=========================================================== Ubuntu Security Notice USN-693-1 December 17, 2008 LittleCMS vulnerability CVE-2008-5317 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 7.10 Ubuntu 8.04 LTS Ubuntu 8.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 7.10: liblcms1 1.16-5ubuntu3.1 Ubuntu 8.04 LTS: liblcms1 1.16-7ubuntu1.1 Ubuntu 8.10: liblcms1 1.16-10ubuntu0.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that certain gamma operations in lcms were not correctly bounds-checked. If a user or automated system were tricked into processing a malicious image, a remote attacker could crash applications linked against liblcms1, leading to a denial of service, or possibly execute arbitrary code with user privileges.