Security update for lcms2

SUSE Security Update: Security update for lcms2
Announcement ID: SUSE-SU-2013:1250-1
Rating: moderate
References: #826097
Affected Products:
  • SUSE Linux Enterprise Software Development Kit 11 SP3
  • SUSE Linux Enterprise Desktop 11 SP3

  • An update that contains security fixes can now be installed. It includes one version update.

    Description:


    lcms2 has been updated to the version 2.5 which is a
    maintenance release to fix various security and other bugs.

    * User defined parametric curves can now be saved in
    ICC profiles.
    * RGB profiles using same tone curves for several
    channels are storing now only one copy of the curve
    * update black point detection algorithm to reflect ICC
    changes
    * Added new cmsPlugInTHR() and fixed some race
    conditions
    * Added error descriptions on cmsSmoothToneCurve
    * Several improvements in cgats parser.
    * Fixed devicelink generation for 8 bits
    * Added a reference for Mac MLU tag
    * Added a way to read the profile creator from header
    * Added identity curves support for write V2 LUT
    * Added TIFF Lab16 handling on tifficc
    * Fixed a bug in parametric curves
    * Rendering intent used when creating the transform is
    now propagated to profile header in cmsTransform2Devicelink.
    * Transform2Devicelink now keeps white point when
    guessing deviceclass is enabled
    * Added some checks for non-happy path, mostly failing
    mallocs (bnc#826097).

    For further changes please see the ChangeLog in the RPM.

    Patch Instructions:

    To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product:

    • SUSE Linux Enterprise Software Development Kit 11 SP3:
      zypper in -t patch sdksp3-lcms2-8091
    • SUSE Linux Enterprise Desktop 11 SP3:
      zypper in -t patch sledsp3-lcms2-8091

    To bring your system up-to-date, use "zypper patch".

    Package List:

    • SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 x86_64) [New Version: 2.5]:
    • liblcms2-devel-2.5-0.7.1
    • SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 2.5]:
    • lcms2-2.5-0.7.1
    • liblcms2-2-2.5-0.7.1

    References:

    • https://bugzilla.novell.com/826097
    • http://download.suse.com/patch/finder/?keywords=3746092820e850d9766ee08526b7fa10