Test ID:	1.3.6.1.4.1.25623.1.0.61789
Category:	Ubuntu Local Security Checks
Title:	Ubuntu USN-652-1 (lcms)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to lcms announced via advisory USN-652-1. A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. Details follow: Chris Evans discovered that certain ICC operations in lcms were not correctly bounds-checked. If a user or automated system were tricked into processing an image with malicious ICC tags, a remote attacker could crash applications linked against liblcms1, leading to a denial of service, or possibly execute arbitrary code with user privileges. Solution: The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: liblcms1 1.13-1ubuntu0.1 In general, a standard system upgrade is sufficient to effect the necessary changes. http://www.securityspace.com/smysecure/catid.html?in=USN-652-1 Risk factor : Critical CVSS Score: 9.3
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2007-2741 BugTraq ID: 24001 http://www.securityfocus.com/bid/24001 http://www.mandriva.com/security/advisories?name=MDKSA-2007:238 http://scary.beasts.org/security/CESA-2007-001.html http://osvdb.org/36179 http://secunia.com/advisories/25294 http://secunia.com/advisories/27756 http://secunia.com/advisories/32282 SuSE Security Announcement: SUSE-SR:2007:024 (Google Search) http://www.novell.com/linux/security/advisories/2007_24_sr.html http://www.ubuntu.com/usn/usn-652-1 http://www.vupen.com/english/advisories/2007/1837 XForce ISS Database: littlecms-iccprofile-bo(34331) https://exchange.xforce.ibmcloud.com/vulnerabilities/34331
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.