Search...

Debian DSA-1684-1 : lcms - multiple vulnerabilities

2008-12-10T00:00:00

ID DEBIAN_DSA-1684.NASL
Type nessus
Reporter This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
Modified 2008-12-10T00:00:00

Description

Two vulnerabilities have been found in lcms, a library and set of commandline utilities for image color management. The Common Vulnerabilities and Exposures project identifies the following problems :

CVE-2008-5316 Inadequate enforcement of fixed-length buffer limits allows an attacker to overflow a buffer on the stack, potentially enabling the execution of arbitrary code when a maliciously-crafted image is opened.

CVS-2008-5317

An integer sign error in reading image gamma data could allow an attacker to cause an under-sized buffer to be allocated for subsequent image data, with unknown consequences potentially including the execution of arbitrary code if a maliciously-crafted image is opened.

                                        
                                            #%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-1684. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(35077);
  script_version("1.15");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/04");

  script_cve_id("CVE-2008-5316", "CVE-2008-5317");
  script_xref(name:"DSA", value:"1684");

  script_name(english:"Debian DSA-1684-1 : lcms - multiple vulnerabilities");
  script_summary(english:"Checks dpkg output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Two vulnerabilities have been found in lcms, a library and set of
commandline utilities for image color management. The Common
Vulnerabilities and Exposures project identifies the following
problems :

  - CVE-2008-5316
    Inadequate enforcement of fixed-length buffer limits
    allows an attacker to overflow a buffer on the stack,
    potentially enabling the execution of arbitrary code
    when a maliciously-crafted image is opened.

  - CVS-2008-5317

    An integer sign error in reading image gamma data could
    allow an attacker to cause an under-sized buffer to be
    allocated for subsequent image data, with unknown
    consequences potentially including the execution of
    arbitrary code if a maliciously-crafted image is opened."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2008-5316"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2008-5317"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.debian.org/security/2008/dsa-1684"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Upgrade the lcms packages.

For the stable distribution (etch), these problems have been fixed in
version 1.15-1.1+etch1.

For the upcoming stable distribution (lenny), and the unstable
distribution (sid), these problems are fixed in version 1.17.dfsg-1."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_cwe_id(119, 189);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:lcms");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:4.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2008/12/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2008/12/10");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"4.0", prefix:"liblcms-utils", reference:"1.15-1.1+etch1")) flag++;
if (deb_check(release:"4.0", prefix:"liblcms1", reference:"1.15-1.1+etch1")) flag++;
if (deb_check(release:"4.0", prefix:"liblcms1-dev", reference:"1.15-1.1+etch1")) flag++;

if (flag)
{
  if (report_verbosity &gt; 0) security_hole(port:0, extra:deb_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

JSON Vulners Source

Initial Source

{"id": "DEBIAN_DSA-1684.NASL", "bulletinFamily": "scanner", "title": "Debian DSA-1684-1 : lcms - multiple vulnerabilities", "description": "Two vulnerabilities have been found in lcms, a library and set of\ncommandline utilities for image color management. The Common\nVulnerabilities and Exposures project identifies the following\nproblems :\n\n - CVE-2008-5316\n Inadequate enforcement of fixed-length buffer limits\n allows an attacker to overflow a buffer on the stack,\n potentially enabling the execution of arbitrary code\n when a maliciously-crafted image is opened.\n\n - CVS-2008-5317\n\n An integer sign error in reading image gamma data could\n allow an attacker to cause an under-sized buffer to be\n allocated for subsequent image data, with unknown\n consequences potentially including the execution of\n arbitrary code if a maliciously-crafted image is opened.", "published": "2008-12-10T00:00:00", "modified": "2008-12-10T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "href": "https://www.tenable.com/plugins/nessus/35077", "reporter": "This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-5317", "https://www.debian.org/security/2008/dsa-1684", "https://security-tracker.debian.org/tracker/CVE-2008-5316"], "cvelist": ["CVE-2008-5316", "CVE-2008-5317"], "type": "nessus", "lastseen": "2021-01-06T09:45:10", "edition": 27, "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-5316", "CVE-2008-5317"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310880712", "OPENVAS:63114", "OPENVAS:136141256231063114", "OPENVAS:62954", "OPENVAS:840306", "OPENVAS:880712", "OPENVAS:1361412562310122531", "OPENVAS:136141256231063182", "OPENVAS:63182"]}, {"type": "centos", "idList": ["CESA-2009:0011"]}, {"type": "oraclelinux", "idList": ["ELSA-2009-0011"]}, {"type": "redhat", "idList": ["RHSA-2009:0011"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1684-1:A6FF1"]}, {"type": "nessus", "idList": ["ORACLELINUX_ELSA-2009-0011.NASL", "UBUNTU_USN-652-1.NASL", "REDHAT-RHSA-2009-0011.NASL", "SL_20090107_LCMS_ON_SL5_X.NASL", "CENTOS_RHSA-2009-0011.NASL", "UBUNTU_USN-693-1.NASL"]}, {"type": "ubuntu", "idList": ["USN-652-1", "USN-693-1"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:21052", "SECURITYVULNS:VULN:9508", "SECURITYVULNS:VULN:9528"]}], "modified": "2021-01-06T09:45:10", "rev": 2}, "score": {"value": 8.2, "vector": "NONE", "modified": "2021-01-06T09:45:10", "rev": 2}, "vulnersScore": 8.2}, "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1684. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(35077);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2008-5316\", \"CVE-2008-5317\");\n script_xref(name:\"DSA\", value:\"1684\");\n\n script_name(english:\"Debian DSA-1684-1 : lcms - multiple vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Two vulnerabilities have been found in lcms, a library and set of\ncommandline utilities for image color management. The Common\nVulnerabilities and Exposures project identifies the following\nproblems :\n\n - CVE-2008-5316\n Inadequate enforcement of fixed-length buffer limits\n allows an attacker to overflow a buffer on the stack,\n potentially enabling the execution of arbitrary code\n when a maliciously-crafted image is opened.\n\n - CVS-2008-5317\n\n An integer sign error in reading image gamma data could\n allow an attacker to cause an under-sized buffer to be\n allocated for subsequent image data, with unknown\n consequences potentially including the execution of\n arbitrary code if a maliciously-crafted image is opened.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-5316\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-5317\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2008/dsa-1684\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the lcms packages.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 1.15-1.1+etch1.\n\nFor the upcoming stable distribution (lenny), and the unstable\ndistribution (sid), these problems are fixed in version 1.17.dfsg-1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lcms\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/12/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/12/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"liblcms-utils\", reference:\"1.15-1.1+etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"liblcms1\", reference:\"1.15-1.1+etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"liblcms1-dev\", reference:\"1.15-1.1+etch1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Debian Local Security Checks", "pluginID": "35077", "cpe": ["cpe:/o:debian:debian_linux:4.0", "p-cpe:/a:debian:debian_linux:lcms"], "scheme": null}

