Ubuntu
ia32-libs package

CVE-2009-0793

Bug #700198 reported by Artur Rona on 2011-01-08

262

This bug affects 1 person

	Status	Importance	Assigned to
gimp (Ubuntu)	Invalid	Undecided	Unassigned
Hardy	Invalid	Undecided	Unassigned
Karmic	Invalid	Undecided	Unassigned
Lucid	Invalid	Undecided	Unassigned
Maverick	Invalid	Undecided	Unassigned
Natty	Invalid	Undecided	Unassigned
ia32-libs (Ubuntu)	Fix Released	Low	Unassigned
Hardy	Fix Released	Low	Unassigned
Karmic	Fix Released	Low	Unassigned
Lucid	Fix Released	Low	Unassigned
Maverick	Fix Released	Low	Unassigned
Natty	Fix Released	Low	Unassigned
lcms (Ubuntu)	Fix Released	Undecided	Unassigned
Hardy	Fix Released	Low	Steve Beattie
Karmic	Fix Released	Low	Steve Beattie
Lucid	Fix Released	Low	Steve Beattie
Maverick	Fix Released	Low	Steve Beattie
Natty	Fix Released	Undecided	Unassigned
openjdk-6 (Ubuntu)	Fix Released	Low	Unassigned
Hardy	Fix Released	Low	Unassigned
Karmic	Fix Released	Undecided	Unassigned
Lucid	Fix Released	Undecided	Unassigned
Maverick	Fix Released	Low	Unassigned
Natty	Fix Released	Low	Unassigned
openjdk-6b18 (Ubuntu)	Fix Released	Low	Unassigned
Hardy	Invalid	Undecided	Unassigned
Karmic	Invalid	Undecided	Unassigned
Lucid	Fix Released	Low	Unassigned
Maverick	Fix Released	Low	Unassigned
Natty	Fix Released	Low	Unassigned

Bug Description

Description
cmsxform.c in LittleCMS (aka lcms or liblcms) 1.18, as used in OpenJDK and
other products, allows remote attackers to cause a denial of service (NULL
pointer dereference and application crash) via a crafted image that
triggers execution of incorrect code for "transformations of monochrome
profiles."

Tags:

Related branches

lp:ubuntu/hardy-updates/lcms

lp:ubuntu/karmic-security/lcms

lp:ubuntu/natty/lcms

lp:ubuntu/maverick-security/lcms

lp:ubuntu/lucid-updates/lcms

lp:ubuntu/lucid-security/ia32-libs

lp:ubuntu/karmic-security/ia32-libs

lp:ubuntu/maverick-security/ia32-libs

CVE References

Revision history for this message

Artur Rona (ari-tczew) wrote on 2011-01-08:

Natty will be fixed through merge in bug 694364.

Revision history for this message

Artur Rona (ari-tczew) wrote on 2011-01-08:

security-maverick.debdiff Edit (2.9 KiB, text/plain)

Revision history for this message

Artur Rona (ari-tczew) wrote on 2011-01-08:

security-lucid.debdiff Edit (2.9 KiB, text/plain)

Revision history for this message

Artur Rona (ari-tczew) wrote on 2011-01-08:

security-karmic.debdiff Edit (2.9 KiB, text/plain)

Revision history for this message

Artur Rona (ari-tczew) wrote on 2011-01-08:

security-hardy.debdiff Edit (2.9 KiB, text/plain)

Revision history for this message

Artur Rona (ari-tczew) wrote on 2011-01-08:

Patches were taken from Debian. All build fine in pbuilder.

Revision history for this message

Scott Kitterman (kitterman) wrote on 2011-01-08:

Per http://svn.debian.org/wsvn/secure-testing/data/embedded-code-copies?op=file these other packages carry embedded copies of lcms and should be investigated too.

Brian Murray (brian-murray) on 2011-01-10

security vulnerability:

no → yes

Revision history for this message

Launchpad Janitor (janitor) wrote on 2011-01-10:

This bug was fixed in the package lcms - 1.18.dfsg-1.2ubuntu1

---------------
lcms (1.18.dfsg-1.2ubuntu1) natty; urgency=low

  * Merge from debian unstable. Remaining changes: (LP: #694364)
    - debian/control: Mention Little CMS in binary package names
      for searchability. (Closes: #608007)
    - debian/rules: Adjust for Python 2.6 transition.
  * This upload fixes security issue. (LP: #700198)
    - CVE-2009-0793

lcms (1.18.dfsg-1.2) unstable; urgency=low

* Non-maintainer upload
* Fix silly copy&paste error (Really Closes: #560993)

lcms (1.18.dfsg-1.1) unstable; urgency=low

  * Non-maintainer upload
  * Fix CVE-2009-0793 (Closes: #530785)
  * Fix detection of sparc64, patch by Aurelien Jarno (Closes: #560993)
-- Artur Rona <email address hidden> Sat, 08 Jan 2011 04:27:31 +0100

Changed in lcms (Ubuntu):
status:	New → Fix Released

Revision history for this message

Steve Beattie (sbeattie) wrote on 2011-01-11:

Accepting the lcms debdiffs for ubuntu-security.

