Groups | Search | Server Info | Login | Register

Groups > linux.debian.announce.security > #4829

[SECURITY] [DSA 6262-1] lcms2 security update

From Moritz Muehlenhoff <jmm@debian.org>
Newsgroups linux.debian.announce.security
Subject [SECURITY] [DSA 6262-1] lcms2 security update
Date 2026-05-10 18:10 +0200
Message-ID <MTeT8-48sj-7@gated-at.bofh.it> (permalink)
Organization linux.* mail to news gateway

Show all headers | View raw

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-6262-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
May 10, 2026                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : lcms2
CVE ID         : CVE-2026-41254 CVE-2026-42798

Two integer overflows were discovered in the LittleCMS 2 colour
management library.

For the oldstable distribution (bookworm), this problem has been fixed
in version 2.14-2+deb12u1.

For the stable distribution (trixie), this problem has been fixed in
version 2.16-2+deb13u2.

We recommend that you upgrade your lcms2 packages.

For the detailed security status of lcms2 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/lcms2

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmoAqlwACgkQEMKTtsN8
TjYH7g/9F6L8wuajS+U8gPJgapr1T8Z6P9yZIqa4oFDiQsQrMRsA2ZyFFNq/FgrS
lVVTyGXGczHUukBWpbInPkGxBPnaw1ODJRQBI6YpS+xt9VXIGJpwkLa22rbsfiNr
EpASxxccLQCl1tJyp70KxNQszHILMKMu5HhqXNOSzkDA4IcwiBwqZQEBSeYDFZPT
IRjOwwZt3pu27Tuuh9aO3MwrFdt79++x/lfKYxQbfilqAMFfzzvlm3CP6uAp+wVu
uAHMJC4m3kAIy1Ierln/zU4PhyhuUgsa7qHEFwCbfOcwd4YmYffwVf0R0KoiLfsk
EBYolfhCa2zRv9lqN4P4lbFhY4cgL/bvNtnrkjITdtC741ddc9KghvqE6wrP+YVB
CRURkmkxIz+4SG/0uijQw26JXnBi3Wwetbu4yb6IE2FWRH1rx5pBl0XtbQ8MfnTU
p0s4LGn+OI/rOC6dNYWp/z/2IYU7D8cshUxhqVfwsF2UF0vAeDkJ5rNbZAJO5bKr
P4a7r3n+2Y26P8EqbsELMgFMElWUo8xlBvJityfDx4TDxE8jN7+ShtQ5k1iiZtey
NX6oKzqvRFpFBs8D3DY8RICjvOOUueQjc2F7UN1HJuQ4SFvHM04Zgw2z/DfXoREc
SlEbsYifBrCM/UM3ZE2Rk75f0B40f8HDxXYnXn7fHIaUiBF5NfQ=
=bqYK
-----END PGP SIGNATURE-----

Back to linux.debian.announce.security | Previous | Next | Find similar

Thread

[SECURITY] [DSA 6262-1] lcms2 security update Moritz Muehlenhoff <jmm@debian.org> - 2026-05-10 18:10 +0200

csiph-web