{"cve": [{"lastseen": "2021-02-02T05:35:18", "description": "Buffer overflow in the ReadEmbeddedTextTag function in src/cmsio1.c in Little cms color engine (aka lcms) before 1.16 allows attackers to have an unknown impact via vectors related to a length parameter inconsistency involving the contents of \"the input file,\" a different vulnerability than CVE-2007-2741.", "edition": 6, "cvss3": {}, "published": "2008-12-03T17:30:00", "title": "CVE-2008-5316", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5316"], "modified": "2017-09-29T01:32:00", "cpe": ["cpe:/a:littlecms:little_cms_color_engine:1.15", "cpe:/a:littlecms:little_cms_color_engine:1.08", "cpe:/a:littlecms:lcms:1.11", "cpe:/a:littlecms:little_cms_color_engine:1.12", "cpe:/a:littlecms:lcms:1.10", "cpe:/a:littlecms:lcms:1.07", "cpe:/a:littlecms:little_cms_color_engine:1.09", "cpe:/a:littlecms:lcms:1.15", "cpe:/a:littlecms:little_cms_color_engine:1.10", "cpe:/a:littlecms:little_cms_color_engine:1.11", "cpe:/a:littlecms:little_cms_color_engine:1.14", "cpe:/a:littlecms:lcms:1.09", "cpe:/a:littlecms:lcms:1.14", "cpe:/a:littlecms:lcms:1.12", "cpe:/a:littlecms:little_cms_color_engine:1.13", "cpe:/a:littlecms:lcms:1.08", "cpe:/a:littlecms:little_cms_color_engine:1.07", "cpe:/a:littlecms:lcms:1.13"], "id": "CVE-2008-5316", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5316", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:littlecms:little_cms_color_engine:1.14:*:*:*:*:*:*:*", "cpe:2.3:a:littlecms:little_cms_color_engine:1.11:*:*:*:*:*:*:*", "cpe:2.3:a:littlecms:little_cms_color_engine:1.08:*:*:*:*:*:*:*", "cpe:2.3:a:littlecms:lcms:1.09:*:*:*:*:*:*:*", "cpe:2.3:a:littlecms:lcms:1.12:*:*:*:*:*:*:*", "cpe:2.3:a:littlecms:little_cms_color_engine:1.10:*:*:*:*:*:*:*", "cpe:2.3:a:littlecms:lcms:1.08:*:*:*:*:*:*:*", "cpe:2.3:a:littlecms:lcms:1.15:*:*:*:*:*:*:*", "cpe:2.3:a:littlecms:lcms:1.11:*:*:*:*:*:*:*", "cpe:2.3:a:littlecms:lcms:1.13:*:*:*:*:*:*:*", "cpe:2.3:a:littlecms:little_cms_color_engine:1.15:*:*:*:*:*:*:*", "cpe:2.3:a:littlecms:little_cms_color_engine:1.07:*:*:*:*:*:*:*", "cpe:2.3:a:littlecms:little_cms_color_engine:1.13:*:*:*:*:*:*:*", "cpe:2.3:a:littlecms:lcms:1.07:*:*:*:*:*:*:*", "cpe:2.3:a:littlecms:lcms:1.10:*:*:*:*:*:*:*", "cpe:2.3:a:littlecms:lcms:1.14:*:*:*:*:*:*:*", "cpe:2.3:a:littlecms:little_cms_color_engine:1.12:*:*:*:*:*:*:*", "cpe:2.3:a:littlecms:little_cms_color_engine:1.09:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:35:18", "description": "Integer signedness error in the cmsAllocGamma function in src/cmsgamma.c in Little cms color engine (aka lcms) before 1.17 allows attackers to have an unknown impact via a file containing a certain \"number of entries\" value, which is interpreted improperly, leading to an allocation of insufficient memory.", "edition": 6, "cvss3": {}, "published": "2008-12-03T17:30:00", "title": "CVE-2008-5317", "type": "cve", "cwe": ["CWE-189"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5317"], "modified": "2018-10-03T21:56:00", "cpe": ["cpe:/a:littlecms:little_cms_color_engine:1.15", "cpe:/a:littlecms:little_cms_color_engine:1.08", "cpe:/a:littlecms:lcms:1.11", "cpe:/a:littlecms:little_cms_color_engine:1.12", "cpe:/a:littlecms:lcms:1.10", "cpe:/a:littlecms:lcms:1.16", "cpe:/a:littlecms:lcms:1.07", "cpe:/a:littlecms:little_cms_color_engine:1.09", "cpe:/a:littlecms:little_cms_color_engine:1.16", "cpe:/a:littlecms:lcms:1.15", "cpe:/a:littlecms:little_cms_color_engine:1.10", "cpe:/a:littlecms:little_cms_color_engine:1.11", "cpe:/a:littlecms:little_cms_color_engine:1.14", "cpe:/a:littlecms:lcms:1.09", "cpe:/a:littlecms:lcms:1.14", "cpe:/a:littlecms:lcms:1.12", "cpe:/a:littlecms:little_cms_color_engine:1.13", "cpe:/a:littlecms:lcms:1.08", "cpe:/a:littlecms:little_cms_color_engine:1.07", "cpe:/a:littlecms:lcms:1.13"], "id": "CVE-2008-5317", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5317", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:littlecms:little_cms_color_engine:1.14:*:*:*:*:*:*:*", "cpe:2.3:a:littlecms:little_cms_color_engine:1.11:*:*:*:*:*:*:*", "cpe:2.3:a:littlecms:little_cms_color_engine:1.08:*:*:*:*:*:*:*", "cpe:2.3:a:littlecms:lcms:1.09:*:*:*:*:*:*:*", "cpe:2.3:a:littlecms:lcms:1.12:*:*:*:*:*:*:*", "cpe:2.3:a:littlecms:little_cms_color_engine:1.10:*:*:*:*:*:*:*", "cpe:2.3:a:littlecms:lcms:1.08:*:*:*:*:*:*:*", "cpe:2.3:a:littlecms:lcms:1.15:*:*:*:*:*:*:*", "cpe:2.3:a:littlecms:lcms:1.11:*:*:*:*:*:*:*", "cpe:2.3:a:littlecms:lcms:1.13:*:*:*:*:*:*:*", "cpe:2.3:a:littlecms:little_cms_color_engine:1.15:*:*:*:*:*:*:*", "cpe:2.3:a:littlecms:little_cms_color_engine:1.16:*:*:*:*:*:*:*", "cpe:2.3:a:littlecms:little_cms_color_engine:1.07:*:*:*:*:*:*:*", "cpe:2.3:a:littlecms:lcms:1.16:*:*:*:*:*:*:*", "cpe:2.3:a:littlecms:little_cms_color_engine:1.13:*:*:*:*:*:*:*", "cpe:2.3:a:littlecms:lcms:1.07:*:*:*:*:*:*:*", "cpe:2.3:a:littlecms:lcms:1.10:*:*:*:*:*:*:*", "cpe:2.3:a:littlecms:lcms:1.14:*:*:*:*:*:*:*", "cpe:2.3:a:littlecms:little_cms_color_engine:1.12:*:*:*:*:*:*:*", "cpe:2.3:a:littlecms:little_cms_color_engine:1.09:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2017-07-27T10:56:27", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5316", "CVE-2008-5317"], "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:0011.\n\nLittle Color Management System (LittleCMS, or simply lcms) is a\nsmall-footprint, speed-optimized open source color management engine.\n\nMultiple insufficient input validation flaws were discovered in LittleCMS.\nAn attacker could use these flaws to create a specially-crafted image file\nwhich could cause an application using LittleCMS to crash, or, possibly,\nexecute arbitrary code when opened. (CVE-2008-5316, CVE-2008-5317)\n\nUsers of lcms should upgrade to these updated packages, which contain\nbackported patches to correct these issues. All running applications using\nlcms library must be restarted for the update to take effect.", "modified": "2017-07-12T00:00:00", "published": "2009-01-07T00:00:00", "id": "OPENVAS:63114", "href": "http://plugins.openvas.org/nasl.php?oid=63114", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:0011", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_0011.nasl 6683 2017-07-12 09:41:57Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:0011 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:0011.\n\nLittle Color Management System (LittleCMS, or simply lcms) is a\nsmall-footprint, speed-optimized open source color management engine.\n\nMultiple insufficient input validation flaws were discovered in LittleCMS.\nAn attacker could use these flaws to create a specially-crafted image file\nwhich could cause an application using LittleCMS to crash, or, possibly,\nexecute arbitrary code when opened. (CVE-2008-5316, CVE-2008-5317)\n\nUsers of lcms should upgrade to these updated packages, which contain\nbackported patches to correct these issues. All running applications using\nlcms library must be restarted for the update to take effect.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_id(63114);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-01-07 23:16:01 +0100 (Wed, 07 Jan 2009)\");\n script_cve_id(\"CVE-2008-5316\", \"CVE-2008-5317\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:0011\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-0011.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#moderate\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"lcms\", rpm:\"lcms~1.15~1.2.2.el5_2.2\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lcms-debuginfo\", rpm:\"lcms-debuginfo~1.15~1.2.2.el5_2.2\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-lcms\", rpm:\"python-lcms~1.15~1.2.2.el5_2.2\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lcms-devel\", rpm:\"lcms-devel~1.15~1.2.2.el5_2.2\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:39:35", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5316", "CVE-2008-5317"], "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:0011.\n\nLittle Color Management System (LittleCMS, or simply lcms) is a\nsmall-footprint, speed-optimized open source color management engine.\n\nMultiple insufficient input validation flaws were discovered in LittleCMS.\nAn attacker could use these flaws to create a specially-crafted image file\nwhich could cause an application using LittleCMS to crash, or, possibly,\nexecute arbitrary code when opened. (CVE-2008-5316, CVE-2008-5317)\n\nUsers of lcms should upgrade to these updated packages, which contain\nbackported patches to correct these issues. All running applications using\nlcms library must be restarted for the update to take effect.", "modified": "2018-04-06T00:00:00", "published": "2009-01-07T00:00:00", "id": "OPENVAS:136141256231063114", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063114", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:0011", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_0011.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:0011 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:0011.\n\nLittle Color Management System (LittleCMS, or simply lcms) is a\nsmall-footprint, speed-optimized open source color management engine.\n\nMultiple insufficient input validation flaws were discovered in LittleCMS.\nAn attacker could use these flaws to create a specially-crafted image file\nwhich could cause an application using LittleCMS to crash, or, possibly,\nexecute arbitrary code when opened. (CVE-2008-5316, CVE-2008-5317)\n\nUsers of lcms should upgrade to these updated packages, which contain\nbackported patches to correct these issues. All running applications using\nlcms library must be restarted for the update to take effect.