What is the severity of RHSA-2009:0339?

The severity of RHSA-2009:0339 is considered important due to potential exploitation leading to security vulnerabilities.

How do I fix RHSA-2009:0339?

To fix RHSA-2009:0339, you should upgrade to the specified version 1.18-0.1.beta1.el5_3.2 of the affected packages.

What software is affected by RHSA-2009:0339?

RHSA-2009:0339 affects packages including lcms, lcms-devel, and python-lcms on applicable Red Hat systems.

What vulnerabilities are addressed in RHSA-2009:0339?

RHSA-2009:0339 addresses multiple integer overflow flaws and insufficient input validation issues in LittleCMS.

Is there a risk of exploitation with RHSA-2009:0339?

Yes, there is a risk of remote code execution and denial of service if the vulnerabilities in RHSA-2009:0339 are exploited.

Vulnerability/
RHSA-2009:0339

CWE

20 190

19/3/2009

RHSA-2009:0339: Moderate: lcms security update

First published: Thu Mar 19 2009(Updated: )

Little Color Management System (LittleCMS, or simply "lcms") is a small-footprint, speed-optimized open source color management engine. Multiple integer overflow flaws which could lead to heap-based buffer overflows, as well as multiple insufficient input validation flaws, were found in LittleCMS. An attacker could use these flaws to create a specially-crafted image file which could cause an application using LittleCMS to crash, or, possibly, execute arbitrary code when opened by a victim. (CVE-2009-0723, CVE-2009-0733) A memory leak flaw was found in LittleCMS. An application using LittleCMS could use excessive amount of memory, and possibly crash after using all available memory, if used to open specially-crafted images. (CVE-2009-0581) Red Hat would like to thank Chris Evans from the Google Security Team for reporting these issues. All users of LittleCMS should install these updated packages, which upgrade LittleCMS to version 1.18. All running applications using the lcms library must be restarted for the update to take effect.

Affected Software	Affected Version	How to fix
redhat/lcms	<1.18-0.1.beta1.el5_3.2	1.18-0.1.beta1.el5_3.2
redhat/lcms	<1.18-0.1.beta1.el5_3.2	1.18-0.1.beta1.el5_3.2
redhat/lcms-devel	<1.18-0.1.beta1.el5_3.2	1.18-0.1.beta1.el5_3.2
redhat/lcms-devel	<1.18-0.1.beta1.el5_3.2	1.18-0.1.beta1.el5_3.2
redhat/python-lcms	<1.18-0.1.beta1.el5_3.2	1.18-0.1.beta1.el5_3.2
redhat/python-lcms	<1.18-0.1.beta1.el5_3.2	1.18-0.1.beta1.el5_3.2

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of RHSA-2009:0339?
The severity of RHSA-2009:0339 is considered important due to potential exploitation leading to security vulnerabilities.
How do I fix RHSA-2009:0339?
To fix RHSA-2009:0339, you should upgrade to the specified version 1.18-0.1.beta1.el5_3.2 of the affected packages.
What software is affected by RHSA-2009:0339?
RHSA-2009:0339 affects packages including lcms, lcms-devel, and python-lcms on applicable Red Hat systems.
What vulnerabilities are addressed in RHSA-2009:0339?
RHSA-2009:0339 addresses multiple integer overflow flaws and insufficient input validation issues in LittleCMS.
Is there a risk of exploitation with RHSA-2009:0339?
Yes, there is a risk of remote code execution and denial of service if the vulnerabilities in RHSA-2009:0339 are exploited.

agent/severity
agent/weakness
agent/type
agent/last-modified-date
agent/softwarecombine
agent/first-publish-date
collector/redhat-errata
source/Red Hat
anchor-id/RHSA-2009:0339
agent/software-canonical-lookup
agent/title
agent/remedy
agent/references
agent/description
agent/event
agent/trending
agent/tags
agent/source
package-manager/redhat