Ubuntu
gimp package

CVE-2009-0793

  1. Lucid (10.04)
  2. Bug #700198
Bug #700198 reported by Artur Rona
262
This bug affects 1 person
Affects Status Importance Assigned to Milestone
gimp (Ubuntu)
Invalid
Undecided
Unassigned
Hardy
Invalid
Undecided
Unassigned
Karmic
Invalid
Undecided
Unassigned
Lucid
Invalid
Undecided
Unassigned
Maverick
Invalid
Undecided
Unassigned
Natty
Invalid
Undecided
Unassigned
ia32-libs (Ubuntu)
Fix Released
Low
Unassigned
Hardy
Fix Released
Low
Unassigned
Karmic
Fix Released
Low
Unassigned
Lucid
Fix Released
Low
Unassigned
Maverick
Fix Released
Low
Unassigned
Natty
Fix Released
Low
Unassigned
lcms (Ubuntu)
Fix Released
Undecided
Unassigned
Hardy
Fix Released
Low
Steve Beattie
Karmic
Fix Released
Low
Steve Beattie
Lucid
Fix Released
Low
Steve Beattie
Maverick
Fix Released
Low
Steve Beattie
Natty
Fix Released
Undecided
Unassigned
openjdk-6 (Ubuntu)
Fix Released
Low
Unassigned
Hardy
Fix Released
Low
Unassigned
Karmic
Fix Released
Undecided
Unassigned
Lucid
Fix Released
Undecided
Unassigned
Maverick
Fix Released
Low
Unassigned
Natty
Fix Released
Low
Unassigned
openjdk-6b18 (Ubuntu)
Fix Released
Low
Unassigned
Hardy
Invalid
Undecided
Unassigned
Karmic
Invalid
Undecided
Unassigned
Lucid
Fix Released
Low
Unassigned
Maverick
Fix Released
Low
Unassigned
Natty
Fix Released
Low
Unassigned

Bug Description

Description
cmsxform.c in LittleCMS (aka lcms or liblcms) 1.18, as used in OpenJDK and
other products, allows remote attackers to cause a denial of service (NULL
pointer dereference and application crash) via a crafted image that
triggers execution of incorrect code for "transformations of monochrome
profiles."

Tags: patch
Revision history for this message
Artur Rona (ari-tczew) wrote :

Natty will be fixed through merge in bug 694364.

Revision history for this message
Artur Rona (ari-tczew) wrote :
Revision history for this message
Artur Rona (ari-tczew) wrote :
Revision history for this message
Artur Rona (ari-tczew) wrote :
Revision history for this message
Artur Rona (ari-tczew) wrote :
Revision history for this message
Artur Rona (ari-tczew) wrote :

Patches were taken from Debian. All build fine in pbuilder.

Revision history for this message
Scott Kitterman (kitterman) wrote :

Per http://svn.debian.org/wsvn/secure-testing/data/embedded-code-copies?op=file these other packages carry embedded copies of lcms and should be investigated too.

Brian Murray (brian-murray)
security vulnerability: no → yes
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package lcms - 1.18.dfsg-1.2ubuntu1

---------------
lcms (1.18.dfsg-1.2ubuntu1) natty; urgency=low

  * Merge from debian unstable. Remaining changes: (LP: #694364)
    - debian/control: Mention Little CMS in binary package names
      for searchability. (Closes: #608007)
    - debian/rules: Adjust for Python 2.6 transition.
  * This upload fixes security issue. (LP: #700198)
    - CVE-2009-0793

lcms (1.18.dfsg-1.2) unstable; urgency=low

  * Non-maintainer upload
  * Fix silly copy&paste error (Really Closes: #560993)

lcms (1.18.dfsg-1.1) unstable; urgency=low

  * Non-maintainer upload
  * Fix CVE-2009-0793 (Closes: #530785)
  * Fix detection of sparc64, patch by Aurelien Jarno (Closes: #560993)
 -- Artur Rona <email address hidden> Sat, 08 Jan 2011 04:27:31 +0100

Changed in lcms (Ubuntu):
status: New → Fix Released
Revision history for this message
Steve Beattie (sbeattie) wrote :

Accepting the lcms debdiffs for ubuntu-security.

