openSUSE Security Update : lcms2 (openSUSE-2017-179)
Medium Nessus Plugin ID 96917
SynopsisThe remote openSUSE host is missing a security update.
Description				 This update for lcms2 to version 2.8 fixes the following issues :
This security issue was fixed :
- Fixed an out-of-bounds heap read in Type_MLU_Read that could be triggered by an untrusted image with a crafted ICC profile (boo#1021364).
These non-security issues were fixed :
- Fixed many typos in comments, thanks to Stefan Weil for doing that.
- Fixed localization bug, added a new test case crayons.icc thnaks to Richard Hughes for providing the profile.
- Fixed a bug in optimizer that made some formats (i.e, bits planar) unavailable
- Fixed misalignment problems on Alpha. The compiler does not align strings, and accessing begin of string as a uint16 makes code to fail.
- Added some extra checks to the tools and examples.
- Fix a bug that prevented to read luminance tag
- BIG amount of functionality contributed/Sponsored by Alien Skin Software:
TransformStride, copyAlpha, performance plug-ins. Fixes some warnings as well.
- added an extra _ to _stdcall to make it more portable
- Fixed a bug in transicc for named color profiles
- Fixed several compiler warnings
- Added support for Visual Studio 2015
- Fixed for XCODE project
- Update to GNOME 3.20
SolutionUpdate the affected lcms2 packages.