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63114\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-01-07 23:16:01 +0100 (Wed, 07 Jan 2009)\");\n script_cve_id(\"CVE-2008-5316\", \"CVE-2008-5317\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:0011\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-0011.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#moderate\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"lcms\", rpm:\"lcms~1.15~1.2.2.el5_2.2\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lcms-debuginfo\", rpm:\"lcms-debuginfo~1.15~1.2.2.el5_2.2\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-lcms\", rpm:\"python-lcms~1.15~1.2.2.el5_2.2\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lcms-devel\", rpm:\"lcms-devel~1.15~1.2.2.el5_2.2\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:38:27", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5316", "CVE-2008-5317"], "description": "The remote host is missing updates to lcms announced in\nadvisory CESA-2009:0011.", "modified": "2018-04-06T00:00:00", "published": "2009-01-13T00:00:00", "id": "OPENVAS:136141256231063182", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063182", "type": "openvas", "title": "CentOS Security Advisory CESA-2009:0011 (lcms)", "sourceData": "#CESA-2009:0011 63182 2\n# $Id: ovcesa2009_0011.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory CESA-2009:0011 (lcms)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details on the issues addressed in this update,\nplease visit the referenced security advisories.\";\ntag_solution = \"Update the appropriate packages on your system.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=CESA-2009:0011\nhttp://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:0011\nhttps://rhn.redhat.com/errata/RHSA-2009-0011.html\";\ntag_summary = \"The remote host is missing updates to lcms announced in\nadvisory CESA-2009:0011.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63182\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-01-13 22:38:32 +0100 (Tue, 13 Jan 2009)\");\n script_cve_id(\"CVE-2008-5316\", \"CVE-2008-5317\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"CentOS Security Advisory CESA-2009:0011 (lcms)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"lcms\", rpm:\"lcms~1.15~1.2.2.el5_2.2\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lcms-devel\", rpm:\"lcms-devel~1.15~1.2.2.el5_2.2\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-lcms\", rpm:\"python-lcms~1.15~1.2.2.el5_2.2\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:28", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5316", "CVE-2008-5317"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2011-08-09T00:00:00", "id": "OPENVAS:1361412562310880712", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880712", "type": "openvas", "title": "CentOS Update for lcms CESA-2009:0011 centos5 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for lcms CESA-2009:0011 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2009-January/015528.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880712\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"CESA\", value:\"2009:0011\");\n script_cve_id(\"CVE-2008-5316\", \"CVE-2008-5317\");\n script_name(\"CentOS Update for lcms CESA-2009:0011 centos5 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'lcms'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"lcms on CentOS 5\");\n script_tag(name:\"insight\", value:\"Little Color Management System (LittleCMS, or simply 'lcms') is a\n small-footprint, speed-optimized open source color management engine.\n\n Multiple insufficient input validation flaws were discovered in LittleCMS.\n An attacker could use these flaws to create a specially-crafted image file\n which could cause an application using LittleCMS to crash, or, possibly,\n execute arbitrary code when opened. (CVE-2008-5316, CVE-2008-5317)\n\n Users of lcms should upgrade to these updated packages, which contain\n backported patches to correct these issues. All running applications using\n lcms library must be restarted for the update to take effect.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"lcms\", rpm:\"lcms~1.15~1.2.2.el5_2.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lcms-devel\", rpm:\"lcms-devel~1.15~1.2.2.el5_2.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-lcms\", rpm:\"python-lcms~1.15~1.2.2.el5_2.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-24T12:49:43", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5316", "CVE-2008-5317"], "description": "The remote host is missing an update to lcms\nannounced via advisory DSA 1684-1.", "modified": "2017-07-07T00:00:00", "published": "2008-12-23T00:00:00", "id": "OPENVAS:62954", "href": "http://plugins.openvas.org/nasl.php?oid=62954", "type": "openvas", "title": "Debian Security Advisory DSA 1684-1 (lcms)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1684_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1684-1 (lcms)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Two vulnerabilities have been found in lcms, a library and set of\ncommandline utilities for image color management. The Common\nVulnerabilities and Exposures project identifies the following\nproblems:\n\nCVE-2008-5316\n\nInadequate enforcement of fixed-length buffer limits allows an\nattacker to overflow a buffer on the stack, potentially enabling\nthe execution of arbitrary code when a maliciously-crafted\nimage is opened.\n\nCVS-2008-5317\n\nAn integer sign error in reading image gamma data could allow an\nattacker to cause an under-sized buffer to be allocated for\nsubsequent image data, with unknown consequences potentially\nincluding the execution of arbitrary code if a maliciously-crafted\nimage is opened.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 1.14-1.1+etch1.\n\nFor the upcoming stable distribution (lenny), and the unstable\ndistribution (sid), these problems are fixed in version 1.17.dfsg-1.\n\nWe recommend that you upgrade your lcms packages.\";\ntag_summary = \"The remote host is missing an update to lcms\nannounced via advisory DSA 1684-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201684-1\";\n\n\nif(description)\n{\n script_id(62954);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-12-23 18:28:16 +0100 (Tue, 23 Dec 2008)\");\n script_cve_id(\"CVE-2008-5316\", \"CVE-2008-5317\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 1684-1 (lcms)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"liblcms1-dev\", ver:\"1.15-1.1+etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"liblcms1\", ver:\"1.15-1.1+etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"liblcms-utils\", ver:\"1.15-1.1+etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:28", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5316", "CVE-2008-5317"], "description": "The remote host is missing updates to lcms announced in\nadvisory CESA-2009:0011.", "modified": "2017-07-10T00:00:00", "published": "2009-01-13T00:00:00", "id": "OPENVAS:63182", "href": "http://plugins.openvas.org/nasl.php?oid=63182", "type": "openvas", "title": "CentOS Security Advisory CESA-2009:0011 (lcms)", "sourceData": "#CESA-2009:0011 63182 2\n# $Id: ovcesa2009_0011.nasl 6650 2017-07-10 11:43:12Z cfischer $\n# Description: Auto-generated from advisory CESA-2009:0011 (lcms)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details on the issues addressed in this update,\nplease visit the referenced security advisories.\";\ntag_solution = \"Update the appropriate packages on your system.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=CESA-2009:0011\nhttp://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:0011\nhttps://rhn.redhat.com/errata/RHSA-2009-0011.html\";\ntag_summary = \"The remote host is missing updates to lcms announced in\nadvisory CESA-2009:0011.\";\n\n\n\nif(description)\n{\n script_id(63182);\n script_version(\"$Revision: 6650 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:43:12 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-01-13 22:38:32 +0100 (Tue, 13 Jan 2009)\");\n script_cve_id(\"CVE-2008-5316\", \"CVE-2008-5317\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"CentOS Security Advisory CESA-2009:0011 (lcms)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"lcms\", rpm:\"lcms~1.15~1.2.2.el5_2.2\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lcms-devel\", rpm:\"lcms-devel~1.15~1.2.2.el5_2.2\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-lcms\", rpm:\"python-lcms~1.15~1.2.2.el5_2.2\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:55:32", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5316", "CVE-2008-5317"], "description": "Check for the Version of lcms", "modified": "2017-07-10T00:00:00", "published": "2011-08-09T00:00:00", "id": "OPENVAS:880712", "href": "http://plugins.openvas.org/nasl.php?oid=880712", "type": "openvas", "title": "CentOS Update for lcms CESA-2009:0011 centos5 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for lcms CESA-2009:0011 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Little Color Management System (LittleCMS, or simply "lcms") is a\n small-footprint, speed-optimized open source color management engine.\n\n Multiple insufficient input validation flaws were discovered in LittleCMS.