View Full Version : USN-652-1: LittleCMS vulnerability

October 14th, 2008, 06:30 PM
Referenced CVEs:

================================================== ========= Ubuntu Security Notice USN-652-1 October 14, 2008 lcms vulnerability CVE-2007-2741 ================================================== ========= A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: liblcms1 1.13-1ubuntu0.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Chris Evans discovered that certain ICC operations in lcms were not correctly bounds-checked. If a user or automated system were tricked into processing an image with malicious ICC tags, a remote attacker could crash applications linked against liblcms1, leading to a denial of service, or possibly execute arbitrary code with user privileges.

More... (http://www.ubuntu.com/usn/usn-652-1)