Changed in lcms (Ubuntu Hardy):
assignee: nobody → Steve Beattie (sbeattie)
importance: Undecided → Low
status: New → In Progress
Changed in lcms (Ubuntu Karmic):
assignee: nobody → Steve Beattie (sbeattie)
importance: Undecided → Low
status: New → In Progress
Changed in lcms (Ubuntu Lucid):
assignee: nobody → Steve Beattie (sbeattie)
importance: Undecided → Low
status: New → In Progress
Changed in lcms (Ubuntu Maverick):
assignee: nobody → Steve Beattie (sbeattie)
importance: Undecided → Low
status: New → In Progress
Revision history for this message
Steve Beattie (sbeattie) wrote :

OpenJDK 6 packages were fixed in 6b16-1.6.1-0ubuntu1 and 6b18-1.8.2-4ubuntu1~8.04.1.

Changed in openjdk-6 (Ubuntu Hardy):
importance: Undecided → Low
status: New → Fix Released
Changed in openjdk-6 (Ubuntu Karmic):
status: New → Fix Released
Changed in openjdk-6 (Ubuntu Lucid):
status: New → Fix Released
Changed in openjdk-6 (Ubuntu Maverick):
importance: Undecided → Low
status: New → Fix Released
Changed in openjdk-6 (Ubuntu Natty):
importance: Undecided → Low
status: New → Fix Released
Steve Beattie (sbeattie)
Changed in openjdk-6b18 (Ubuntu Hardy):
status: New → Invalid
Changed in openjdk-6b18 (Ubuntu Karmic):
status: New → Invalid
Changed in openjdk-6b18 (Ubuntu Lucid):
importance: Undecided → Low
status: New → Fix Released
Changed in openjdk-6b18 (Ubuntu Maverick):
importance: Undecided → Low
status: New → Fix Released
Changed in openjdk-6b18 (Ubuntu Natty):
importance: Undecided → Low
status: New → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package lcms - 1.18.dfsg-1ubuntu2.10.10.1

---------------
lcms (1.18.dfsg-1ubuntu2.10.10.1) maverick-security; urgency=low

  * debian/patches/CVE-2009-0793.dpatch: SECURITY UPDATE: (LP: #700198)
    - Fix DoS via a crafted image that triggers execution of incorrect
      code for "transformations of monochrome profiles."
    - CVE-2009-0073
 -- Artur Rona <email address hidden> Sat, 08 Jan 2011 04:23:13 +0100

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package lcms - 1.18.dfsg-1ubuntu2.10.04.1

---------------
lcms (1.18.dfsg-1ubuntu2.10.04.1) lucid-security; urgency=low

  * debian/patches/CVE-2009-0793.dpatch: SECURITY UPDATE: (LP: #700198)
    - Fix DoS via a crafted image that triggers execution of incorrect
      code for "transformations of monochrome profiles."
    - CVE-2009-0073
 -- Artur Rona <email address hidden> Sat, 08 Jan 2011 04:39:19 +0100

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package lcms - 1.18.dfsg-1ubuntu1.1

---------------
lcms (1.18.dfsg-1ubuntu1.1) karmic-security; urgency=low

  * debian/patches/CVE-2009-0793.dpatch: SECURITY UPDATE: (LP: #700198)
    - Fix DoS via a crafted image that triggers execution of incorrect
      code for "transformations of monochrome profiles."
    - CVE-2009-0073
 -- Artur Rona <email address hidden> Sat, 08 Jan 2011 04:42:32 +0100

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package lcms - 1.16-7ubuntu1.3

---------------
lcms (1.16-7ubuntu1.3) hardy-security; urgency=low

  * debian/patches/CVE-2009-0793.dpatch: SECURITY UPDATE: (LP: #700198)
    - Fix DoS via a crafted image that triggers execution of incorrect
      code for "transformations of monochrome profiles."
    - CVE-2009-0073
 -- Artur Rona <email address hidden> Sat, 08 Jan 2011 04:50:57 +0100

Changed in lcms (Ubuntu Hardy):
status: In Progress → Fix Released
Changed in lcms (Ubuntu Karmic):
status: In Progress → Fix Released
Changed in lcms (Ubuntu Lucid):
status: In Progress → Fix Released
Changed in lcms (Ubuntu Maverick):
status: In Progress → Fix Released
Jamie Strandboge (jdstrand)
Changed in ia32-libs (Ubuntu Lucid):
status: New → Triaged
importance: Undecided → Low
Changed in ia32-libs (Ubuntu Maverick):
status: New → Triaged
importance: Undecided → Low
Changed in ia32-libs (Ubuntu Natty):
status: New → Triaged
importance: Undecided → Low
Changed in ia32-libs (Ubuntu Hardy):
status: New → Triaged
importance: Undecided → Low
Changed in ia32-libs (Ubuntu Karmic):
status: New → Triaged
importance: Undecided → Low
Revision history for this message
Artur Rona (ari-tczew) wrote :

There is nothing to sponsor. I'm unsubscribing ubuntu-security-sponsors.