\n An attacker could use these flaws to create a specially-crafted image file\n which could cause an application using LittleCMS to crash, or, possibly,\n execute arbitrary code when opened. (CVE-2008-5316, CVE-2008-5317)\n \n Users of lcms should upgrade to these updated packages, which contain\n backported patches to correct these issues. All running applications using\n lcms library must be restarted for the update to take effect.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"lcms on CentOS 5\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2009-January/015528.html\");\n script_id(880712);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2009:0011\");\n script_cve_id(\"CVE-2008-5316\", \"CVE-2008-5317\");\n script_name(\"CentOS Update for lcms CESA-2009:0011 centos5 i386\");\n\n script_summary(\"Check for the Version of lcms\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"lcms\", rpm:\"lcms~1.15~1.2.2.el5_2.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lcms-devel\", rpm:\"lcms-devel~1.15~1.2.2.el5_2.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-lcms\", rpm:\"python-lcms~1.15~1.2.2.el5_2.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:36:12", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5316", "CVE-2008-5317"], "description": "Oracle Linux Local Security Checks ELSA-2009-0011", "modified": "2018-09-28T00:00:00", "published": "2015-10-08T00:00:00", "id": "OPENVAS:1361412562310122531", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122531", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2009-0011", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2009-0011.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122531\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-08 14:47:23 +0300 (Thu, 08 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2009-0011\");\n script_tag(name:\"insight\", value:\"ELSA-2009-0011 - lcms security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2009-0011\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2009-0011.html\");\n script_cve_id(\"CVE-2008-5316\", \"CVE-2008-5317\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"lcms\", rpm:\"lcms~1.15~1.2.2.el5_2.2\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"lcms-devel\", rpm:\"lcms-devel~1.15~1.2.2.el5_2.2\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python-lcms\", rpm:\"python-lcms~1.15~1.2.2.el5_2.2\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-12-04T11:28:08", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5317"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-693-1", "modified": "2017-12-01T00:00:00", "published": "2009-03-23T00:00:00", "id": "OPENVAS:840306", "href": "http://plugins.openvas.org/nasl.php?oid=840306", "type": "openvas", "title": "Ubuntu Update for LittleCMS vulnerability USN-693-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_693_1.nasl 7969 2017-12-01 09:23:16Z santu $\n#\n# Ubuntu Update for LittleCMS vulnerability USN-693-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that certain gamma operations in lcms were not\n correctly bounds-checked. If a user or automated system were tricked into\n processing a malicious image, a remote attacker could crash applications\n linked against liblcms1, leading to a denial of service, or possibly\n execute arbitrary code with user privileges.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-693-1\";\ntag_affected = \"LittleCMS vulnerability on Ubuntu 7.10 ,\n Ubuntu 8.04 LTS ,\n Ubuntu 8.10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-693-1/\");\n script_id(840306);\n script_version(\"$Revision: 7969 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-23 10:59:50 +0100 (Mon, 23 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"693-1\");\n script_cve_id(\"CVE-2008-5317\");\n script_name( \"Ubuntu Update for LittleCMS vulnerability USN-693-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU8.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"liblcms1-dev\", ver:\"1.16-10ubuntu0.1\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"liblcms1\", ver:\"1.16-10ubuntu0.1\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"liblcms-utils\", ver:\"1.16-10ubuntu0.1\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python-liblcms\", ver:\"1.16-10ubuntu0.1\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"liblcms1-dev\", ver:\"1.16-7ubuntu1.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"liblcms1\", ver:\"1.16-7ubuntu1.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"liblcms-utils\", ver:\"1.16-7ubuntu1.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python-liblcms\", ver:\"1.16-7ubuntu1.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU7.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"liblcms1-dev\", ver:\"1.16-5ubuntu3.1\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"liblcms1\", ver:\"1.16-5ubuntu3.1\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"liblcms-utils\", ver:\"1.16-5ubuntu3.1\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python-liblcms\", ver:\"1.16-5ubuntu3.1\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "centos": [{"lastseen": "2019-12-20T18:25:46", "bulletinFamily": "unix", "cvelist": ["CVE-2008-5316", "CVE-2008-5317"], "description": "**CentOS Errata and Security Advisory** CESA-2009:0011\n\n\nLittle Color Management System (LittleCMS, or simply \"lcms\") is a\nsmall-footprint, speed-optimized open source color management engine.\n\nMultiple insufficient input validation flaws were discovered in LittleCMS.\nAn attacker could use these flaws to create a specially-crafted image file\nwhich could cause an application using LittleCMS to crash, or, possibly,\nexecute arbitrary code when opened. (CVE-2008-5316, CVE-2008-5317)\n\nUsers of lcms should upgrade to these updated packages, which contain\nbackported patches to correct these issues. All running applications using\nlcms library must be restarted for the update to take effect.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2009-January/027566.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-January/027567.html\n\n**Affected packages:**\nlcms\nlcms-devel\npython-lcms\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2009-0011.html", "edition": 3, "modified": "2009-01-08T16:02:58", "published": "2009-01-08T16:02:58", "href": "http://lists.centos.org/pipermail/centos-announce/2009-January/027566.html", "id": "CESA-2009:0011", "title": "lcms, python security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:35:19", "bulletinFamily": "unix", "cvelist": ["CVE-2008-5316", "CVE-2008-5317"], "description": "[1.15-1.2.2.el5_2.2]\n- Fix Requires to ensure subpackages match the parent package\n[1.15-1.2.2.el5_2.1]\n- Fix insufficient input validation in ReadEmbeddedTextTag\n- Fix unsigned -> signed integer cast issue in cmsAllocGamma\n- Resolves: #473469", "edition": 4, "modified": "2009-01-07T00:00:00", "published": "2009-01-07T00:00:00", "id": "ELSA-2009-0011", "href": "http://linux.oracle.com/errata/ELSA-2009-0011.html", "title": "lcms security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:46:05", "bulletinFamily": "unix", "cvelist": ["CVE-2008-5316", "CVE-2008-5317"], "description": "Little Color Management System (LittleCMS, or simply \"lcms\") is a\nsmall-footprint, speed-optimized open source color management engine.\n\nMultiple insufficient input validation flaws were discovered in LittleCMS.\nAn attacker could use these flaws to create a specially-crafted image file\nwhich could cause an application using LittleCMS to crash, or, possibly,\nexecute arbitrary code when opened. (CVE-2008-5316, CVE-2008-5317)\n\nUsers of lcms should upgrade to these updated packages, which contain\nbackported patches to correct these issues. All running applications using\nlcms library must be restarted for the update to take effect.", "modified": "2017-09-08T11:59:47", "published": "2009-01-07T05:00:00", "id": "RHSA-2009:0011", "href": "https://access.redhat.com/errata/RHSA-2009:0011", "type": "redhat", "title": "(RHSA-2009:0011) Moderate: lcms security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2020-11-11T13:28:27", "bulletinFamily": "unix", "cvelist": ["CVE-2008-5316", "CVE-2008-5317"], "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1684 security@debian.org\nhttp://www.debian.org/security/ Devin Carraway\nDecember 10, 2008 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : lcms\nVulnerability : multiple vulnerabilities\nProblem type : local (remote)\nDebian-specific: no\nCVE Id(s) : CVE-2008-5316 CVE-2008-5317\n\nTwo vulnerabilities have been found in lcms, a library and set of\ncommandline utilities for image color management. The Common\nVulnerabilities and Exposures project identifies the following\nproblems:\n\nCVE-2008-5316\n\n Inadequate enforcement of fixed-length buffer limits allows an\n attacker to overflow a buffer on the stack, potentially enabling\n the execution of arbitrary code when a maliciously-crafted\n image is opened.\n\nCVS-2008-5317\n\n An integer sign error in reading image gamma data could allow an\n attacker to cause an under-sized buffer to be allocated for\n subsequent image data, with unknown consequences potentially\n including the execution of arbitrary code if a maliciously-crafted\n image is opened.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 1.14-1.1+etch1.\n\nFor the upcoming stable distribution (lenny), and the unstable\ndistribution (sid), these problems are fixed in version 1.17.dfsg-1.\n\nWe recommend that you upgrade your lcms packages.