Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2018.2655 lcms2 security update 7 September 2018 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: lcms2 Publisher: Debian Operating System: Debian GNU/Linux 8 Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Denial of Service -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2018-16435 Reference: ESB-2018.2614 Original Bulletin: https://lists.debian.org/debian-lts-announce/2018/09/msg00005.html - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : lcms2 Version : 2.6-3+deb8u2 CVE ID : CVE-2018-16435 Debian Bug : #907983 It was discovered that there was an integer overflow vulnerability in the "Little CMS 2" colour management library. A specially-crafted input file could lead to a heap-based buffer overflow. For Debian 8 "Jessie", this issue has been fixed in lcms2 version 2.6-3+deb8u2. We recommend that you upgrade your lcms2 packages. Regards, - - -- ,''`. : :' : Chris Lamb `. `'` lamby@debian.org / chris-lamb.co.uk `- - -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAluQ8U8ACgkQHpU+J9Qx HliqFQ/+M6I99aqzaHZICb+LmfmMWz39zrdLz8hge9hbctIHYjkp39myOnA3Py7z hZfoxQMrod4yRgvOhKOcYblByBHCltE5HNcW0RAcbEClZUrNQMtPcaH2Ek7QpxPy 8MA4nUjk6cBKQGMFUYtDvqueyp4a1CldHxsSprLFSVDq01cuXRxYKm+Bj+FUQ70o GUZVj4pnDycofJdwheUkMluXFOnTBp7xlabJovn3wOia+hCjoX3pq8JJJCEqsKiy m7IO7KNzlBr6VUz2nTfq8sxWFxL6Ta7h2e/NiIbFJiXRInueoBXFix1lY47tNpII 2yDOCPqR3WQ8xyT/M4eXCzYsDzL7ptjzT8Y7onDiswg8xtvh0jNI4q0BYtaEqa2o /9vgOLIQVP9aEkDbch9aoW8eeFyDX/ONDCWXKIv2JGeMH003UZf6aGjMT234NHK7 3+ybyISq81OJycT87aYoGULsYGK2g2mdVOUCrZgiEkJr6wlrK5Ztkinkn2Inuur4 2naAfoj7Uk8jPuZUkq+g/sFpBqtVEheSPLXXoow5oLUMxtYuzGL59QKTzhgS7ny6 441PeHrw1Cp8Erh+tQvUcyxfsyJqIRslHFekQgRh2jWxviJLjexwWvaoNzn1H/dm L/6Aa0ibtwVDNtyB0CrBqIeAvL23525HI28ELkHgNY67kGdt3xg= =qO9g - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBW5HCxGaOgq3Tt24GAQiGwA/+JK0VcXbEE3U8Jsm/A+Xd/o6QUJn4nBBJ dP6jMM66ssz1799tzgp1S0k0HKiFWfQguz8/K8OJP+P6zDwbt94GJIGWzBKWogVR k5i4fs24Pj63ow5OlrApi+L4/XsD7yzde+8WYLJs0M41EySwMMOsts+IGvr/Zp6u 4fPMaU9xCUYEq8yDifInnMI1/7doMUCSCNQUkZlBvjHaoLH3AR6nbRw7K0E7/bYl CtI6RCUAenUpD9aWbRWYuIu9Jgq1QvnMNqy/c9KV1lk+DJbbDplNMwf44cgBDwGV p6UMVMq54M7Xo7E7KxE+v3grYD5saeDU1jb/lglWWXOeLWPUq2Kv4eA88DJTe6yh GTZOxs5jNSKcCSlv0UbhSA1vxF/wHnP6I+9KCIpIEMITsoX+zcglbZt2C2x/lE5J cK3Ftq1mV+lQ6IZ3sNdzqmv1qandTK3C/cmEYRU3IbYyDGXxeegrwTUa7ZkmZ/a6 uV1nK6Jb0WF/iv5hyKt2fQsVyMav2qBXY394b4FprmiThBuoFMDBPL1Z0nDmfqpc 88+5+Nnyx+jA4u6llfsPOfgHu4wL3kjgm5CAWl2R9IwBOHBsejICI90xREaCtzMi FoQBZaFZ/q3hDX8ecZT3/4JMiPmgMTTa7QHVVL/YoIlTQk+N5+vOrzgpH/dqi3tf Bb2i0i+/g/o= =ZH79 -----END PGP SIGNATURE-----