Bug 1367357 (CVE-2016-10165) - CVE-2016-10165 lcms2: Out-of-bounds read in Type_MLU_Read()
Summary: CVE-2016-10165 lcms2: Out-of-bounds read in Type_MLU_Read()
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2016-10165
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1367358 1367359 1367360 1367361 1503325 1503326 1503327 1503328 1503329 1503330 1503331 1503332 1515469 1515470 1515471 1515472 1516384 1516385 1516386 1516387
Blocks: 1368025
TreeView+ depends on / blocked
 
Reported: 2016-08-16 09:25 UTC by Adam Mariš
Modified: 2021-02-25 15:27 UTC (History)
21 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-02-02 04:25:37 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2017:2999 0 normal SHIPPED_LIVE Critical: java-1.8.0-oracle security update 2017-12-14 20:18:50 UTC
Red Hat Product Errata RHSA-2017:3046 0 normal SHIPPED_LIVE Important: java-1.7.0-oracle security update 2017-12-14 20:24:06 UTC
Red Hat Product Errata RHSA-2017:3264 0 normal SHIPPED_LIVE Critical: java-1.8.0-ibm security update 2017-11-27 23:04:39 UTC
Red Hat Product Errata RHSA-2017:3267 0 normal SHIPPED_LIVE Critical: java-1.8.0-ibm security update 2017-11-29 01:40:15 UTC
Red Hat Product Errata RHSA-2017:3268 0 normal SHIPPED_LIVE Critical: java-1.7.1-ibm security update 2017-11-29 01:43:15 UTC
Red Hat Product Errata RHSA-2017:3453 0 normal SHIPPED_LIVE Important: java-1.8.0-ibm security update 2017-12-13 21:48:15 UTC

Description Adam Mariš 2016-08-16 09:25:28 UTC 
An out-of-bounds read in cmstypes.c in Type_MLU_Read function was found, leading to heap memory leak triggered by crafted ICC profile.

Upstream patch:

https://github.com/mm2/Little-CMS/commit/5ca71a7bc18b6897ab21d815d15e218e204581e2

CVE request:

http://seclists.org/oss-sec/2016/q3/288
Comment 1 Adam Mariš 2016-08-16 09:26:27 UTC 
Created mingw-lcms2 tracking bugs for this issue:

Affects: fedora-all [bug 1367359]
Comment 2 Adam Mariš 2016-08-16 09:26:37 UTC 
Created lcms2 tracking bugs for this issue:

Affects: fedora-all [bug 1367358]
Affects: epel-5 [bug 1367360]
Affects: epel-6 [bug 1367361]
Comment 3 Fedora Update System 2016-08-27 10:24:14 UTC 
lcms2-2.8-2.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report.
Comment 4 Fedora Update System 2016-08-27 15:18:17 UTC 
lcms2-2.8-2.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.
Comment 5 Fedora Update System 2016-09-04 19:17:30 UTC 
lcms2-2.8-2.el5 has been pushed to the Fedora EPEL 5 stable repository. If problems still persist, please make note of it in this bug report.
Comment 6 Fedora Update System 2016-09-04 20:48:00 UTC 
lcms2-2.8-2.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.
Comment 7 Fedora Update System 2016-09-04 22:51:58 UTC 
lcms2-2.8-2.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
Comment 8 Nicolas Chauvet (kwizart) 2016-12-01 14:37:45 UTC 
Cant we close this bug ?
Comment 9 Adam Mariš 2016-12-01 14:42:01 UTC 
(In reply to Nicolas Chauvet (kwizart) from comment #8)
> Cant we close this bug ?

No, RHEL packages weren't handled yet.
Comment 13 Andrej Nemec 2017-01-26 09:12:31 UTC 
CVE assignment:

http://seclists.org/oss-sec/2017/q1/197
Comment 14 Doran Moppert 2017-02-02 04:23:45 UTC 
This issue was fixed for java-1.8.0-openjdk in Red Hat Enterprise Linux:

https://rhn.redhat.com/errata/RHSA-2016-2079.html

This issue was fixed for java-1.7.0-openjdk in Red Hat Enterprise Linux:

https://rhn.redhat.com/errata/RHSA-2016-2658.html
Comment 15 Tomas Hoger 2017-10-12 20:36:45 UTC 
(In reply to Adam Mariš from comment #0)
> Upstream patch:
> 
> https://github.com/mm2/Little-CMS/commit/5ca71a7bc18b6897ab21d815d15e218e204581e2

Further tweak of the fix:

https://github.com/mm2/Little-CMS/commit/d41071eb8cfea7aa10a9262c12bd95d5d9d81c8f
Comment 18 Tomas Hoger 2017-10-18 09:51:03 UTC 
OpenJDK-8 upstream commit:

http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/27273bbb711a
Comment 19 errata-xmlrpc 2017-10-23 07:47:33 UTC 
This issue has been addressed in the following products:

  Oracle Java for Red Hat Enterprise Linux 6
  Oracle Java for Red Hat Enterprise Linux 7

Via RHSA-2017:2999 https://access.redhat.com/errata/RHSA-2017:2999
Comment 20 errata-xmlrpc 2017-10-24 12:17:40 UTC 
This issue has been addressed in the following products:

  Oracle Java for Red Hat Enterprise Linux 7
  Oracle Java for Red Hat Enterprise Linux 6

Via RHSA-2017:3046 https://access.redhat.com/errata/RHSA-2017:3046
Comment 23 errata-xmlrpc 2017-11-27 18:05:00 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7 Supplementary

Via RHSA-2017:3264 https://access.redhat.com/errata/RHSA-2017:3264
Comment 24 errata-xmlrpc 2017-11-28 20:40:43 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6 Supplementary

Via RHSA-2017:3267 https://access.redhat.com/errata/RHSA-2017:3267
Comment 25 errata-xmlrpc 2017-11-28 20:43:35 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6 Supplementary
  Red Hat Enterprise Linux 7 Supplementary

Via RHSA-2017:3268 https://access.redhat.com/errata/RHSA-2017:3268
Comment 26 errata-xmlrpc 2017-12-13 16:49:11 UTC 
This issue has been addressed in the following products:

  Red Hat Satellite 5.8
  Red Hat Satellite 5.8 ELS

Via RHSA-2017:3453 https://access.redhat.com/errata/RHSA-2017:3453
Note You need to log in before you can comment on or make changes to this bug.