openSUSE Security Update : lcms2 (openSUSE-2017-179)

Medium Nessus Plugin ID 96917


The remote openSUSE host is missing a security update.


				 This update for lcms2 to version 2.8 fixes the following issues :

				 This security issue was fixed :

				 - Fixed an out-of-bounds heap read in Type_MLU_Read that could be triggered by an untrusted image with a crafted ICC profile (boo#1021364).

				 These non-security issues were fixed :

				 - Fixed many typos in comments, thanks to Stefan Weil for doing that.

				 - Fixed localization bug, added a new test case crayons.icc thnaks to Richard Hughes for providing the profile.

				 - Fixed a bug in optimizer that made some formats (i.e, bits planar) unavailable

				 - Fixed misalignment problems on Alpha. The compiler does not align strings, and accessing begin of string as a uint16 makes code to fail.

				 - Added some extra checks to the tools and examples.

				 - Fix a bug that prevented to read luminance tag

				 - BIG amount of functionality contributed/Sponsored by Alien Skin Software:
TransformStride, copyAlpha, performance plug-ins. Fixes some warnings as well.

				 - added an extra _ to _stdcall to make it more portable

				 - Fixed a bug in transicc for named color profiles

				 - Fixed several compiler warnings

				 - Added support for Visual Studio 2015

				 - Fixed for XCODE project

				 - Update to GNOME 3.20 			


Update the affected lcms2 packages.

See Also

Plugin Details

Severity: Medium

ID: 96917

File Name: openSUSE-2017-179.nasl

Version: $Revision: 3.1 $

Type: local

Agent: unix

Published: 2017/02/01

Modified: 2017/02/01

Dependencies: 12634

Risk Information

Risk Factor: Medium

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:lcms2, p-cpe:/a:novell:opensuse:lcms2-debuginfo, p-cpe:/a:novell:opensuse:lcms2-debugsource, p-cpe:/a:novell:opensuse:liblcms2-2, p-cpe:/a:novell:opensuse:liblcms2-2-32bit, p-cpe:/a:novell:opensuse:liblcms2-2-debuginfo, p-cpe:/a:novell:opensuse:liblcms2-2-debuginfo-32bit, p-cpe:/a:novell:opensuse:liblcms2-devel, p-cpe:/a:novell:opensuse:liblcms2-devel-32bit, cpe:/o:novell:opensuse:42.1

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Patch Publication Date: 2017/01/31