Bug 479384 - lcms: multiple security flaws [EPEL-4]
lcms: multiple security flaws [EPEL-4]
Product: Fedora EPEL
Classification: Fedora
Component: lcms (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Andreas Bierfert
Fedora Extras Quality Assurance
Depends On:
Blocks: CVE-2008-5316 CVE-2008-5317
  Show dependency treegraph
Reported: 2009-01-09 03:47 EST by Tomas Hoger
Modified: 2012-03-01 15:02 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2012-03-01 15:02:17 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Tomas Hoger 2009-01-09 03:47:05 EST
Description of problem:
Version of lcms as shipped in EPEL4 (lcms version 1.15) is affected by two security flaws:

CVE-2008-5316 lcms: insufficient input validation in ReadEmbeddedTextTag
CVE-2008-5317 lcms: unsigned -> signed integer cast issue in cmsAllocGamma

Additional info:
See parent bugs ("Blocks" BZ field) for further details and patches.
Comment 1 Kevin Fenzi 2012-03-01 15:02:17 EST
EPEL-4 has reached end of life and is no longer supported. 

Please retest your bug against EPEL-5 or EPEL-6 and re-open if the bug persists in the packages available in those releases, or file a new bug. 

See: http://lists.fedoraproject.org/pipermail/epel-announce/2012-February/000015.html

Note You need to log in before you can comment on or make changes to this bug.