Test ID:	1.3.6.1.4.1.25623.1.0.63697
Category:	Slackware Local Security Checks
Title:	Slackware: Security Advisory (SSA:2009-083-01)
Summary:	The remote host is missing an update for the 'lcms' package(s) announced via the SSA:2009-083-01 advisory.
Description:	Summary: The remote host is missing an update for the 'lcms' package(s) announced via the SSA:2009-083-01 advisory. Vulnerability Insight: New lcms packages are available for Slackware 10.0, 10.1, 10.2, 11.0, 12.0, 12.1, 12.2, and -current to fix security issues. More details about the issues may be found in the Common Vulnerabilities and Exposures (CVE) database: [links moved to references] Here are the details from the Slackware 12.2 ChangeLog: +--------------------------+ patches/packages/lcms-1.18-i486-1_slack12.2.tgz: Upgraded to lcms-1.18. This update fixes security issues discovered in LittleCMS by Chris Evans. These flaws could cause program crashes (denial of service) or the execution of arbitrary code as the user of the lcms-linked program. For more information, see: [links moved to references] (* Security fix *) +--------------------------+ Affected Software/OS: 'lcms' package(s) on Slackware 10.0, Slackware 10.1, Slackware 10.2, Slackware 11.0, Slackware 12.0, Slackware 12.1, Slackware 12.2, Slackware current. Solution: Please install the updated package(s). CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-0581 1021870 http://www.securitytracker.com/id?1021870 20090320 LittleCMS vulnerabilities (OpenJDK, Firefox, GIMP, etc. impacted) http://www.securityfocus.com/archive/1/502018/100/0/threaded 20090320 [oCERT-2009-003] LittleCMS integer errors http://www.securityfocus.com/archive/1/502031/100/0/threaded 34185 http://www.securityfocus.com/bid/34185 34367 http://secunia.com/advisories/34367 34382 http://secunia.com/advisories/34382 34400 http://secunia.com/advisories/34400 34408 http://secunia.com/advisories/34408 34418 http://secunia.com/advisories/34418 34442 http://secunia.com/advisories/34442 34450 http://secunia.com/advisories/34450 34454 http://secunia.com/advisories/34454 34463 http://secunia.com/advisories/34463 34632 http://secunia.com/advisories/34632 34675 http://secunia.com/advisories/34675 34782 http://secunia.com/advisories/34782 ADV-2009-0775 http://www.vupen.com/english/advisories/2009/0775 DSA-1745 http://www.debian.org/security/2009/dsa-1745 DSA-1769 http://www.debian.org/security/2009/dsa-1769 FEDORA-2009-2903 https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00794.html FEDORA-2009-2910 https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00799.html FEDORA-2009-2928 https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00811.html FEDORA-2009-2970 https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00851.html FEDORA-2009-2982 https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00856.html FEDORA-2009-2983 https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00857.html FEDORA-2009-3034 https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00921.html GLSA-200904-19 http://security.gentoo.org/glsa/glsa-200904-19.xml MDVSA-2009:121 http://www.mandriva.com/security/advisories?name=MDVSA-2009:121 MDVSA-2009:137 http://www.mandriva.com/security/advisories?name=MDVSA-2009:137 MDVSA-2009:162 http://www.mandriva.com/security/advisories?name=MDVSA-2009:162 RHSA-2009:0339 http://www.redhat.com/support/errata/RHSA-2009-0339.html RHSA-2009:0377 https://rhn.redhat.com/errata/RHSA-2009-0377.html SSA:2009-083-01 http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.487438 SUSE-SR:2009:007 http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html USN-744-1 http://www.ubuntu.com/usn/USN-744-1 http://scary.beasts.org/security/CESA-2009-003.html http://scarybeastsecurity.blogspot.com/2009/03/littlecms-vulnerabilities.html http://www.ocert.org/advisories/ocert-2009-003.html https://bugzilla.redhat.com/show_bug.cgi?id=487509 littlecms-unspecified-dos(49328) https://exchange.xforce.ibmcloud.com/vulnerabilities/49328 oval:org.mitre.oval:def:10023 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10023 Common Vulnerability Exposure (CVE) ID: CVE-2009-0723 BugTraq ID: 34185 Bugtraq: 20090320 LittleCMS vulnerabilities (OpenJDK, Firefox, GIMP, etc. impacted) (Google Search) Bugtraq: 20090320 [oCERT-2009-003] LittleCMS integer errors (Google Search) Debian Security Information: DSA-1745 (Google Search) Debian Security Information: DSA-1769 (Google Search) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11780 RedHat Security Advisories: RHSA-2009:0377 http://www.securitytracker.com/id?1021869 SuSE Security Announcement: SUSE-SR:2009:007 (Google Search) XForce ISS Database: littlecms-unspecified-bo(49326) https://exchange.xforce.ibmcloud.com/vulnerabilities/49326 Common Vulnerability Exposure (CVE) ID: CVE-2009-0733 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9742 XForce ISS Database: littlecms-readsetofcurves-bo(49330) https://exchange.xforce.ibmcloud.com/vulnerabilities/49330
Copyright	Copyright (C) 2012 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.