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nDebian (stable)\n- ---------------\n\nStable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/l/lcms/lcms_1.15-1.1+etch1.diff.gz\n Size/MD5 checksum: 2000 10fb445280ea38542701017292ffb1ca\n http://security.debian.org/pool/updates/main/l/lcms/lcms_1.15.orig.tar.gz\n Size/MD5 checksum: 791543 95a710dc757504f6b02677c1fab68e73\n http://security.debian.org/pool/updates/main/l/lcms/lcms_1.15-1.1+etch1.dsc\n Size/MD5 checksum: 636 188344016765736e5690a669a6dce88b\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.15-1.1+etch1_alpha.deb\n Size/MD5 checksum: 179622 a64aa233ae03aa942c34e28af411f5fe\n http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.15-1.1+etch1_alpha.deb\n Size/MD5 checksum: 153452 12b7bbd297ef50a85f19da90d1c4f30f\n http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.15-1.1+etch1_alpha.deb\n Size/MD5 checksum: 61580 a821798d40f1d0990a053b825db129a8\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.15-1.1+etch1_amd64.deb\n Size/MD5 checksum: 53284 7eb60db022f80565251a0e4d9cadd8b2\n http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.15-1.1+etch1_amd64.deb\n Size/MD5 checksum: 140288 2b3fa89b3757f0431e2ab3e44f7d1c08\n http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.15-1.1+etch1_amd64.deb\n Size/MD5 checksum: 147692 e8be34ecb4af9f7cfe1e51c759fc2c27\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.15-1.1+etch1_arm.deb\n Size/MD5 checksum: 135546 523110a99549778b3a5a9ddf38b381e5\n http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.15-1.1+etch1_arm.deb\n Size/MD5 checksum: 135376 0e4f0fabbc9a04bc593f1887a1bcf35f\n http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.15-1.1+etch1_arm.deb\n Size/MD5 checksum: 50962 7f38a7371ca57f25080f227a3a3b373a\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.15-1.1+etch1_hppa.deb\n Size/MD5 checksum: 168420 e5aab4f34d88b9f8aefd43fed5f2fe78\n http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.15-1.1+etch1_hppa.deb\n Size/MD5 checksum: 59120 88bf9add52df55b353d0d26508486a96\n http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.15-1.1+etch1_hppa.deb\n Size/MD5 checksum: 157652 30f8396d4f78363befd2e0d72b9e56a8\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.15-1.1+etch1_i386.deb\n Size/MD5 checksum: 137296 46695836065eb7b734e02706191872f7\n http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.15-1.1+etch1_i386.deb\n Size/MD5 checksum: 50592 4a0ca0dc60e6e212bf3692b2785b088b\n http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.15-1.1+etch1_i386.deb\n Size/MD5 checksum: 143282 850ff5b97f347775c1daad08280a5b38\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.15-1.1+etch1_ia64.deb\n Size/MD5 checksum: 204162 abd829e3c02d54dc911aa4abe343e377\n http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.15-1.1+etch1_ia64.deb\n Size/MD5 checksum: 195094 5766c05fb15abe32d908f7b607464bb7\n http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.15-1.1+etch1_ia64.deb\n Size/MD5 checksum: 78422 6176b8abb40f4dc50ed80472fe835fa5\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.15-1.1+etch1_mips.deb\n Size/MD5 checksum: 51508 20274ee9af873cf1760fad77d4cb5720\n http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.15-1.1+etch1_mips.deb\n Size/MD5 checksum: 172570 4dc3f233db7f2c15b26b39a04e7dd1ba\n http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.15-1.1+etch1_mips.deb\n Size/MD5 checksum: 149190 db10ac87adfd9698890428f3119045fd\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.15-1.1+etch1_mipsel.deb\n Size/MD5 checksum: 150390 62a81236533a4b708919367d5939d34c\n http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.15-1.1+etch1_mipsel.deb\n Size/MD5 checksum: 173934 d8618284820cf47bc677c185c6ea5c39\n http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.15-1.1+etch1_mipsel.deb\n Size/MD5 checksum: 52142 2213c852eaab6fbfee23031401214ecd\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.15-1.1+etch1_powerpc.deb\n Size/MD5 checksum: 147308 d0c6bcfe7a23740f15b4e8dae4b9ea74\n http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.15-1.1+etch1_powerpc.deb\n Size/MD5 checksum: 57630 cc7b4fc9ca44268952ef4b9fc97fe631\n http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.15-1.1+etch1_powerpc.deb\n Size/MD5 checksum: 147710 8b586e00c2f39017bd2d51e0632297af\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.15-1.1+etch1_s390.deb\n Size/MD5 checksum: 142054 622fed5f31c26119ca611e5c5aa79b1d\n http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.15-1.1+etch1_s390.deb\n Size/MD5 checksum: 54150 45b3c4c471d977b53d40a2ab57e63591\n http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.15-1.1+etch1_s390.deb\n Size/MD5 checksum: 144324 f8f15540a7cdbcfe5fc32fe40b3e459b\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.15-1.1+etch1_sparc.deb\n Size/MD5 checksum: 146618 2e09901e82467a8e02e12c958bf699db\n http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.15-1.1+etch1_sparc.deb\n Size/MD5 checksum: 51410 7622942be787382b8abc72e9d709aeb8\n http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.15-1.1+etch1_sparc.deb\n Size/MD5 checksum: 137480 111c3ff8c742773fc12237147f6d138c\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "edition": 7, "modified": "2008-12-10T07:51:51", "published": "2008-12-10T07:51:51", "id": "DEBIAN:DSA-1684-1:A6FF1", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2008/msg00276.html", "title": "[SECURITY] [DSA 1684-1] New lcms packages fix multiple vulnerabilities", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-01-06T09:25:30", "description": "Updated lcms packages that resolve several security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nLittle Color Management System (LittleCMS, or simply 'lcms') is a\nsmall-footprint, speed-optimized open source color management engine.\n\nMultiple insufficient input validation flaws were discovered in\nLittleCMS. An attacker could use these flaws to create a specially\ncrafted image file which could cause an application using LittleCMS to\ncrash, or, possibly, execute arbitrary code when opened.\n(CVE-2008-5316, CVE-2008-5317)\n\nUsers of lcms should upgrade to these updated packages, which contain\nbackported patches to correct these issues. All running applications\nusing lcms library must be restarted for the update to take effect.", "edition": 27, "published": "2010-01-06T00:00:00", "title": "CentOS 5 : lcms (CESA-2009:0011)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5316", "CVE-2008-5317"], "modified": "2010-01-06T00:00:00", "cpe": ["p-cpe:/a:centos:centos:lcms", "p-cpe:/a:centos:centos:python-lcms", "p-cpe:/a:centos:centos:lcms-devel", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2009-0011.NASL", "href": "https://www.tenable.com/plugins/nessus/43725", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:0011 and \n# CentOS Errata and Security Advisory 2009:0011 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(43725);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2008-5316\", \"CVE-2008-5317\");\n script_xref(name:\"RHSA\", value:\"2009:0011\");\n\n script_name(english:\"CentOS 5 : lcms (CESA-2009:0011)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated lcms packages that resolve several security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nLittle Color Management System (LittleCMS, or simply 'lcms') is a\nsmall-footprint, speed-optimized open source color management engine.\n\nMultiple insufficient input validation flaws were discovered in\nLittleCMS. An attacker could use these flaws to create a specially\ncrafted image file which could cause an application using LittleCMS to\ncrash, or, possibly, execute arbitrary code when opened.\n(CVE-2008-5316, CVE-2008-5317)\n\nUsers of lcms should upgrade to these updated packages, which contain\nbackported patches to correct these issues. All running applications\nusing lcms library must be restarted for the update to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-January/015528.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0977ae57\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-January/015529.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?47a6054b\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected lcms packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:lcms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:lcms-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-lcms\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/12/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/01/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/01/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"lcms-1.15-1.2.2.el5_2.2\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"lcms-devel-1.15-1.2.2.el5_2.2\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"python-lcms-1.15-1.2.2.el5_2.2\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"lcms / lcms-devel / python-lcms\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T12:44:19", "description": "From Red Hat Security Advisory 2009:0011 :\n\nUpdated lcms packages that resolve several security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nLittle Color Management System (LittleCMS, or simply 'lcms') is a\nsmall-footprint, speed-optimized open source color management engine.\n\nMultiple insufficient input validation flaws were discovered in\nLittleCMS. An attacker could use these flaws to create a specially\ncrafted image file which could cause an application using LittleCMS to\ncrash, or, possibly, execute arbitrary code when opened.