=========================================================== Ubuntu Security Notice USN-744-1 March 23, 2009 lcms vulnerabilities CVE-2009-0581, CVE-2009-0723, CVE-2009-0733 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.10 Ubuntu 8.04 LTS Ubuntu 8.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: liblcms1 1.13-1ubuntu0.2 Ubuntu 7.10: liblcms1 1.16-5ubuntu3.2 python-liblcms 1.16-5ubuntu3.2 Ubuntu 8.04 LTS: liblcms1 1.16-7ubuntu1.2 python-liblcms 1.16-7ubuntu1.2 Ubuntu 8.10: liblcms1 1.16-10ubuntu0.2 python-liblcms 1.16-10ubuntu0.2 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Chris Evans discovered that LittleCMS did not properly handle certain error conditions, resulting in a large memory leak. If a user or automated system were tricked into processing an image with malicious ICC tags, a remote attacker could cause a denial of service. (CVE-2009-0581) Chris Evans discovered that LittleCMS contained multiple integer overflows. If a user or automated system were tricked into processing an image with malicious ICC tags, a remote attacker could crash applications linked against liblcms1, leading to a denial of service, or possibly execute arbitrary code with user privileges. (CVE-2009-0723) Chris Evans discovered that LittleCMS did not properly perform bounds checking, leading to a buffer overflow. If a user or automated system were tricked into processing an image with malicious ICC tags, a remote attacker could execute arbitrary code with user privileges. (CVE-2009-0733) Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/l/lcms/lcms_1.13-1ubuntu0.2.diff.gz Size/MD5: 16399 ed8d931b572458a98ad21c867d5f2487 http://security.ubuntu.com/ubuntu/pool/main/l/lcms/lcms_1.13-1ubuntu0.2.dsc Size/MD5: 647 a3baf912284c86827f6c3fb0dcac98ef http://security.ubuntu.com/ubuntu/pool/main/l/lcms/lcms_1.13.orig.tar.gz Size/MD5: 585735 e627f43bbbd238895502402d942a6cfd amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/l/lcms/liblcms1-dev_1.13-1ubuntu0.2_amd64.deb Size/MD5: 137660 29da157489a51641ae67d41b30be3ede http://security.ubuntu.com/ubuntu/pool/main/l/lcms/liblcms1_1.13-1ubuntu0.2_amd64.deb Size/MD5: 129768 f4d40f5a5f5e1ab682b10f672f6b4854 http://security.ubuntu.com/ubuntu/pool/universe/l/lcms/liblcms-utils_1.13-1ubuntu0.2_amd64.deb Size/MD5: 40502 a7cbcd2f32516ff4b5b9a852a4b9f70b i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/l/lcms/liblcms1-dev_1.13-1ubuntu0.2_i386.deb Size/MD5: 124334 03d7898a87db8d20e2605fdb12ba1106 http://security.ubuntu.com/ubuntu/pool/main/l/lcms/liblcms1_1.13-1ubuntu0.2_i386.deb Size/MD5: 118866 92d506d6462e2a1a8664171f9ea794c5 http://security.ubuntu.com/ubuntu/pool/universe/l/lcms/liblcms-utils_1.13-1ubuntu0.2_i386.deb Size/MD5: 37308 70dfcdb72c41765ad6e2eeb28ad547f1 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/l/lcms/liblcms1-dev_1.13-1ubuntu0.2_powerpc.deb Size/MD5: 132024 f5353a5fe0ecfd5aa08a3b7f03c998d5 http://security.ubuntu.com/ubuntu/pool/main/l/lcms/liblcms1_1.13-1ubuntu0.2_powerpc.deb Size/MD5: 132484 c241cd5c31b808480852bcd888d7bf33 http://security.ubuntu.com/ubuntu/pool/universe/l/lcms/liblcms-utils_1.13-1ubuntu0.2_powerpc.deb Size/MD5: 44362 492040ce637ad39508f0a23f8e70887b sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/l/lcms/liblcms1-dev_1.13-1ubuntu0.2_sparc.deb Size/MD5: 134932 e075347c7c6baca7ee5d3ae60f4c63f1 http://security.ubuntu.com/ubuntu/pool/main/l/lcms/liblcms1_1.13-1ubuntu0.2_sparc.deb Size/MD5: 125634 ea807c79db6752f9595f6eba6f2d0111 http://security.ubuntu.com/ubuntu/pool/universe/l/lcms/liblcms-utils_1.13-1ubuntu0.2_sparc.deb Size/MD5: 38698 d0a84d8c4cf1a810a68a295f4639f1ea Updated packages for Ubuntu 7.