Brian Murray (brian-murray)
tags: added: patch
Revision history for this message
Dave Walker (davewalker) wrote : Re: [Bug 700198] Re: CVE-2009-0793

On 14/01/11 17:38, Brian Murray wrote:
> ** Tags added: patch
>
 ahhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhh!

Revision history for this message
Kees Cook (kees) wrote :

Gimp is linked against the system lcms

Changed in gimp (Ubuntu Natty):
status: New → Invalid
Changed in gimp (Ubuntu Hardy):
status: New → Invalid
Changed in gimp (Ubuntu Karmic):
status: New → Invalid
Changed in gimp (Ubuntu Lucid):
status: New → Invalid
Changed in gimp (Ubuntu Maverick):
status: New → Invalid
Revision history for this message
Scott Ritchie (scottritchie) wrote :

Natty just got an ia32-libs refresh, which should cover it.

Changed in ia32-libs (Ubuntu Natty):
status: Triaged → Fix Released
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Hardy 2.2ubuntu11.3 should have the fix.

Changed in ia32-libs (Ubuntu Hardy):
status: Triaged → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ia32-libs - 20090808ubuntu9.1

---------------
ia32-libs (20090808ubuntu9.1) maverick-security; urgency=low

  * SECURITY UPDATE: Refresh packages to pull in security fixes,
    including:
    - lcms buffer overflow, CVE-2009-0793 (LP: #700198)
    - openssl: multiple issues, including CVE-2009-3555, CVE-2009-3245,
      and CVE-2010-2939
    - libpango1.0: multiple DoS, possible code execution issues:
      CVE-2010-0421, CVE-2011-0020, CVE-2011-0064
    - libfreetype: multiple DoS, possible code execution issues
    - nss: many issues
 -- Steve Beattie <email address hidden> Tue, 12 Apr 2011 12:17:45 -0700

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ia32-libs - 2.7ubuntu26.1

---------------
ia32-libs (2.7ubuntu26.1) lucid-security; urgency=low

  * SECURITY UPDATE: Refresh packages to pull in security fixes,
    including:
    - lcms buffer overflow, CVE-2009-0793 (LP: #700198)
    - openssl: multiple issues, including CVE-2009-3555, CVE-2009-3245,
      and CVE-2010-2939
    - libpango1.0: multiple DoS, possible code execution issues:
      CVE-2010-0421, CVE-2011-0020, CVE-2011-0064
    - nss: many issues
 -- Steve Beattie <email address hidden> Tue, 12 Apr 2011 11:26:47 -0700

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ia32-libs - 2.7ubuntu17.1

---------------
ia32-libs (2.7ubuntu17.1) karmic-security; urgency=low

  * SECURITY UPDATE: Refresh packages to pull in security fixes,
    including:
    - lcms: buffer overflow, CVE-2009-0793 (LP: #700198)
    - openssl: multiple issues, including CVE-2009-3555, CVE-2009-3245,
      and CVE-2010-2939
    - libpango1.0: multiple DoS, possible code execution issues:
      CVE-2010-0421, CVE-2011-0020, CVE-2011-0064
    - libfreetype: multiple DoS, possible code execution issues:
      CVE-2010-3311, CVE-2010-3814, CVE-2010-3855, CVE-2010-1797,
      CVE-2010-2541, CVE-2010-2805, CVE-2010-2806, CVE-2010-2807,
      CVE-2010-2808, CVE-2010-2498, CVE-2010-2499, CVE-2010-2500,
      CVE-2010-2519, CVE-2010-2520, CVE-2010-2527
    - nss: many issues
 -- Steve Beattie <email address hidden> Tue, 12 Apr 2011 02:08:26 -0700

Changed in ia32-libs (Ubuntu Karmic):
status: Triaged → Fix Released
Changed in ia32-libs (Ubuntu Lucid):
status: Triaged → Fix Released
Changed in ia32-libs (Ubuntu Maverick):
status: Triaged → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.