Changed in lcms (Ubuntu Hardy):
assignee:	nobody → Steve Beattie (sbeattie)
importance:	Undecided → Low
status:	New → In Progress
Changed in lcms (Ubuntu Karmic):
assignee:	nobody → Steve Beattie (sbeattie)
importance:	Undecided → Low
status:	New → In Progress
Changed in lcms (Ubuntu Lucid):
assignee:	nobody → Steve Beattie (sbeattie)
importance:	Undecided → Low
status:	New → In Progress
Changed in lcms (Ubuntu Maverick):
assignee:	nobody → Steve Beattie (sbeattie)
importance:	Undecided → Low
status:	New → In Progress

Revision history for this message

Steve Beattie (sbeattie) wrote on 2011-01-11:

#10

OpenJDK 6 packages were fixed in 6b16-1.6.1-0ubuntu1 and 6b18-1.8.2-4ubuntu1~8.04.1.

Changed in openjdk-6 (Ubuntu Hardy):
importance:	Undecided → Low
status:	New → Fix Released
Changed in openjdk-6 (Ubuntu Karmic):
status:	New → Fix Released
Changed in openjdk-6 (Ubuntu Lucid):
status:	New → Fix Released
Changed in openjdk-6 (Ubuntu Maverick):
importance:	Undecided → Low
status:	New → Fix Released
Changed in openjdk-6 (Ubuntu Natty):
importance:	Undecided → Low
status:	New → Fix Released

Steve Beattie (sbeattie) on 2011-01-11

Changed in openjdk-6b18 (Ubuntu Hardy):
status:	New → Invalid
Changed in openjdk-6b18 (Ubuntu Karmic):
status:	New → Invalid
Changed in openjdk-6b18 (Ubuntu Lucid):
importance:	Undecided → Low
status:	New → Fix Released
Changed in openjdk-6b18 (Ubuntu Maverick):
importance:	Undecided → Low
status:	New → Fix Released
Changed in openjdk-6b18 (Ubuntu Natty):
importance:	Undecided → Low
status:	New → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2011-01-12:

#11

This bug was fixed in the package lcms - 1.18.dfsg-1ubuntu2.10.10.1

---------------
lcms (1.18.dfsg-1ubuntu2.10.10.1) maverick-security; urgency=low

  * debian/patches/CVE-2009-0793.dpatch: SECURITY UPDATE: (LP: #700198)
    - Fix DoS via a crafted image that triggers execution of incorrect
      code for "transformations of monochrome profiles."
    - CVE-2009-0073
-- Artur Rona <email address hidden> Sat, 08 Jan 2011 04:23:13 +0100

Revision history for this message

Launchpad Janitor (janitor) wrote on 2011-01-12:

#12

This bug was fixed in the package lcms - 1.18.dfsg-1ubuntu2.10.04.1

---------------
lcms (1.18.dfsg-1ubuntu2.10.04.1) lucid-security; urgency=low

Revision history for this message

Launchpad Janitor (janitor) wrote on 2011-01-12:

#13

This bug was fixed in the package lcms - 1.18.dfsg-1ubuntu1.1

---------------
lcms (1.18.dfsg-1ubuntu1.1) karmic-security; urgency=low

Revision history for this message

Launchpad Janitor (janitor) wrote on 2011-01-12:

#14

This bug was fixed in the package lcms - 1.16-7ubuntu1.3

---------------
lcms (1.16-7ubuntu1.3) hardy-security; urgency=low

Changed in lcms (Ubuntu Hardy):
status:	In Progress → Fix Released
Changed in lcms (Ubuntu Karmic):
status:	In Progress → Fix Released
Changed in lcms (Ubuntu Lucid):
status:	In Progress → Fix Released
Changed in lcms (Ubuntu Maverick):
status:	In Progress → Fix Released

Jamie Strandboge (jdstrand) on 2011-01-12

Changed in ia32-libs (Ubuntu Lucid):
status:	New → Triaged
importance:	Undecided → Low
Changed in ia32-libs (Ubuntu Maverick):
status:	New → Triaged
importance:	Undecided → Low
Changed in ia32-libs (Ubuntu Natty):
status:	New → Triaged
importance:	Undecided → Low
Changed in ia32-libs (Ubuntu Hardy):
status:	New → Triaged
importance:	Undecided → Low
Changed in ia32-libs (Ubuntu Karmic):
status:	New → Triaged
importance:	Undecided → Low

Revision history for this message

Artur Rona (ari-tczew) wrote on 2011-01-14:

#15

There is nothing to sponsor. I'm unsubscribing ubuntu-security-sponsors.

