Red Hat Bugzilla – Bug 1367357
CVE-2016-10165 lcms2: Out-of-bounds read in Type_MLU_Read()
Last modified: 2018-08-01 13:40:10 EDT
An out-of-bounds read in cmstypes.c in Type_MLU_Read function was found, leading to heap memory leak triggered by crafted ICC profile. Upstream patch: https://github.com/mm2/Little-CMS/commit/5ca71a7bc18b6897ab21d815d15e218e204581e2 CVE request: http://seclists.org/oss-sec/2016/q3/288
Created mingw-lcms2 tracking bugs for this issue: Affects: fedora-all [bug 1367359]
Created lcms2 tracking bugs for this issue: Affects: fedora-all [bug 1367358] Affects: epel-5 [bug 1367360] Affects: epel-6 [bug 1367361]
lcms2-2.8-2.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report.
lcms2-2.8-2.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.
lcms2-2.8-2.el5 has been pushed to the Fedora EPEL 5 stable repository. If problems still persist, please make note of it in this bug report.
lcms2-2.8-2.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.
lcms2-2.8-2.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
Cant we close this bug ?
(In reply to Nicolas Chauvet (kwizart) from comment #8) > Cant we close this bug ? No, RHEL packages weren't handled yet.
CVE assignment: http://seclists.org/oss-sec/2017/q1/197
This issue was fixed for java-1.8.0-openjdk in Red Hat Enterprise Linux: https://rhn.redhat.com/errata/RHSA-2016-2079.html This issue was fixed for java-1.7.0-openjdk in Red Hat Enterprise Linux: https://rhn.redhat.com/errata/RHSA-2016-2658.html
(In reply to Adam Mariš from comment #0) > Upstream patch: > > https://github.com/mm2/Little-CMS/commit/5ca71a7bc18b6897ab21d815d15e218e204581e2 Further tweak of the fix: https://github.com/mm2/Little-CMS/commit/d41071eb8cfea7aa10a9262c12bd95d5d9d81c8f
OpenJDK-8 upstream commit: http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/27273bbb711a
This issue has been addressed in the following products: Oracle Java for Red Hat Enterprise Linux 6 Oracle Java for Red Hat Enterprise Linux 7 Via RHSA-2017:2999 https://access.redhat.com/errata/RHSA-2017:2999
This issue has been addressed in the following products: Oracle Java for Red Hat Enterprise Linux 7 Oracle Java for Red Hat Enterprise Linux 6 Via RHSA-2017:3046 https://access.redhat.com/errata/RHSA-2017:3046
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Supplementary Via RHSA-2017:3264 https://access.redhat.com/errata/RHSA-2017:3264
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Supplementary Via RHSA-2017:3267 https://access.redhat.com/errata/RHSA-2017:3267
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Supplementary Red Hat Enterprise Linux 7 Supplementary Via RHSA-2017:3268 https://access.redhat.com/errata/RHSA-2017:3268
This issue has been addressed in the following products: Red Hat Satellite 5.8 Red Hat Satellite 5.8 ELS Via RHSA-2017:3453 https://access.redhat.com/errata/RHSA-2017:3453