CentOS Update For Lcms CESA-2009:0011 Centos5 I386 Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

Little Color Management System (LittleCMS, or simply &quot lcms&quot ) is a small-footprint, speed-optimized open source color management engine. Multiple insufficient input validation flaws were discovered in LittleCMS. An attacker could use these flaws to create a specially-crafted image file which could cause an application using LittleCMS to crash, or, possibly, execute arbitrary code when opened. (CVE-2008-5316, CVE-2008-5317) Users of lcms should upgrade to these updated packages, which contain backported patches to correct these issues. All running applications using lcms library must be restarted for the update to take effect.

Affected

lcms on CentOS 5

References

http://lists.centos.org/pipermail/centos-announce/2009-January/015528.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-5316, CVE-2008-5317

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

CentOS Security Advisory CESA-2009:0398 (seamonkey)
CentOS Security Advisory CESA-2009:0479 (perl-DBD-Pg)
CentOS Security Advisory CESA-2009:0397 (firefox)
CentOS Security Advisory CESA-2009:0003 (xen)
CentOS Security Advisory CESA-2009:0338 (php)

CentOS Update for lcms CESA-2009:0011 centos5 i386

Take action and discover your vulnerabilities