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/l/lcms/lcms_1.16-5ubuntu3.2.diff.gz Size/MD5: 25546 6d57bd85f90041967dd888a13c543c6b http://security.ubuntu.com/ubuntu/pool/main/l/lcms/lcms_1.16-5ubuntu3.2.dsc Size/MD5: 1015 e4d0440673a46a5bd817b9eceaecaecf http://security.ubuntu.com/ubuntu/pool/main/l/lcms/lcms_1.16.orig.tar.gz Size/MD5: 911546 b07b623f3e712373ff713fb32cf23651 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/l/lcms/liblcms1-dev_1.16-5ubuntu3.2_amd64.deb Size/MD5: 675488 388c442370fc7967bd286897c4f239d6 http://security.ubuntu.com/ubuntu/pool/main/l/lcms/liblcms1_1.16-5ubuntu3.2_amd64.deb Size/MD5: 105052 16ab9288c04e0b94a9a8738b47a97110 http://security.ubuntu.com/ubuntu/pool/universe/l/lcms/liblcms-utils_1.16-5ubuntu3.2_amd64.deb Size/MD5: 58286 e73aa168732afdb0910ee116a6eef129 http://security.ubuntu.com/ubuntu/pool/universe/l/lcms/python-liblcms_1.16-5ubuntu3.2_amd64.deb Size/MD5: 161084 e4436b4fedf7b2a6191450784cca3d16 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/l/lcms/liblcms1-dev_1.16-5ubuntu3.2_i386.deb Size/MD5: 626656 f40f43aab6f5c0a1e1f7f7f495e54589 http://security.ubuntu.com/ubuntu/pool/main/l/lcms/liblcms1_1.16-5ubuntu3.2_i386.deb Size/MD5: 98788 b73751edf000dbf987ddb9df72d65bb1 http://security.ubuntu.com/ubuntu/pool/universe/l/lcms/liblcms-utils_1.16-5ubuntu3.2_i386.deb Size/MD5: 54738 9b8bde7acdc4d5b1ff0a6b64e01f6d70 http://security.ubuntu.com/ubuntu/pool/universe/l/lcms/python-liblcms_1.16-5ubuntu3.2_i386.deb Size/MD5: 152060 5727b6b98955c53cecb3b25c8848e419 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/l/lcms/liblcms1-dev_1.16-5ubuntu3.2_lpia.deb Size/MD5: 628756 21ef105956daf49e251122f9bc9f1c6b http://ports.ubuntu.com/pool/main/l/lcms/liblcms1_1.16-5ubuntu3.2_lpia.deb Size/MD5: 97530 5be86a2f6d2307ccf0d93557132cc76b http://ports.ubuntu.com/pool/universe/l/lcms/liblcms-utils_1.16-5ubuntu3.2_lpia.deb Size/MD5: 55090 91144d0968cde6dd6c4c015f4f7d9627 http://ports.ubuntu.com/pool/universe/l/lcms/python-liblcms_1.16-5ubuntu3.2_lpia.deb Size/MD5: 148344 7117264c524024da8165a35e9e28a058 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/l/lcms/liblcms1-dev_1.16-5ubuntu3.2_powerpc.deb Size/MD5: 764002 ed174a8221d6465cdb29553ee885a72f http://security.ubuntu.com/ubuntu/pool/main/l/lcms/liblcms1_1.16-5ubuntu3.2_powerpc.deb Size/MD5: 115248 7f73acafbfe531d4f0f9540b6dc7412f http://security.ubuntu.com/ubuntu/pool/universe/l/lcms/liblcms-utils_1.16-5ubuntu3.2_powerpc.deb Size/MD5: 71982 ad80e7128d1853c63971f413435f9a71 http://security.ubuntu.com/ubuntu/pool/universe/l/lcms/python-liblcms_1.16-5ubuntu3.2_powerpc.deb Size/MD5: 169926 d388443a572601382b2bfa06656e239a sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/l/lcms/liblcms1-dev_1.16-5ubuntu3.2_sparc.deb Size/MD5: 658642 0b9646029e86357185a8f9c4f091bc69 http://security.ubuntu.com/ubuntu/pool/main/l/lcms/liblcms1_1.16-5ubuntu3.2_sparc.deb Size/MD5: 100794 3b0522813ccc70f75fb4e9dec7fc4e9c http://security.ubuntu.com/ubuntu/pool/universe/l/lcms/liblcms-utils_1.16-5ubuntu3.2_sparc.deb Size/MD5: 58342 1339297fb81a7414b0df67fce4f0ee3a http://security.ubuntu.com/ubuntu/pool/universe/l/lcms/python-liblcms_1.16-5ubuntu3.2_sparc.deb Size/MD5: 160214 06a65eb2ee41a155152efa32faabc3b5 Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/l/lcms/lcms_1.16-7ubuntu1.2.diff.gz Size/MD5: 25728 059a45efcc1bae919504f7ec802efdd6 http://security.ubuntu.com/ubuntu/pool/main/l/lcms/lcms_1.16-7ubuntu1.2.dsc Size/MD5: 1015 f6b20c88c9806747f5de29c02f9894b5 http://security.ubuntu.com/ubuntu/pool/main/l/lcms/lcms_1.16.orig.tar.gz Size/MD5: 911546 b07b623f3e712373ff713fb32cf23651 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/l/lcms/liblcms1-dev_1.16-7ubuntu1.2_amd64.deb Size/MD5: 671500 c7dca7c05efcac13d42129f5b49fa885 http://security.ubuntu.com/ubuntu/pool/main/l/lcms/liblcms1_1.16-7ubuntu1.2_amd64.deb Size/MD5: 102618 93fef15514a704d2de1eaed4b252c115 http://security.ubuntu.com/ubuntu/pool/universe/l/lcms/liblcms-utils_1.16-7ubuntu1.2_amd64.deb Size/MD5: 58628 88880fd38759ffe74bcf4d2c7a02bcc7 http://security.ubuntu.com/ubuntu/pool/universe/l/lcms/python-liblcms_1.16-7ubuntu1.2_amd64.deb Size/MD5: 160744 cfb18ac1863e146b46191c44e2dc6a5f i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/l/lcms/liblcms1-dev_1.16-7ubuntu1.2_i386.deb Size/MD5: 623060 9933b7312e23ffa180ff4c09aede9120 http://security.ubuntu.com/ubuntu/pool/main/l/lcms/liblcms1_1.16-7ubuntu1.2_i386.deb Size/MD5: 96198 3e217ba7f1f32576b7d02ae8bd4aadca http://security.ubuntu.com/ubuntu/pool/universe/l/lcms/liblcms-utils_1.16-7ubuntu1.2_i386.deb Size/MD5: 54934 d68dd91d1a1aee88b63c8340f4d01344 http://security.ubuntu.com/ubuntu/pool/universe/l/lcms/python-liblcms_1.16-7ubuntu1.2_i386.deb Size/MD5: 151784 776a7e1b5560fef837f23a5ace115002 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/l/lcms/liblcms1-dev_1.16-7ubuntu1.2_lpia.deb Size/MD5: 628870 774bd02c36c944c2dac2269a94cc0100 http://ports.ubuntu.com/pool/main/l/lcms/liblcms1_1.16-7ubuntu1.2_lpia.deb Size/MD5: 95566 ab3d60ec5641de6d0662e0219cd57e5a http://ports.ubuntu.com/pool/universe/l/lcms/liblcms-utils_1.16-7ubuntu1.2_lpia.deb Size/MD5: 55350 50e094f7ac8eedf5936e5c7ddef90e1c http://ports.ubuntu.com/pool/universe/l/lcms/python-liblcms_1.16-7ubuntu1.2_lpia.deb Size/MD5: 148450 217cbd4b8c02ff8df23c728373236d33 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/l/lcms/liblcms1-dev_1.16-7ubuntu1.2_powerpc.deb Size/MD5: 756288 55d0c64d4159f90858507748f22999e0 http://ports.ubuntu.com/pool/main/l/lcms/liblcms1_1.16-7ubuntu1.2_powerpc.deb Size/MD5: 111106 cbb834eea02a261ff95f91ae8b2831d3 http://ports.ubuntu.com/pool/universe/l/lcms/liblcms-utils_1.16-7ubuntu1.2_powerpc.deb Size/MD5: 72152 409259595d3216ddeedde008b3cf1cf5 http://ports.ubuntu.com/pool/universe/l/lcms/python-liblcms_1.16-7ubuntu1.2_powerpc.deb Size/MD5: 169264 a470e01317920a9e5a169f4250243a4d sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/l/lcms/liblcms1-dev_1.16-7ubuntu1.2_sparc.deb Size/MD5: 655476 09dd2eb67d0e13e2461db7cf00ae085c http://ports.ubuntu.com/pool/main/l/lcms/liblcms1_1.16-7ubuntu1.2_sparc.deb Size/MD5: 98740 9fc94b2b933ca0e3a86af914b124ee58 http://ports.ubuntu.com/pool/universe/l/lcms/liblcms-utils_1.16-7ubuntu1.2_sparc.deb Size/MD5: 57760 3cbc1e97417d5e121a4f626bd2f28654 http://ports.ubuntu.com/pool/universe/l/lcms/python-liblcms_1.16-7ubuntu1.2_sparc.deb Size/MD5: 159758 f64230560e7cba2256388e0f91c25e00 Updated packages for Ubuntu 8.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/l/lcms/lcms_1.16-10ubuntu0.2.diff.gz Size/MD5: 33307 b347c006de69915c5dab5bbd99aa82fa http://security.ubuntu.com/ubuntu/pool/main/l/lcms/lcms_1.16-10ubuntu0.2.dsc Size/MD5: 1354 572c5d2e2c22dbaef635368021b8a7c3 http://security.ubuntu.com/ubuntu/pool/main/l/lcms/lcms_1.16.orig.tar.gz Size/MD5: 911546 b07b623f3e712373ff713fb32cf23651 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/l/lcms/liblcms1-dev_1.16-10ubuntu0.2_amd64.deb Size/MD5: 198456 d881445e1669f437f889fe6845ea55b8 http://security.ubuntu.com/ubuntu/pool/main/l/lcms/liblcms1_1.16-10ubuntu0.2_amd64.deb Size/MD5: 107286 9d55d0afc3c28443074e65465916ac45 http://security.ubuntu.com/ubuntu/pool/universe/l/lcms/liblcms-utils_1.16-10ubuntu0.2_amd64.deb Size/MD5: 59438 f72f735da78cf9c678df511f5164236f http://security.ubuntu.com/ubuntu/pool/universe/l/lcms/python-liblcms_1.16-10ubuntu0.2_amd64.deb Size/MD5: 158234 691c0c50bf7184e662b4fba0693f70d0 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/l/lcms/liblcms1-dev_1.16-10ubuntu0.2_i386.deb Size/MD5: 192370 a5d482eecd04afac2970757520dd47c1 http://security.ubuntu.com/ubuntu/pool/main/l/lcms/liblcms1_1.16-10ubuntu0.2_i386.deb Size/MD5: 100628 55e942db0d7beea1795285a98469fbe1 http://security.ubuntu.com/ubuntu/pool/universe/l/lcms/liblcms-utils_1.16-10ubuntu0.2_i386.deb Size/MD5: 55308 2c788031380f52c237f514796446a75b http://security.ubuntu.com/ubuntu/pool/universe/l/lcms/python-liblcms_1.16-10ubuntu0.2_i386.deb Size/MD5: 150304 b99f9f88a6952c84ad54e39c3b2bb622 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/l/lcms/liblcms1-dev_1.16-10ubuntu0.2_lpia.deb Size/MD5: 188986 990370df3b90c3d51bc22c837f738b8b http://ports.ubuntu.com/pool/main/l/lcms/liblcms1_1.16-10ubuntu0.2_lpia.deb Size/MD5: 99768 ab5ae2fac0345f04dac2cd41de8d5528 http://ports.ubuntu.com/pool/universe/l/lcms/liblcms-utils_1.16-10ubuntu0.2_lpia.deb Size/MD5: 55666 da79498a812abdc927a21f660f271353 http://ports.ubuntu.com/pool/universe/l/lcms/python-liblcms_1.16-10ubuntu0.2_lpia.deb Size/MD5: 145044 f79ee78633706be128a33f544396b26e powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/l/lcms/liblcms1-dev_1.16-10ubuntu0.2_powerpc.deb Size/MD5: 198206 bdbbcaf53c01e4c2241ae253b55af402 http://ports.ubuntu.com/pool/main/l/lcms/liblcms1_1.16-10ubuntu0.2_powerpc.deb Size/MD5: 113512 eda7c793d4b1f084986a6712a9ec63c2 http://ports.ubuntu.com/pool/universe/l/lcms/liblcms-utils_1.16-10ubuntu0.2_powerpc.deb Size/MD5: 71934 b26d5a054f022131c138b5a68fa841f5 http://ports.ubuntu.com/pool/universe/l/lcms/python-liblcms_1.16-10ubuntu0.2_powerpc.deb Size/MD5: 165790 357084a7ac7fb3fd61bd5cb23a407e35 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/l/lcms/liblcms1-dev_1.16-10ubuntu0.2_sparc.deb Size/MD5: 195826 9232d7265dc65c88420985ee565d02a6 http://ports.ubuntu.com/pool/main/l/lcms/liblcms1_1.16-10ubuntu0.2_sparc.deb Size/MD5: 101024 64c774ed7d767b8d24e07fd19aa1ad24 http://ports.ubuntu.com/pool/universe/l/lcms/liblcms-utils_1.16-10ubuntu0.2_sparc.deb Size/MD5: 61116 c60bbdcb8ff337b9f9ef9750ff1acfab http://ports.ubuntu.com/pool/universe/l/lcms/python-liblcms_1.16-10ubuntu0.2_sparc.deb Size/MD5: 158180 268ea56e1620676c9e4bf866814fb99e
Attachment:
signature.asc
Description: This is a digitally signed message part