=====================================================================
                                   CERT-Renater

                        Note d'Information No. 2008/VULN446
_____________________________________________________________________

DATE                      : 16/10/2008

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Ubuntu, Kubuntu, Edubuntu, Xubuntu running
                                             LittleCMS.

======================================================================
https://lists.ubuntu.com/archives/ubuntu-security-announce/2008-October/000760.html
______________________________________________________________________

===========================================================
Ubuntu Security Notice USN-652-1           October 14, 2008
lcms vulnerability
CVE-2007-2741
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  liblcms1                        1.13-1ubuntu0.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Chris Evans discovered that certain ICC operations in lcms were not
correctly bounds-checked.  If a user or automated system were tricked
into processing an image with malicious ICC tags, a remote attacker could
crash applications linked against liblcms1, leading to a denial of service,
or possibly execute arbitrary code with user privileges.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:


http://security.ubuntu.com/ubuntu/pool/main/l/lcms/lcms_1.13-1ubuntu0.1.diff.gz
      Size/MD5:    13103 4617c440a02960e1f962a88c1c21a9cc

http://security.ubuntu.com/ubuntu/pool/main/l/lcms/lcms_1.13-1ubuntu0.1.dsc
      Size/MD5:      685 507f6385801f19716737a5089d33116d
    http://security.ubuntu.com/ubuntu/pool/main/l/lcms/lcms_1.13.orig.tar.gz
      Size/MD5:   585735 e627f43bbbd238895502402d942a6cfd

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):


http://security.ubuntu.com/ubuntu/pool/main/l/lcms/liblcms1-dev_1.13-1ubuntu0.1_amd64.deb
      Size/MD5:   136682 f085666f76c9bf1a53942baa18b8e052

http://security.ubuntu.com/ubuntu/pool/main/l/lcms/liblcms1_1.13-1ubuntu0.1_amd64.deb
      Size/MD5:   129070 e50c4bfb5b0e32ec7f3da1ce9e1ee21f

http://security.ubuntu.com/ubuntu/pool/universe/l/lcms/liblcms-utils_1.13-1ubuntu0.1_amd64.deb
      Size/MD5:    40296 5c58c601e0d9802394cf25b33319b2c9

  i386 architecture (x86 compatible Intel/AMD):


http://security.ubuntu.com/ubuntu/pool/main/l/lcms/liblcms1-dev_1.13-1ubuntu0.1_i386.deb
      Size/MD5:   123518 fd6961be0da7aaf2e2dcb8257d3787da

http://security.ubuntu.com/ubuntu/pool/main/l/lcms/liblcms1_1.13-1ubuntu0.1_i386.deb
      Size/MD5:   118222 86dcc1004a11232740c2d6d6903f02a4

http://security.ubuntu.com/ubuntu/pool/universe/l/lcms/liblcms-utils_1.13-1ubuntu0.1_i386.deb
      Size/MD5:    37112 d4ffa7a920a4e4aba5f8d197d1ad14f0

  powerpc architecture (Apple Macintosh G3/G4/G5):


http://security.ubuntu.com/ubuntu/pool/main/l/lcms/liblcms1-dev_1.13-1ubuntu0.1_powerpc.deb
      Size/MD5:   130806 3da85714083d3d4f1252ae0b1b1fe6e3

http://security.ubuntu.com/ubuntu/pool/main/l/lcms/liblcms1_1.13-1ubuntu0.1_powerpc.deb
      Size/MD5:   131834 38aba2a645449be653dd11be439afcce

http://security.ubuntu.com/ubuntu/pool/universe/l/lcms/liblcms-utils_1.13-1ubuntu0.1_powerpc.deb
      Size/MD5:    44136 04799ca5393e6acc70592f648b6b846a

  sparc architecture (Sun SPARC/UltraSPARC):


http://security.ubuntu.com/ubuntu/pool/main/l/lcms/liblcms1-dev_1.13-1ubuntu0.1_sparc.deb
      Size/MD5:   133960 ab907a81dcb99819e9d125b76a34742c

http://security.ubuntu.com/ubuntu/pool/main/l/lcms/liblcms1_1.13-1ubuntu0.1_sparc.deb
      Size/MD5:   124964 42864911b8a3f680a7aae8d28701a6c1

http://security.ubuntu.com/ubuntu/pool/universe/l/lcms/liblcms-utils_1.13-1ubuntu0.1_sparc.deb
      Size/MD5:    38498 5d040f607c0ec6d411349b0d27b52e73


======================================================================

          =========================================================
          Les serveurs de référence du CERT-Renater
          http://www.urec.fr/securite
          http://www.cru.fr/securite
          http://www.renater.fr
          =========================================================
          + CERT-RENATER          | tel : 01-53-94-20-44          +
          + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
          + 75013 Paris           | email: certsvp@renater.fr     +
          =========================================================