Description: | Description: The remote host is missing an update to argyllcms announced via advisory FEDORA-2009-3011.
Update Information:
Multiple integer overflows were found in the International Color Consortium Format Library (icclib). An attacker could use this flaw to potentially execute arbitrary code by requesting to translate a specially- crafted image file created on one device into another's device native color space via a device file.
ChangeLog:
* Mon Mar 23 2009 Jon Ciesla - 1.0.3-3 - Patch for ICC library CVE-2009-{0583, 0584} by Tim Waugh. * Mon Feb 23 2009 Fedora Release Engineering - 1.0.3-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
References:
[ 1 ] Bug #487742 - CVE-2009-0583 ghostscript: Multiple integer overflows in the International Color Consortium Format Library https://bugzilla.redhat.com/show_bug.cgi?id=487742 [ 2 ] Bug #487744 - CVE-2009-0584 ghostscript: Multiple insufficient upper-bounds checks on certain sizes in the International Color Consortium Format Library https://bugzilla.redhat.com/show_bug.cgi?id=487744
Solution: Apply the appropriate updates.
This update can be installed with the yum update program. Use su -c 'yum update argyllcms' at the command line. For more information, refer to Managing Software with yum, available at http://docs.fedoraproject.org/yum/.
https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-3011
CVSS Score: 9.3
CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
|