openSUSE Security Update : lcms2 (openSUSE-2017-179)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

				 This update for lcms2 to version 2.8 fixes the
following issues :

				 This security issue was fixed :

				 - Fixed an out-of-bounds heap read in
Type_MLU_Read that could be triggered by an untrusted image
with a crafted ICC profile (boo#1021364).

				 These non-security issues were fixed :

				 - Fixed many typos in comments, thanks to
Stefan Weil for doing that.

				 - Fixed localization bug, added a new test
case crayons.icc thnaks to Richard Hughes for providing the
profile.

				 - Fixed a bug in optimizer that made some
formats (i.e, bits planar) unavailable

				 - Fixed misalignment problems on Alpha. The
compiler does not align strings, and accessing begin of
string as a uint16 makes code to fail.

				 - Added some extra checks to the tools and
examples.

				 - Fix a bug that prevented to read
luminance tag

				 - BIG amount of functionality
contributed/Sponsored by Alien Skin Software:
TransformStride, copyAlpha, performance plug-ins. Fixes some
warnings as well.

				 - added an extra _ to _stdcall to make it
more portable

				 - Fixed a bug in transicc for named color
profiles

				 - Fixed several compiler warnings

				 - Added support for Visual Studio 2015

				 - Fixed for XCODE project

				 - Update to GNOME 3.20 			

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=1021364
https://features.opensuse.org/318572

Solution :

Update the affected lcms2 packages.

Risk factor :

Medium

Family: SuSE Local Security Checks

Nessus Plugin ID: 96917 ()

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now