\n(CVE-2008-5316, CVE-2008-5317)\n\nUsers of lcms should upgrade to these updated packages, which contain\nbackported patches to correct these issues. All running applications\nusing lcms library must be restarted for the update to take effect.", "edition": 25, "published": "2013-07-12T00:00:00", "title": "Oracle Linux 5 : lcms (ELSA-2009-0011)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5316", "CVE-2008-5317"], "modified": "2013-07-12T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:lcms-devel", "p-cpe:/a:oracle:linux:lcms", "cpe:/o:oracle:linux:5", "p-cpe:/a:oracle:linux:python-lcms"], "id": "ORACLELINUX_ELSA-2009-0011.NASL", "href": "https://www.tenable.com/plugins/nessus/67787", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2009:0011 and \n# Oracle Linux Security Advisory ELSA-2009-0011 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(67787);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-5316\", \"CVE-2008-5317\");\n script_xref(name:\"RHSA\", value:\"2009:0011\");\n\n script_name(english:\"Oracle Linux 5 : lcms (ELSA-2009-0011)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2009:0011 :\n\nUpdated lcms packages that resolve several security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nLittle Color Management System (LittleCMS, or simply 'lcms') is a\nsmall-footprint, speed-optimized open source color management engine.\n\nMultiple insufficient input validation flaws were discovered in\nLittleCMS. An attacker could use these flaws to create a specially\ncrafted image file which could cause an application using LittleCMS to\ncrash, or, possibly, execute arbitrary code when opened.\n(CVE-2008-5316, CVE-2008-5317)\n\nUsers of lcms should upgrade to these updated packages, which contain\nbackported patches to correct these issues. All running applications\nusing lcms library must be restarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2009-January/000846.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected lcms packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:lcms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:lcms-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-lcms\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/12/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/01/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"lcms-1.15-1.2.2.el5_2.2\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"lcms-devel-1.15-1.2.2.el5_2.2\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"python-lcms-1.15-1.2.2.el5_2.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"lcms / lcms-devel / python-lcms\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:44:05", "description": "Multiple insufficient input validation flaws were discovered in\nLittleCMS. An attacker could use these flaws to create a specially\ncrafted image file which could cause an application using LittleCMS to\ncrash, or, possibly, execute arbitrary code when opened.\n(CVE-2008-5316, CVE-2008-5317)", "edition": 25, "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : lcms on SL5.x i386/x86_64", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5316", "CVE-2008-5317"], "modified": "2012-08-01T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20090107_LCMS_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60512", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60512);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-5316\", \"CVE-2008-5317\");\n\n script_name(english:\"Scientific Linux Security Update : lcms on SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple insufficient input validation flaws were discovered in\nLittleCMS. An attacker could use these flaws to create a specially\ncrafted image file which could cause an application using LittleCMS to\ncrash, or, possibly, execute arbitrary code when opened.\n(CVE-2008-5316, CVE-2008-5317)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0901&L=scientific-linux-errata&T=0&P=811\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?92db78ba\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected lcms, lcms-devel and / or python-lcms packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/01/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"lcms-1.15-1.2.2.el5_2.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"lcms-devel-1.15-1.2.2.el5_2.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"python-lcms-1.15-1.2.2.el5_2.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:06:26", "description": "Updated lcms packages that resolve several security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nLittle Color Management System (LittleCMS, or simply 'lcms') is a\nsmall-footprint, speed-optimized open source color management engine.\n\nMultiple insufficient input validation flaws were discovered in\nLittleCMS. An attacker could use these flaws to create a specially\ncrafted image file which could cause an application using LittleCMS to\ncrash, or, possibly, execute arbitrary code when opened.\n(CVE-2008-5316, CVE-2008-5317)\n\nUsers of lcms should upgrade to these updated packages, which contain\nbackported patches to correct these issues. All running applications\nusing lcms library must be restarted for the update to take effect.", "edition": 27, "published": "2009-01-08T00:00:00", "title": "RHEL 5 : lcms (RHSA-2009:0011)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5316", "CVE-2008-5317"], "modified": "2009-01-08T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:lcms-devel", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:5.2", "p-cpe:/a:redhat:enterprise_linux:lcms", "p-cpe:/a:redhat:enterprise_linux:python-lcms"], "id": "REDHAT-RHSA-2009-0011.NASL", "href": "https://www.tenable.com/plugins/nessus/35318", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:0011. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(35318);\n script_version(\"1.24\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-5316\", \"CVE-2008-5317\");\n script_xref(name:\"RHSA\", value:\"2009:0011\");\n\n script_name(english:\"RHEL 5 : lcms (RHSA-2009:0011)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated lcms packages that resolve several security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nLittle Color Management System (LittleCMS, or simply 'lcms') is a\nsmall-footprint, speed-optimized open source color management engine.\n\nMultiple insufficient input validation flaws were discovered in\nLittleCMS. An attacker could use these flaws to create a specially\ncrafted image file which could cause an application using LittleCMS to\ncrash, or, possibly, execute arbitrary code when opened.\n(CVE-2008-5316, CVE-2008-5317)\n\nUsers of lcms should upgrade to these updated packages, which contain\nbackported patches to correct these issues. All running applications\nusing lcms library must be restarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5316\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5317\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2009:0011\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected lcms, lcms-devel and / or python-lcms packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:lcms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:lcms-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-lcms\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/12/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/01/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/01/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2009:0011\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"lcms-1.15-1.2.2.el5_2.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"lcms-devel-1.15-1.2.2.el5_2.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"python-lcms-1.15-1.2.2.el5_2.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"python-lcms-1.15-1.2.2.el5_2.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"python-lcms-1.15-1.2.2.el5_2.2\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"lcms / lcms-devel / python-lcms\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T15:44:17", "description": "Chris Evans discovered that certain ICC operations in lcms were not\ncorrectly bounds-checked. If a user or automated system were tricked\ninto processing an image with malicious ICC tags, a remote attacker\ncould crash applications linked against liblcms1, leading to a denial\nof service, or possibly execute arbitrary code with user privileges.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2009-04-23T00:00:00", "title": "Ubuntu 6.06 LTS : lcms vulnerability (USN-652-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5316", "CVE-2007-2741", "CVE-2008-5317"], "modified": "2009-04-23T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:liblcms1-dev", "p-cpe:/a:canonical:ubuntu_linux:liblcms1", "p-cpe:/a:canonical:ubuntu_linux:liblcms-utils", "cpe:/o:canonical:ubuntu_linux:6.06:-:lts"], "id": "UBUNTU_USN-652-1.NASL", "href": "https://www.tenable.com/plugins/nessus/37333", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-652-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(37333);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2007-2741\", \"CVE-2008-5316\", \"CVE-2008-5317\");\n script_xref(name:\"USN\", value:\"652-1\");\n\n script_name(english:\"Ubuntu 6.06 LTS : lcms vulnerability (USN-652-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Chris Evans discovered that certain ICC operations in lcms were not\ncorrectly bounds-checked. If a user or automated system were tricked\ninto processing an image with malicious ICC tags, a remote attacker\ncould crash applications linked against liblcms1, leading to a denial\nof service, or possibly execute arbitrary code with user privileges.