Description: | Description: The remote host is missing an update to argyllcms announced via advisory FEDORA-2009-3435.
The Argyll color management system supports accurate ICC profile creation for scanners, CMYK printers, film recorders and calibration and profiling of displays.
Update Information:
Multiple integer overflows and multiple insufficient upper-bounds checks on certain variable sizes were originally discovered in the Ghostscript's International Color Consortium Format Library (icclib). It was found, the original patch, addressing this issue was incomplete. ChangeLog:
* Wed Apr 8 2009 Jon Ciesla - 1.0.3-4 - Patch for ICC library CVE-2009-0792. * Mon Mar 23 2009 Jon Ciesla - 1.0.3-3 - Patch for ICC library CVE-2009-{0583, 0584} by Tim Waugh. * Mon Feb 23 2009 Fedora Release Engineering - 1.0.3-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
References:
[ 1 ] Bug #491853 - CVE-2009-0792 ghostscript, argyllcms: Incomplete fix for CVE-2009-0583 https://bugzilla.redhat.com/show_bug.cgi?id=491853
Solution: Apply the appropriate updates.
This update can be installed with the yum update program. Use su -c 'yum update argyllcms' at the command line. For more information, refer to Managing Software with yum, available at http://docs.fedoraproject.org/yum/.
https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-3435
CVSS Score: 9.3
CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
|