Description: | Description: The remote host is missing an update to lcms announced via advisory FEDORA-2009-2910.
Update Information:
Some patches that was collected in the fedora package have just been submitted upstream. Changes are hight that this update can be superseeded by a beta3 or a stable release from upstream.
ChangeLog:
* Fri Mar 20 2009 kwizart < kwizart at gmail.com > - 1.18-0.1.beta2 - Update to 1.18beta2 fix bug #487508: CVE-2009-0723 LittleCms integer overflow fix bug #487512: CVE-2009-0733 LittleCms lack of upper-bounds check on sizes fix bug #487509: CVE-2009-0581 LittleCms memory leak * Mon Mar 2 2009 kwizart < kwizart at gmail.com > - 1.17-10 - Fix circle dependency #452352
References:
[ 1 ] Bug #487508 - CVE-2009-0723 LittleCms integer overflow https://bugzilla.redhat.com/show_bug.cgi?id=487508 [ 2 ] Bug #487512 - CVE-2009-0733 LittleCms lack of upper-bounds check on sizes https://bugzilla.redhat.com/show_bug.cgi?id=487512 [ 3 ] Bug #487509 - CVE-2009-0581 LittleCms memory leak https://bugzilla.redhat.com/show_bug.cgi?id=487509
Solution: Apply the appropriate updates.
This update can be installed with the yum update program. Use su -c 'yum update lcms' at the command line. For more information, refer to Managing Software with yum, available at http://docs.fedoraproject.org/yum/.
https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-2910
CVSS Score: 9.3
CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
|