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/652-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected liblcms-utils, liblcms1 and / or liblcms1-dev\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:liblcms-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:liblcms1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:liblcms1-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/10/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(6\\.06)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 6.06\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"6.06\", pkgname:\"liblcms-utils\", pkgver:\"1.13-1ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"liblcms1\", pkgver:\"1.13-1ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"liblcms1-dev\", pkgver:\"1.13-1ubuntu0.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"liblcms-utils / liblcms1 / liblcms1-dev\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T15:44:21", "description": "It was discovered that certain gamma operations in lcms were not\ncorrectly bounds-checked. If a user or automated system were tricked\ninto processing a malicious image, a remote attacker could crash\napplications linked against liblcms1, leading to a denial of service,\nor possibly execute arbitrary code with user privileges.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2009-04-23T00:00:00", "title": "Ubuntu 7.10 / 8.04 LTS / 8.10 : LittleCMS vulnerability (USN-693-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5317"], "modified": "2009-04-23T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:7.10", "p-cpe:/a:canonical:ubuntu_linux:liblcms1-dev", "p-cpe:/a:canonical:ubuntu_linux:liblcms1", "p-cpe:/a:canonical:ubuntu_linux:liblcms-utils", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:python-liblcms", "cpe:/o:canonical:ubuntu_linux:8.10"], "id": "UBUNTU_USN-693-1.NASL", "href": "https://www.tenable.com/plugins/nessus/36761", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-693-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(36761);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2008-5317\");\n script_xref(name:\"USN\", value:\"693-1\");\n\n script_name(english:\"Ubuntu 7.10 / 8.04 LTS / 8.10 : LittleCMS vulnerability (USN-693-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that certain gamma operations in lcms were not\ncorrectly bounds-checked. If a user or automated system were tricked\ninto processing a malicious image, a remote attacker could crash\napplications linked against liblcms1, leading to a denial of service,\nor possibly execute arbitrary code with user privileges.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/693-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:liblcms-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:liblcms1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:liblcms1-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python-liblcms\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:7.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/12/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(7\\.10|8\\.04|8\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 7.10 / 8.04 / 8.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"7.10\", pkgname:\"liblcms-utils\", pkgver:\"1.16-5ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"liblcms1\", pkgver:\"1.16-5ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"liblcms1-dev\", pkgver:\"1.16-5ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"python-liblcms\", pkgver:\"1.16-5ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"liblcms-utils\", pkgver:\"1.16-7ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"liblcms1\", pkgver:\"1.16-7ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"liblcms1-dev\", pkgver:\"1.16-7ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"python-liblcms\", pkgver:\"1.16-7ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"liblcms-utils\", pkgver:\"1.16-10ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"liblcms1\", pkgver:\"1.16-10ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"liblcms1-dev\", pkgver:\"1.16-10ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"python-liblcms\", pkgver:\"1.16-10ubuntu0.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"liblcms-utils / liblcms1 / liblcms1-dev / python-liblcms\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2020-07-09T00:20:30", "bulletinFamily": "unix", "cvelist": ["CVE-2008-5316", "CVE-2007-2741", "CVE-2008-5317"], "description": "Chris Evans discovered that certain ICC operations in lcms were not \ncorrectly bounds-checked. If a user or automated system were tricked \ninto processing an image with malicious ICC tags, a remote attacker could \ncrash applications linked against liblcms1, leading to a denial of service, \nor possibly execute arbitrary code with user privileges.", "edition": 5, "modified": "2008-10-14T00:00:00", "published": "2008-10-14T00:00:00", "id": "USN-652-1", "href": "https://ubuntu.com/security/notices/USN-652-1", "title": "LittleCMS vulnerability", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-09T00:29:28", "bulletinFamily": "unix", "cvelist": ["CVE-2008-5317"], "description": "It was discovered that certain gamma operations in lcms were not \ncorrectly bounds-checked. If a user or automated system were tricked into \nprocessing a malicious image, a remote attacker could crash applications \nlinked against liblcms1, leading to a denial of service, or possibly \nexecute arbitrary code with user privileges.", "edition": 5, "modified": "2008-12-17T00:00:00", "published": "2008-12-17T00:00:00", "id": "USN-693-1", "href": "https://ubuntu.com/security/notices/USN-693-1", "title": "LittleCMS vulnerability", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:31", "bulletinFamily": "software", "cvelist": ["CVE-2008-5316"], "description": "Buffer overflow and integer overflow on images parsing.", "edition": 1, "modified": "2008-12-12T00:00:00", "published": "2008-12-12T00:00:00", "id": "SECURITYVULNS:VULN:9508", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:9508", "title": "lcms multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:28", "bulletinFamily": "software", "cvelist": ["CVE-2008-5317"], "description": "===========================================================\r\nUbuntu Security Notice USN-693-1 December 17, 2008\r\nLittleCMS vulnerability\r\nCVE-2008-5317\r\n===========================================================\r\n\r\nA security issue affects the following Ubuntu releases:\r\n\r\nUbuntu 7.10\r\nUbuntu 8.04 LTS\r\nUbuntu 8.10\r\n\r\nThis advisory also applies to the corresponding versions of\r\nKubuntu, Edubuntu, and Xubuntu.\r\n\r\nThe problem can be corrected by upgrading your system to the\r\nfollowing package versions:\r\n\r\nUbuntu 7.10:\r\n liblcms1 1.16-5ubuntu3.1\r\n\r\nUbuntu 8.04 LTS:\r\n liblcms1 1.16-7ubuntu1.1\r\n\r\nUbuntu 8.10:\r\n liblcms1 1.16-10ubuntu0.1\r\n\r\nIn general, a standard system upgrade is sufficient to effect the\r\nnecessary changes.\r\n\r\nDetails follow:\r\n\r\nIt was discovered that certain gamma operations in lcms were not\r\ncorrectly bounds-checked. If a user or automated system were tricked into\r\nprocessing a malicious image, a remote attacker could crash applications\r\nlinked against liblcms1, leading to a denial of service, or possibly\r\nexecute arbitrary code with user privileges.\r\n\r\n\r\nUpdated packages for Ubuntu 7.10:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/l/lcms/lcms_1.16-5ubuntu3.1.diff.gz\r\n Size/MD5: 22270 1b07d069f29de87c948d397bb60f1c63\r\n http://security.ubuntu.com/ubuntu/pool/main/l/lcms/lcms_1.16-5ubuntu3.1.dsc\r\n Size/MD5: 1053 52d8cf3618b1d68c4d847807145ff300\r\n http://security.ubuntu.com/ubuntu/pool/main/l/lcms/lcms_1.16.orig.tar.gz\r\n Size/MD5: 911546 b07b623f3e712373ff713fb32cf23651\r\n\r\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/l/lcms/liblcms1-dev_1.16-5ubuntu3.1_amd64.deb\r\n Size/MD5: 674464 3ea01d1fb1e43a689d5aafe150702755\r\n http://security.ubuntu.com/ubuntu/pool/main/l/lcms/liblcms1_1.16-5ubuntu3.1_amd64.deb\r\n Size/MD5: 104172 ebeeb2d5b7dfc5df6cd759900d29f1bd\r\n http://security.ubuntu.com/ubuntu/pool/universe/l/lcms/liblcms-utils_1.16-5ubuntu3.1_amd64.deb\r\n Size/MD5: 58010 cfc5b383ff04d603270e5e129a100a35\r\n http://security.ubuntu.com/ubuntu/pool/universe/l/lcms/python-liblcms_1.16-5ubuntu3.1_amd64.deb\r\n Size/MD5: 160770 6ada95ac551daf18adf83eb0274eb15a\r\n\r\n i386 architecture (x86 compatible Intel/AMD):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/l/lcms/liblcms1-dev_1.16-5ubuntu3.1_i386.deb\r\n Size/MD5: 625654 5bca706031d3f2150a08ae8d4f252b5d\r\n http://security.ubuntu.com/ubuntu/pool/main/l/lcms/liblcms1_1.16-5ubuntu3.1_i386.deb\r\n Size/MD5: 98032 520b7d9b6f4e9ad58974ea574c594640\r\n http://security.ubuntu.com/ubuntu/pool/universe/l/lcms/liblcms-utils_1.16-5ubuntu3.1_i386.deb\r\n Size/MD5: 54488 fa816dc4c97ffc22d8200d390ccbfdc3\r\n http://security.ubuntu.com/ubuntu/pool/universe/l/lcms/python-liblcms_1.16-5ubuntu3.1_i386.deb\r\n Size/MD5: 151868 6a9d8575a81353384712b8b890c5d3db\r\n\r\n lpia architecture (Low Power Intel Architecture):\r\n\r\n http://ports.ubuntu.com/pool/main/l/lcms/liblcms1-dev_1.16-5ubuntu3.1_lpia.deb\r\n Size/MD5: 627708 35acd977e4ca7c9ba06c5a19d708f6a5\r\n http://ports.ubuntu.com/pool/main/l/lcms/liblcms1_1.16-5ubuntu3.1_lpia.deb\r\n Size/MD5: 96818 