Bug 1367357 (CVE-2016-10165) - CVE-2016-10165 lcms2: Out-of-bounds read in Type_MLU_Read()
Summary: CVE-2016-10165 lcms2: Out-of-bounds read in Type_MLU_Read()
Status: CLOSED ERRATA
Alias: CVE-2016-10165
Product: Security Response
Classification: Other
Component: vulnerability   
(Show other bugs)
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=moderate,public=20160815,repor...
Keywords: Security
Depends On: 1367358 1367359 1367360 1367361 1503325 1503326 1503327 1503328 1503329 1503330 1503331 1503332 1515469 1515470 1515471 1515472 1516384 1516385 1516386 1516387
Blocks: 1368025
TreeView+ depends on / blocked
 
Reported: 2016-08-16 09:25 UTC by Adam Mariš
Modified: 2018-08-01 17:40 UTC (History)
21 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2017-02-02 04:25:37 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2017:2999 normal SHIPPED_LIVE Critical: java-1.8.0-oracle security update 2017-12-14 20:18:50 UTC
Red Hat Product Errata RHSA-2017:3046 normal SHIPPED_LIVE Important: java-1.7.0-oracle security update 2017-12-14 20:24:06 UTC
Red Hat Product Errata RHSA-2017:3264 normal SHIPPED_LIVE Critical: java-1.8.0-ibm security update 2017-11-27 23:04:39 UTC
Red Hat Product Errata RHSA-2017:3267 normal SHIPPED_LIVE Critical: java-1.8.0-ibm security update 2017-11-29 01:40:15 UTC
Red Hat Product Errata RHSA-2017:3268 normal SHIPPED_LIVE Critical: java-1.7.1-ibm security update 2017-11-29 01:43:15 UTC
Red Hat Product Errata RHSA-2017:3453 normal SHIPPED_LIVE Important: java-1.8.0-ibm security update 2017-12-13 21:48:15 UTC

Description Adam Mariš 2016-08-16 09:25:28 UTC
An out-of-bounds read in cmstypes.c in Type_MLU_Read function was found, leading to heap memory leak triggered by crafted ICC profile.

Upstream patch:

https://github.com/mm2/Little-CMS/commit/5ca71a7bc18b6897ab21d815d15e218e204581e2

CVE request:

http://seclists.org/oss-sec/2016/q3/288

Comment 1 Adam Mariš 2016-08-16 09:26:27 UTC
Created mingw-lcms2 tracking bugs for this issue:

Affects: fedora-all [bug 1367359]

Comment 2 Adam Mariš 2016-08-16 09:26:37 UTC
Created lcms2 tracking bugs for this issue:

Affects: fedora-all [bug 1367358]
Affects: epel-5 [bug 1367360]
Affects: epel-6 [bug 1367361]

Comment 3 Fedora Update System 2016-08-27 10:24:14 UTC
lcms2-2.8-2.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report.

Comment 4 Fedora Update System 2016-08-27 15:18:17 UTC
lcms2-2.8-2.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.

Comment 5 Fedora Update System 2016-09-04 19:17:30 UTC
lcms2-2.8-2.el5 has been pushed to the Fedora EPEL 5 stable repository. If problems still persist, please make note of it in this bug report.

Comment 6 Fedora Update System 2016-09-04 20:48:00 UTC
lcms2-2.8-2.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.

Comment 7 Fedora Update System 2016-09-04 22:51:58 UTC
lcms2-2.8-2.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.

Comment 8 Nicolas Chauvet (kwizart) 2016-12-01 14:37:45 UTC
Cant we close this bug ?

Comment 9 Adam Mariš 2016-12-01 14:42:01 UTC
(In reply to Nicolas Chauvet (kwizart) from comment #8)
> Cant we close this bug ?

No, RHEL packages weren't handled yet.

Comment 13 Andrej Nemec 2017-01-26 09:12:31 UTC
CVE assignment:

http://seclists.org/oss-sec/2017/q1/197

Comment 14 Doran Moppert 2017-02-02 04:23:45 UTC
This issue was fixed for java-1.8.0-openjdk in Red Hat Enterprise Linux:

https://rhn.redhat.com/errata/RHSA-2016-2079.html

This issue was fixed for java-1.7.0-openjdk in Red Hat Enterprise Linux:

https://rhn.redhat.com/errata/RHSA-2016-2658.html

Comment 18 Tomas Hoger 2017-10-18 09:51:03 UTC
OpenJDK-8 upstream commit:

http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/27273bbb711a

Comment 19 errata-xmlrpc 2017-10-23 07:47:33 UTC
This issue has been addressed in the following products:

  Oracle Java for Red Hat Enterprise Linux 6
  Oracle Java for Red Hat Enterprise Linux 7

Via RHSA-2017:2999 https://access.redhat.com/errata/RHSA-2017:2999

Comment 20 errata-xmlrpc 2017-10-24 12:17:40 UTC
This issue has been addressed in the following products:

  Oracle Java for Red Hat Enterprise Linux 7
  Oracle Java for Red Hat Enterprise Linux 6

Via RHSA-2017:3046 https://access.redhat.com/errata/RHSA-2017:3046

Comment 23 errata-xmlrpc 2017-11-27 18:05:00 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7 Supplementary

Via RHSA-2017:3264 https://access.redhat.com/errata/RHSA-2017:3264

Comment 24 errata-xmlrpc 2017-11-28 20:40:43 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6 Supplementary

Via RHSA-2017:3267 https://access.redhat.com/errata/RHSA-2017:3267

Comment 25 errata-xmlrpc 2017-11-28 20:43:35 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6 Supplementary
  Red Hat Enterprise Linux 7 Supplementary

Via RHSA-2017:3268 https://access.redhat.com/errata/RHSA-2017:3268

Comment 26 errata-xmlrpc 2017-12-13 16:49:11 UTC
This issue has been addressed in the following products:

  Red Hat Satellite 5.8
  Red Hat Satellite 5.8 ELS

Via RHSA-2017:3453 https://access.redhat.com/errata/RHSA-2017:3453


Note You need to log in before you can comment on or make changes to this bug.