[USN-3770-2] Little CMS vulnerabilities
Leonidas S. Barbosa
leo.barbosa at canonical.com
Thu Sep 20 12:38:23 UTC 2018
Ubuntu Security Notice USN-3770-2
September 20, 2018
lcms, lcms2 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 ESM
Several security issues were fixed in Little CMS.
- lcms: Little CMS color management library utilities
- lcms2: Little CMS color management library
USN-3770-1 fixed a vulnerability in Little CMS. This update provides
the corresponding update for Ubuntu 12.04 ESM.
Original advisory details:
Pedro Ribeiro discoreved that Little CMS incorrectly handled certain
files. An attacker could possibly use this issue to cause a denial of
Ibrahim El-Sayed discovered that Little CMS incorrectly handled
certain files. An attacker could possibly use this issue to cause a
denial of service. (CVE-2016-10165)
Quang Nguyen discovered that Little CMS incorrectly handled certain
files. An attacker could possibly use this issue to execute arbitrary
The problem can be corrected by updating your system to the following
Ubuntu 12.04 ESM:
After a standard system update you need to restart applications using
Little CMS to make all the necessary changes.
CVE-2013-4276, CVE-2016-10165, CVE-2018-16435
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 819 bytes
Desc: This is a digitally signed message part
More information about the ubuntu-security-announce