483f473b4ec36e5baa6cbd87644fb0db\r\n http://ports.ubuntu.com/pool/universe/l/lcms/liblcms-utils_1.16-5ubuntu3.1_lpia.deb\r\n Size/MD5: 54790 10144bba21291ab939b0cbdcc82b39a8\r\n http://ports.ubuntu.com/pool/universe/l/lcms/python-liblcms_1.16-5ubuntu3.1_lpia.deb\r\n Size/MD5: 148288 d638ba9bac48029ab63942b76086f9ec\r\n\r\n powerpc architecture (Apple Macintosh G3/G4/G5):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/l/lcms/liblcms1-dev_1.16-5ubuntu3.1_powerpc.deb\r\n Size/MD5: 763170 75eb4df9ffc2343940521d61386232d8\r\n http://security.ubuntu.com/ubuntu/pool/main/l/lcms/liblcms1_1.16-5ubuntu3.1_powerpc.deb\r\n Size/MD5: 114370 0f56f9006b051e3f90ac255242ed55da\r\n http://security.ubuntu.com/ubuntu/pool/universe/l/lcms/liblcms-utils_1.16-5ubuntu3.1_powerpc.deb\r\n Size/MD5: 71750 313ced524c05c5b5524a43a6fe00b3b9\r\n http://security.ubuntu.com/ubuntu/pool/universe/l/lcms/python-liblcms_1.16-5ubuntu3.1_powerpc.deb\r\n Size/MD5: 169576 99c75e89acf4c53d2da192131832ab61\r\n\r\n sparc architecture (Sun SPARC/UltraSPARC):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/l/lcms/liblcms1-dev_1.16-5ubuntu3.1_sparc.deb\r\n Size/MD5: 657440 32a668d688b45caf1b576d375067bab4\r\n http://security.ubuntu.com/ubuntu/pool/main/l/lcms/liblcms1_1.16-5ubuntu3.1_sparc.deb\r\n Size/MD5: 100078 272239660086573a11e9117150e990a4\r\n http://security.ubuntu.com/ubuntu/pool/universe/l/lcms/liblcms-utils_1.16-5ubuntu3.1_sparc.deb\r\n Size/MD5: 58090 d337f0c2012f27b06923b7e3bcc151a7\r\n http://security.ubuntu.com/ubuntu/pool/universe/l/lcms/python-liblcms_1.16-5ubuntu3.1_sparc.deb\r\n Size/MD5: 160136 8b597e2f473e0df9a1d945f0e442940b\r\n\r\nUpdated packages for Ubuntu 8.04 LTS:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/l/lcms/lcms_1.16-7ubuntu1.1.diff.gz\r\n Size/MD5: 22469 fcf92c912c23a981e7e876e954d8744d\r\n http://security.ubuntu.com/ubuntu/pool/main/l/lcms/lcms_1.16-7ubuntu1.1.dsc\r\n Size/MD5: 1053 cf6e6b3ad7d4d531db951e64c96fa6ce\r\n http://security.ubuntu.com/ubuntu/pool/main/l/lcms/lcms_1.16.orig.tar.gz\r\n Size/MD5: 911546 b07b623f3e712373ff713fb32cf23651\r\n\r\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/l/lcms/liblcms1-dev_1.16-7ubuntu1.1_amd64.deb\r\n Size/MD5: 670458 389170d9ba5385e3b87abd7fea8f250b\r\n http://security.ubuntu.com/ubuntu/pool/main/l/lcms/liblcms1_1.16-7ubuntu1.1_amd64.deb\r\n Size/MD5: 101744 1cdd5f38017276817630c69944817b93\r\n http://security.ubuntu.com/ubuntu/pool/universe/l/lcms/liblcms-utils_1.16-7ubuntu1.1_amd64.deb\r\n Size/MD5: 58356 c0fefad25646dcb4e7f93159c42e6bcc\r\n http://security.ubuntu.com/ubuntu/pool/universe/l/lcms/python-liblcms_1.16-7ubuntu1.1_amd64.deb\r\n Size/MD5: 160436 b91c09489730b424726d26dfd8a4fe79\r\n\r\n i386 architecture (x86 compatible Intel/AMD):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/l/lcms/liblcms1-dev_1.16-7ubuntu1.1_i386.deb\r\n Size/MD5: 622152 844db5648952349416359497203ed5e1\r\n http://security.ubuntu.com/ubuntu/pool/main/l/lcms/liblcms1_1.16-7ubuntu1.1_i386.deb\r\n Size/MD5: 95466 e7d24a75c74c87e420f911d7365b07dc\r\n http://security.ubuntu.com/ubuntu/pool/universe/l/lcms/liblcms-utils_1.16-7ubuntu1.1_i386.deb\r\n Size/MD5: 54672 70c3a777cd083539ea74ba1e1564ab31\r\n http://security.ubuntu.com/ubuntu/pool/universe/l/lcms/python-liblcms_1.16-7ubuntu1.1_i386.deb\r\n Size/MD5: 151552 b6d5ab5fea28164ee431f2b453677519\r\n\r\n lpia architecture (Low Power Intel Architecture):\r\n\r\n http://ports.ubuntu.com/pool/main/l/lcms/liblcms1-dev_1.16-7ubuntu1.1_lpia.deb\r\n Size/MD5: 627770 b95154ae17f67303fa343c5e54a8c9af\r\n http://ports.ubuntu.com/pool/main/l/lcms/liblcms1_1.16-7ubuntu1.1_lpia.deb\r\n Size/MD5: 94872 53b3adcbc246094250ec98163a46b573\r\n http://ports.ubuntu.com/pool/universe/l/lcms/liblcms-utils_1.16-7ubuntu1.1_lpia.deb\r\n Size/MD5: 55092 350254ecdd74305e75127fb3f9e8dd79\r\n http://ports.ubuntu.com/pool/universe/l/lcms/python-liblcms_1.16-7ubuntu1.1_lpia.deb\r\n Size/MD5: 148254 2cd35a66c405452243b4a38b0a1e4453\r\n\r\n powerpc architecture (Apple Macintosh G3/G4/G5):\r\n\r\n http://ports.ubuntu.com/pool/main/l/lcms/liblcms1-dev_1.16-7ubuntu1.1_powerpc.deb\r\n Size/MD5: 755162 40848281cf1cb5f3bf5c122a7783e391\r\n http://ports.ubuntu.com/pool/main/l/lcms/liblcms1_1.16-7ubuntu1.1_powerpc.deb\r\n Size/MD5: 110340 df518facbac1fa8fa3552b44057bc548\r\n http://ports.ubuntu.com/pool/universe/l/lcms/liblcms-utils_1.16-7ubuntu1.1_powerpc.deb\r\n Size/MD5: 71892 caa429129d946b7213880e57c0f61b84\r\n http://ports.ubuntu.com/pool/universe/l/lcms/python-liblcms_1.16-7ubuntu1.1_powerpc.deb\r\n Size/MD5: 168896 ca6554614940fced2f6f802e8eb77750\r\n\r\n sparc architecture (Sun SPARC/UltraSPARC):\r\n\r\n http://ports.ubuntu.com/pool/main/l/lcms/liblcms1-dev_1.16-7ubuntu1.1_sparc.deb\r\n Size/MD5: 654668 782d69b57421c081f2016fd9dad8b43d\r\n http://ports.ubuntu.com/pool/main/l/lcms/liblcms1_1.16-7ubuntu1.1_sparc.deb\r\n Size/MD5: 98028 3661278c58ed7be1aa7fa65d4ec49203\r\n http://ports.ubuntu.com/pool/universe/l/lcms/liblcms-utils_1.16-7ubuntu1.1_sparc.deb\r\n Size/MD5: 57514 71726d5636e96491a3a3fdc1600743b7\r\n http://ports.ubuntu.com/pool/universe/l/lcms/python-liblcms_1.16-7ubuntu1.1_sparc.deb\r\n Size/MD5: 159470 25cdabf9bf9b16771588d58d42503007\r\n\r\nUpdated packages for Ubuntu 8.10:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/l/lcms/lcms_1.16-10ubuntu0.1.diff.gz\r\n Size/MD5: 29404 eacd820823911007b6b21265abdae350\r\n http://security.ubuntu.com/ubuntu/pool/main/l/lcms/lcms_1.16-10ubuntu0.1.dsc\r\n Size/MD5: 1392 c16d4901c439d15942787ce7b9ac6cfb\r\n http://security.ubuntu.com/ubuntu/pool/main/l/lcms/lcms_1.16.orig.tar.gz\r\n Size/MD5: 911546 b07b623f3e712373ff713fb32cf23651\r\n\r\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/l/lcms/liblcms1-dev_1.16-10ubuntu0.1_amd64.deb\r\n Size/MD5: 197204 4b79b0c8731fdf766005eaff996150dc\r\n http://security.ubuntu.com/ubuntu/pool/main/l/lcms/liblcms1_1.16-10ubuntu0.1_amd64.deb\r\n Size/MD5: 106476 5ecee5ef79c27485f1b0129b9d4c1b93\r\n http://security.ubuntu.com/ubuntu/pool/universe/l/lcms/liblcms-utils_1.16-10ubuntu0.1_amd64.deb\r\n Size/MD5: 59174 401a56d3d9cd7bab04a10c6b2cd33365\r\n http://security.ubuntu.com/ubuntu/pool/universe/l/lcms/python-liblcms_1.16-10ubuntu0.1_amd64.deb\r\n Size/MD5: 158102 9efb209d3c595f41f66d7d26ad8e3588\r\n\r\n i386 architecture (x86 compatible Intel/AMD):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/l/lcms/liblcms1-dev_1.16-10ubuntu0.1_i386.deb\r\n Size/MD5: 191302 98aba1dab86b168b6e951f6f3956b5ba\r\n http://security.ubuntu.com/ubuntu/pool/main/l/lcms/liblcms1_1.16-10ubuntu0.1_i386.deb\r\n Size/MD5: 99828 7845d9d8f2fbfa21ee32c3729c2d9868\r\n http://security.ubuntu.com/ubuntu/pool/universe/l/lcms/liblcms-utils_1.16-10ubuntu0.1_i386.deb\r\n Size/MD5: 55068 5efbdd09f294552f6ccabd0e5629c3a2\r\n http://security.ubuntu.com/ubuntu/pool/universe/l/lcms/python-liblcms_1.16-10ubuntu0.1_i386.deb\r\n Size/MD5: 150090 7666a4cbf4388488b619197f64330064\r\n\r\n lpia architecture (Low Power Intel Architecture):\r\n\r\n http://ports.ubuntu.com/pool/main/l/lcms/liblcms1-dev_1.16-10ubuntu0.1_lpia.deb\r\n Size/MD5: 187792 8a3293477e04f876ff7c75564536be6b\r\n http://ports.ubuntu.com/pool/main/l/lcms/liblcms1_1.16-10ubuntu0.1_lpia.deb\r\n Size/MD5: 98944 79a6c1e8506d75c4dbd35e3e0a4503c9\r\n http://ports.ubuntu.com/pool/universe/l/lcms/liblcms-utils_1.16-10ubuntu0.1_lpia.deb\r\n Size/MD5: 55426 28af10c678fd5115a92eba1c163ae720\r\n http://ports.ubuntu.com/pool/universe/l/lcms/python-liblcms_1.16-10ubuntu0.1_lpia.deb\r\n Size/MD5: 144842 f33dbd92568f48569d8f94bfa26c51f8\r\n\r\n powerpc architecture (Apple Macintosh G3/G4/G5):\r\n\r\n http://ports.ubuntu.com/pool/main/l/lcms/liblcms1-dev_1.16-10ubuntu0.1_powerpc.deb\r\n Size/MD5: 196914 012cf48172fedf8948325e3a256e9af2\r\n http://ports.ubuntu.com/pool/main/l/lcms/liblcms1_1.16-10ubuntu0.1_powerpc.deb\r\n Size/MD5: 112694 47dae0b542510d60b1b09d88c5cef85e\r\n http://ports.ubuntu.com/pool/universe/l/lcms/liblcms-utils_1.16-10ubuntu0.1_powerpc.deb\r\n Size/MD5: 71708 b6cfa22b59f238b33a9910a7883784cf\r\n http://ports.ubuntu.com/pool/universe/l/lcms/python-liblcms_1.16-10ubuntu0.1_powerpc.deb\r\n Size/MD5: 165428 b390b6ee91a623610fe31af830238711\r\n\r\n sparc architecture (Sun SPARC/UltraSPARC):\r\n\r\n http://ports.ubuntu.com/pool/main/l/lcms/liblcms1-dev_1.16-10ubuntu0.1_sparc.deb\r\n Size/MD5: 194928 32851f26520fcf3c9648262ef8e9f789\r\n http://ports.ubuntu.com/pool/main/l/lcms/liblcms1_1.16-10ubuntu0.1_sparc.deb\r\n Size/MD5: 100278 41519fa060778d9262e9a1213f6f5377\r\n http://ports.ubuntu.com/pool/universe/l/lcms/liblcms-utils_1.16-10ubuntu0.1_sparc.deb\r\n Size/MD5: 60870 fe6c4d54bda7e4666ab6204dd298941c\r\n http://ports.ubuntu.com/pool/universe/l/lcms/python-liblcms_1.16-10ubuntu0.1_sparc.deb\r\n Size/MD5: 157904 1fe77086778f73964b4caa015182003e\r\n", "edition": 1, "modified": "2008-12-18T00:00:00", "published": "2008-12-18T00:00:00", "id": "SECURITYVULNS:DOC:21052", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:21052", "title": "[USN-693-1] LittleCMS vulnerability", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:31", "bulletinFamily": "software", "cvelist": ["CVE-2008-4122", "CVE-2008-5317"], "description": "PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.\r\nPhpclanwebsite: multiple directory traversals, multiple SQL injections, multiple crossite scriptings,", "edition": 1, "modified": "2008-12-19T00:00:00", "published": "2008-12-19T00:00:00", "id": "SECURITYVULNS:VULN:9528", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:9528", "title": "Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}