Chris Evans discovered an integer overflow flaw in LittleCms. This flaw could potentially lead to arbitrary code execution in applications that use the system LittleCms library, or embed the source into their application. Acknowledgements: Red Hat would like to thank Chris Evans from the Google Security Team for reporting these issues.
Lifting embargo
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2009:0339 https://rhn.redhat.com/errata/RHSA-2009-0339.html
lcms-1.18-0.1.beta2.fc10 has been submitted as an update for Fedora 10. http://admin.fedoraproject.org/updates/lcms-1.18-0.1.beta2.fc10
lcms-1.18-0.1.beta2.fc9 has been submitted as an update for Fedora 9. http://admin.fedoraproject.org/updates/lcms-1.18-0.1.beta2.fc9
Chris Evans' and oCERT advisories: http://scary.beasts.org/security/CESA-2009-003.html http://www.ocert.org/advisories/ocert-2009-003.html
lcms-1.18-1.fc10 has been submitted as an update for Fedora 10. http://admin.fedoraproject.org/updates/lcms-1.18-1.fc10
lcms-1.18-1.fc9 has been submitted as an update for Fedora 9. http://admin.fedoraproject.org/updates/lcms-1.18-1.fc9
lcms-1.18-1.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.
lcms-1.18-0.1.beta2.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
lcms-1.18-1.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
lcms-1.18-0.1.beta2.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.
java-1.6.0-openjdk-1.6.0.0-11.b14.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.
java-1.6.0-openjdk-1.6.0.0-0.21.b09.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
Common Vulnerabilities and Exposures assigned an identifier CVE-2009-0723 to this vulnerability: Multiple integer overflows in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0723 http://scary.beasts.org/security/CESA-2009-003.html http://scarybeastsecurity.blogspot.com/2009/03/littlecms-vulnerabilities.html http://www.securityfocus.com/bid/34185 http://xforce.iss.net/xforce/xfdb/49326
java-1.6.0-openjdk-1.6.0.0-0.23.b09.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2009:0377 https://rhn.redhat.com/errata/RHSA-2009-0377.html