Detections
Analytics
Oracle Linux 5 : lcms (ELSA-2009-0011)
critical Nessus Plugin ID 67787
Language:
Synopsis
The remote Oracle Linux host is missing one or more security updates.Description
From Red Hat Security Advisory 2009:0011 :Updated lcms packages that resolve several security issues are now available for Red Hat Enterprise Linux 5.
This update has been rated as having moderate security impact by the Red Hat Security Response Team.
Little Color Management System (LittleCMS, or simply 'lcms') is a small-footprint, speed-optimized open source color management engine.
Multiple insufficient input validation flaws were discovered in LittleCMS. An attacker could use these flaws to create a specially crafted image file which could cause an application using LittleCMS to crash, or, possibly, execute arbitrary code when opened.
(CVE-2008-5316, CVE-2008-5317)
Users of lcms should upgrade to these updated packages, which contain backported patches to correct these issues. All running applications using lcms library must be restarted for the update to take effect.
Solution
Update the affected lcms packages.See Also
https://oss.oracle.com/pipermail/el-errata/2009-January/000846.html
Plugin Details
Severity: Critical
ID: 67787
File Name: oraclelinux_ELSA-2009-0011.nasl
Version: 1.9
Type: local
Agent: unix
Published: 7/12/2013
Updated: 1/14/2021
Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: Critical
Base Score: 10
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: p-cpe:/a:oracle:linux:lcms, p-cpe:/a:oracle:linux:lcms-devel, p-cpe:/a:oracle:linux:python-lcms, cpe:/o:oracle:linux:5
Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/OracleLinux
Patch Publication Date: 1/8/2009
Vulnerability Publication Date: 12/3/2008
Reference Information
CVE: CVE-2008-5316, CVE-2008-5317