	Security is a primary focus of Gentoo Linux and ensuring the
99	confidentiality and security of our users machines is of utmost
100	importance to us. Any security concerns should be addressed to
101	security@g.o or alternatively, you may file a bug at
102	http://bugs.gentoo.org.
103
104	License
105	=======
106
107	Copyright 2009 Gentoo Foundation, Inc; referenced text
108	belongs to its owner(s).
109
110	The contents of this document are licensed under the
111	Creative Commons - Attribution / Share Alike license.
112
113	http://creativecommons.org/licenses/by-sa/2.5