Ubuntu Security Notice USN-652-1
14th October, 2008
lcms vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 6.06 LTS
Software description
- lcms
Details
Chris Evans discovered that certain ICC operations in lcms were not
correctly bounds-checked. If a user or automated system were tricked
into processing an image with malicious ICC tags, a remote attacker could
crash applications linked against liblcms1, leading to a denial of service,
or possibly execute arbitrary code with user privileges.
Update instructions
The problem can be corrected by updating your system to the following package version:
- Ubuntu 6.06 LTS:
- liblcms1 1.13-1ubuntu0.1
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system upgrade is sufficient to effect the
necessary changes.