Brian Murray (brian-murray) on 2011-01-14

tags:

added: patch

Revision history for this message

Dave Walker (davewalker) wrote on 2011-01-14: Re: [Bug 700198] Re: CVE-2009-0793

#16

On 14/01/11 17:38, Brian Murray wrote:
> ** Tags added: patch
>
ahhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhh!

Revision history for this message

Kees Cook (kees) wrote on 2011-02-04:

#17

Gimp is linked against the system lcms

Changed in gimp (Ubuntu Natty):
status:	New → Invalid
Changed in gimp (Ubuntu Hardy):
status:	New → Invalid
Changed in gimp (Ubuntu Karmic):
status:	New → Invalid
Changed in gimp (Ubuntu Lucid):
status:	New → Invalid
Changed in gimp (Ubuntu Maverick):
status:	New → Invalid

Revision history for this message

Scott Ritchie (scottritchie) wrote on 2011-03-30:

#18

Natty just got an ia32-libs refresh, which should cover it.

Changed in ia32-libs (Ubuntu Natty):
status:	Triaged → Fix Released

Revision history for this message

Jamie Strandboge (jdstrand) wrote on 2011-04-08:

#19

Hardy 2.2ubuntu11.3 should have the fix.

Changed in ia32-libs (Ubuntu Hardy):
status:	Triaged → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2011-04-19:

#20

This bug was fixed in the package ia32-libs - 20090808ubuntu9.1

---------------
ia32-libs (20090808ubuntu9.1) maverick-security; urgency=low

  * SECURITY UPDATE: Refresh packages to pull in security fixes,
    including:
    - lcms buffer overflow, CVE-2009-0793 (LP: #700198)
    - openssl: multiple issues, including CVE-2009-3555, CVE-2009-3245,
      and CVE-2010-2939
    - libpango1.0: multiple DoS, possible code execution issues:
      CVE-2010-0421, CVE-2011-0020, CVE-2011-0064
    - libfreetype: multiple DoS, possible code execution issues
    - nss: many issues
-- Steve Beattie <email address hidden> Tue, 12 Apr 2011 12:17:45 -0700

Revision history for this message

Launchpad Janitor (janitor) wrote on 2011-04-19:

#21

This bug was fixed in the package ia32-libs - 2.7ubuntu26.1

---------------
ia32-libs (2.7ubuntu26.1) lucid-security; urgency=low

  * SECURITY UPDATE: Refresh packages to pull in security fixes,
    including:
    - lcms buffer overflow, CVE-2009-0793 (LP: #700198)
    - openssl: multiple issues, including CVE-2009-3555, CVE-2009-3245,
      and CVE-2010-2939
    - libpango1.0: multiple DoS, possible code execution issues:
      CVE-2010-0421, CVE-2011-0020, CVE-2011-0064
    - nss: many issues
-- Steve Beattie <email address hidden> Tue, 12 Apr 2011 11:26:47 -0700

Revision history for this message

Launchpad Janitor (janitor) wrote on 2011-04-19:

#22

This bug was fixed in the package ia32-libs - 2.7ubuntu17.1

---------------
ia32-libs (2.7ubuntu17.1) karmic-security; urgency=low

  * SECURITY UPDATE: Refresh packages to pull in security fixes,
    including:
    - lcms: buffer overflow, CVE-2009-0793 (LP: #700198)
    - openssl: multiple issues, including CVE-2009-3555, CVE-2009-3245,
      and CVE-2010-2939
    - libpango1.0: multiple DoS, possible code execution issues:
      CVE-2010-0421, CVE-2011-0020, CVE-2011-0064
    - libfreetype: multiple DoS, possible code execution issues:
      CVE-2010-3311, CVE-2010-3814, CVE-2010-3855, CVE-2010-1797,
      CVE-2010-2541, CVE-2010-2805, CVE-2010-2806, CVE-2010-2807,
      CVE-2010-2808, CVE-2010-2498, CVE-2010-2499, CVE-2010-2500,
      CVE-2010-2519, CVE-2010-2520, CVE-2010-2527
    - nss: many issues
-- Steve Beattie <email address hidden> Tue, 12 Apr 2011 02:08:26 -0700

Changed in ia32-libs (Ubuntu Karmic):
status:	Triaged → Fix Released
Changed in ia32-libs (Ubuntu Lucid):
status:	Triaged → Fix Released
Changed in ia32-libs (Ubuntu Maverick):
status:	Triaged → Fix Released

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Patches

Add patch

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntuia32-libs package

CVE-2009-0793

Bug Description

Related branches

CVE References

Other bug subscribers

Patches

Remote bug watches

Ubuntu
ia32-libs package