Debian Security Advisory DSA 1684-1 (lcms)

The remote host is missing an update to lcms announced via advisory DSA 1684-1.

Two vulnerabilities have been found in lcms, a library and set of commandline utilities for image color management. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-5316 Inadequate enforcement of fixed-length buffer limits allows an attacker to overflow a buffer on the stack, potentially enabling the execution of arbitrary code when a maliciously-crafted image is opened. CVS-2008-5317 An integer sign error in reading image gamma data could allow an attacker to cause an under-sized buffer to be allocated for subsequent image data, with unknown consequences potentially including the execution of arbitrary code if a maliciously-crafted image is opened. For the stable distribution (etch), these problems have been fixed in version 1.14-1.1+etch1. For the upcoming stable distribution (lenny), and the unstable distribution (sid), these problems are fixed in version 1.17.dfsg-1. We recommend that you upgrade your lcms packages.

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201684-1