lcms, python security update

2009-01-0816:02:58

CentOS Project

lists.centos.org

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.012 Low

EPSS

Percentile

85.0%

JSON

CentOS Errata and Security Advisory CESA-2009:0011

Little Color Management System (LittleCMS, or simply “lcms”) is a
small-footprint, speed-optimized open source color management engine.

Multiple insufficient input validation flaws were discovered in LittleCMS.
An attacker could use these flaws to create a specially-crafted image file
which could cause an application using LittleCMS to crash, or, possibly,
execute arbitrary code when opened. (CVE-2008-5316, CVE-2008-5317)

Users of lcms should upgrade to these updated packages, which contain
backported patches to correct these issues. All running applications using
lcms library must be restarted for the update to take effect.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2009-January/077690.html
https://lists.centos.org/pipermail/centos-announce/2009-January/077691.html

Affected packages:
lcms
lcms-devel
python-lcms

Upstream details at:
https://access.redhat.com/errata/RHSA-2009:0011

OSVersionArchitecturePackageVersionFilename
CentOS5i386lcms< 1.15-1.2.2.el5_2.2lcms-1.15-1.2.2.el5_2.2.i386.rpm
CentOS5i386lcms-devel< 1.15-1.2.2.el5_2.2lcms-devel-1.15-1.2.2.el5_2.2.i386.rpm
CentOS5i386python-lcms< 1.15-1.2.2.el5_2.2python-lcms-1.15-1.2.2.el5_2.2.i386.rpm
CentOS5i386lcms< 1.15-1.2.2.el5_2.2lcms-1.15-1.2.2.el5_2.2.i386.rpm
CentOS5i386lcms-devel< 1.15-1.2.2.el5_2.2lcms-devel-1.15-1.2.2.el5_2.2.i386.rpm
CentOS5i386python-lcms< 1.15-1.2.2.el5_2.2python-lcms-1.15-1.2.2.el5_2.2.i386.rpm
CentOS5i386lcms< 1.15-1.2.2.el5_2.2lcms-1.15-1.2.2.el5_2.2.i386.rpm
CentOS5x86_64lcms< 1.15-1.2.2.el5_2.2lcms-1.15-1.2.2.el5_2.2.x86_64.rpm
CentOS5i386lcms-devel< 1.15-1.2.2.el5_2.2lcms-devel-1.15-1.2.2.el5_2.2.i386.rpm
CentOS5x86_64lcms-devel< 1.15-1.2.2.el5_2.2lcms-devel-1.15-1.2.2.el5_2.2.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
CentOS	5	i386	lcms	< 1.15-1.2.2.el5_2.2	lcms-1.15-1.2.2.el5_2.2.i386.rpm
CentOS	5	i386	lcms-devel	< 1.15-1.2.2.el5_2.2	lcms-devel-1.15-1.2.2.el5_2.2.i386.rpm
CentOS	5	i386	python-lcms	< 1.15-1.2.2.el5_2.2	python-lcms-1.15-1.2.2.el5_2.2.i386.rpm
CentOS	5	i386	lcms	< 1.15-1.2.2.el5_2.2	lcms-1.15-1.2.2.el5_2.2.i386.rpm
CentOS	5	i386	lcms-devel	< 1.15-1.2.2.el5_2.2	lcms-devel-1.15-1.2.2.el5_2.2.i386.rpm
CentOS	5	i386	python-lcms	< 1.15-1.2.2.el5_2.2	python-lcms-1.15-1.2.2.el5_2.2.i386.rpm
CentOS	5	i386	lcms	< 1.15-1.2.2.el5_2.2	lcms-1.15-1.2.2.el5_2.2.i386.rpm
CentOS	5	x86_64	lcms	< 1.15-1.2.2.el5_2.2	lcms-1.15-1.2.2.el5_2.2.x86_64.rpm
CentOS	5	i386	lcms-devel	< 1.15-1.2.2.el5_2.2	lcms-devel-1.15-1.2.2.el5_2.2.i386.rpm
CentOS	5	x86_64	lcms-devel	< 1.15-1.2.2.el5_2.2	lcms-devel-1.15-1.2.2.el5_2.2.x86_64.rpm