Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.63583
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2009:0339
Summary:NOSUMMARY
Description:Description:
The remote host is missing updates announced in
advisory RHSA-2009:0339.

Little Color Management System (LittleCMS, or simply lcms) is a
small-footprint, speed-optimized open source color management engine.

Multiple integer overflow flaws which could lead to heap-based buffer
overflows, as well as multiple insufficient input validation flaws, were
found in LittleCMS. An attacker could use these flaws to create a
specially-crafted image file which could cause an application using
LittleCMS to crash, or, possibly, execute arbitrary code when opened by a
victim. (CVE-2009-0723, CVE-2009-0733)

A memory leak flaw was found in LittleCMS. An application using LittleCMS
could use excessive amount of memory, and possibly crash after using all
available memory, if used to open specially-crafted images. (CVE-2009-0581)

Red Hat would like to thank Chris Evans from the Google Security Team for
reporting these issues.

All users of LittleCMS should install these updated packages, which upgrade
LittleCMS to version 1.18. All running applications using the lcms library
must be restarted for the update to take effect.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2009-0339.html
http://www.redhat.com/security/updates/classification/#moderate

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2009-0581
BugTraq ID: 34185
http://www.securityfocus.com/bid/34185
Bugtraq: 20090320 LittleCMS vulnerabilities (OpenJDK, Firefox, GIMP, etc. impacted) (Google Search)
http://www.securityfocus.com/archive/1/502018/100/0/threaded
Bugtraq: 20090320 [oCERT-2009-003] LittleCMS integer errors (Google Search)
http://www.securityfocus.com/archive/1/502031/100/0/threaded
Debian Security Information: DSA-1745 (Google Search)
http://www.debian.org/security/2009/dsa-1745
Debian Security Information: DSA-1769 (Google Search)
http://www.debian.org/security/2009/dsa-1769
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00794.html
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00799.html
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00811.html
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00851.html
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00856.html
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00857.html
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00921.html
http://security.gentoo.org/glsa/glsa-200904-19.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2009:121
http://www.mandriva.com/security/advisories?name=MDVSA-2009:137
http://www.mandriva.com/security/advisories?name=MDVSA-2009:162
http://scary.beasts.org/security/CESA-2009-003.html
http://scarybeastsecurity.blogspot.com/2009/03/littlecms-vulnerabilities.html
http://www.ocert.org/advisories/ocert-2009-003.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10023
http://www.redhat.com/support/errata/RHSA-2009-0339.html
RedHat Security Advisories: RHSA-2009:0377
https://rhn.redhat.com/errata/RHSA-2009-0377.html
http://www.securitytracker.com/id?1021870
http://secunia.com/advisories/34367
http://secunia.com/advisories/34382
http://secunia.com/advisories/34400
http://secunia.com/advisories/34408
http://secunia.com/advisories/34418
http://secunia.com/advisories/34442
http://secunia.com/advisories/34450
http://secunia.com/advisories/34454
http://secunia.com/advisories/34463
http://secunia.com/advisories/34632
http://secunia.com/advisories/34675
http://secunia.com/advisories/34782
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.487438
SuSE Security Announcement: SUSE-SR:2009:007 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html
http://www.ubuntu.com/usn/USN-744-1
http://www.vupen.com/english/advisories/2009/0775
XForce ISS Database: littlecms-unspecified-dos(49328)
https://exchange.xforce.ibmcloud.com/vulnerabilities/49328
Common Vulnerability Exposure (CVE) ID: CVE-2009-0723
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11780
http://www.securitytracker.com/id?1021869
XForce ISS Database: littlecms-unspecified-bo(49326)
https://exchange.xforce.ibmcloud.com/vulnerabilities/49326
Common Vulnerability Exposure (CVE) ID: CVE-2009-0733
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9742
XForce ISS Database: littlecms-readsetofcurves-bo(49330)
https://exchange.xforce.ibmcloud.com/vulnerabilities/49330
CopyrightCopyright (c) 2009 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.