|Category:||Ubuntu Local Security Checks|
|Title:||Ubuntu USN-652-1 (lcms)|
|Summary:||Ubuntu USN-652-1 (lcms)|
The remote host is missing an update to lcms
announced via advisory USN-652-1.
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
Chris Evans discovered that certain ICC operations in lcms were not
correctly bounds-checked. If a user or automated system were tricked
into processing an image with malicious ICC tags, a remote attacker could
crash applications linked against liblcms1, leading to a denial of service,
or possibly execute arbitrary code with user privileges.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
In general, a standard system upgrade is sufficient to effect the
Risk factor : Critical
Common Vulnerability Exposure (CVE) ID: CVE-2007-2741|
SuSE Security Announcement: SUSE-SR:2007:024 (Google Search)
BugTraq ID: 24001
XForce ISS Database: littlecms-iccprofile-bo(34331)
|Copyright||Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com|
|This is only one of 40246 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.