Mandriva Linux Security Advisory 2009-121 - Multiple security vulnerabilities has been identified and fixed in Little cms. This update provides fixes for these issues. Packages for 2008.0 are being provided due to extended support for Corporate products.
b1c96bf179cf7611ccb91e5558988d8123f8e22c2f03322a9e4e4aa0b1473f0cMandriva Linux Security Advisory 2009-162 - Multiple security vulnerabilities has been identified and fixed in Little cms library embedded in OpenJDK.
12c90d8e3f3b2b5d0ac1ba6b038027034171284bb4adfe356ea434f21d413ac8Mandriva Linux Security Advisory 2009-137 - Multiple security vulnerabilities has been identified and fixed in Little cms library embedded in OpenJDK. This update provides fixes for these issues. java-1.6.0-openjdk requires rhino packages and these has been further updated.
f4b765dd3a8d255bd547e542daffc7433c55b00e65db844ce078a2a85ed532c1Mandriva Linux Security Advisory 2009-121 - Multiple security vulnerabilities has been identified and fixed in Little CMS. A memory leak flaw allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted image file. Multiple integer overflows allow remote attackers to execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow. Multiple stack-based buffer overflows allow remote attackers to execute arbitrary code via a crafted image file associated with a large integer value for the (1) input or (2) output channel. A flaw in the transformations of monochrome profiles allows remote attackers to cause denial of service triggered by a NULL pointer dereference via a crafted image file. This update provides fixes for these issues.
128b2e6b39bb8559db988ef3a065a0a1f8e056209cbe8d7fa77bda7e09b9db5fGentoo Linux Security Advisory GLSA 200904-19 - Multiple errors in LittleCMS allow for attacks including the remote execution of arbitrary code. RedHat reported a null-pointer dereference flaw while processing monochrome ICC profiles. Chris Evans also discovered memory leaks, integer overflows, and stack-based overflows. Versions less than 1.18-r1 are affected.
e3539824a2eae5dbe90fe0fb63225c5786d23d1f68b49df72ee7465b5d262ae5Debian Security Advisory 1769-1 - Several vulnerabilities have been identified in OpenJDK, an implementation of the Java SE platform.
cd608fa6c076345b0a874fdfd34d8a9d0ee02a13f6ebd86be7fb0feca8715eb6Debian Security Advisory 1745-2 - Several security issues have been discovered in lcms, a color management library. This update fixes a possible regression introduced in DSA-1745-1 and also enhances the security patch.
c77800fadd6c284e42c35d6fcb110b184e99091d0e1d7a6cdfbdea548c3735e4Ubuntu Security Notice USN-744-1 - Chris Evans discovered that LittleCMS did not properly handle certain error conditions, resulting in a large memory leak. If a user or automated system were tricked into processing an image with malicious ICC tags, a remote attacker could cause a denial of service. Chris Evans discovered that LittleCMS contained multiple integer overflows. If a user or automated system were tricked into processing an image with malicious ICC tags, a remote attacker could crash applications linked against liblcms1, leading to a denial of service, or possibly execute arbitrary code with user privileges. Chris Evans discovered that LittleCMS did not properly perform bounds checking, leading to a buffer overflow. If a user or automated system were tricked into processing an image with malicious ICC tags, a remote attacker could execute arbitrary code with user privileges.
db36b43a201d232477811d11c433a2cf94eea4a5eb6830aac283817d353e0584LittleCMS, an open source color management engine, suffers from several integer errors, resulting in stack based buffer overflows and various heap errors as well as dangerous memory leaks. Decoding a specially crafted image file will result in unexpected process termination, Denial Of Service conditions or arbitrary code execution due to stack overflow. Versions 1.17 and below are affected.
5d153924342e064a181f332c2fe5c861183cf0ba99258a99b23ce5e1958ba492Debian Security Advisory 1745-1 - Several security issues have been discovered in lcms, a color management library.
31110b123b0825a468a3a51dc420b7290e8ab1d46c7813f631dd2b9caedc3d3d
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed