lcms-1.15-1.2.2AXS3.2
エラータID: AXSA:2009-05:01
リリース日:
2009/01/23 Friday - 12:07
題名:
lcms-1.15-1.2.2AXS3.2
影響のあるチャネル:
Asianux Server 3 for x86_64
Asianux Server 3 for ppc
Asianux Server 3 for ia64
Asianux Server 3 for x86
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- lcms の ReadEmbeddedTextTag 関数には長さのパラメータに関連するバッファオーバーフローの脆弱性が存在します。 (CVE-2008-5316)
- lcms の cmsAllocGamma 関数には整数符号エラーの脆弱性が存在します。 (CVE-2008-5317)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2008-5316
Buffer overflow in the ReadEmbeddedTextTag function in src/cmsio1.c in Little cms color engine (aka lcms) before 1.16 allows attackers to have an unknown impact via vectors related to a length parameter inconsistency involving the contents of "the input file," a different vulnerability than CVE-2007-2741.
Buffer overflow in the ReadEmbeddedTextTag function in src/cmsio1.c in Little cms color engine (aka lcms) before 1.16 allows attackers to have an unknown impact via vectors related to a length parameter inconsistency involving the contents of "the input file," a different vulnerability than CVE-2007-2741.
CVE-2008-5317
Integer signedness error in the cmsAllocGamma function in src/cmsgamma.c in Little cms color engine (aka lcms) before 1.17 allows attackers to have an unknown impact via a file containing a certain "number of entries" value, which is interpreted improperly, leading to an allocation of insufficient memory.
Integer signedness error in the cmsAllocGamma function in src/cmsgamma.c in Little cms color engine (aka lcms) before 1.17 allows attackers to have an unknown impact via a file containing a certain "number of entries" value, which is interpreted improperly, leading to an allocation of insufficient memory.
追加情報:
N/A
ダウンロード:
SRPMS
- lcms-1.15-1.2.2AXS3.2.src.rpm
MD5: ea892d038815b14f41b310e5f88fe926
SHA-256: b83dc437d4156b071f14c358f7da3b811352a97d3f1fde6c87922348fd602130
Size: 768.52 kB
Asianux Server 3 for x86
- lcms-1.15-1.2.2AXS3.2.i386.rpm
MD5: 95172ebf26298b029860f5c86a51ed49
SHA-256: 39c43b9b15920666e830fcb1f048a692c7beceda11c19cc63a5b0eaadcef92c5
Size: 168.86 kB - lcms-devel-1.15-1.2.2AXS3.2.i386.rpm
MD5: 217fdc630fd706294fcceea2269f3c9b
SHA-256: d9b4b20f3a2fba0d2dd2bbc07e783dd564426187823af9ca20823d862217bc17
Size: 151.43 kB
Asianux Server 3 for x86_64
- lcms-1.15-1.2.2AXS3.2.x86_64.rpm
MD5: 61a9494ff64a70bd087d5bf77474ea36
SHA-256: 4660646dc8b6f374776c9572dc92617e4051b0374e146819b5130c223c197888
Size: 170.12 kB - lcms-devel-1.15-1.2.2AXS3.2.x86_64.rpm
MD5: e645491e04c1879f2fd37d33b74b1ebc
SHA-256: 7dff797f6e9eacffba3b0ca7bed23cbb6f0a886965b3cdb2a05581a8872b3042
Size: 164.68 kB