Ubuntu alert USN-8209-2 (lcms2)
| From: | noreply+usn-bot--- via ubuntu-security-announce <ubuntu-security-announce@lists.ubuntu.com> | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-8209-2] Little CMS vulnerability | |
| Date: | Mon, 01 Jun 2026 20:45:54 +0000 | |
| Message-ID: | <E1wU9WE-0002IH-II@lists.ubuntu.com> | |
| Cc: | noreply+usn-bot@canonical.com |
========================================================================== Ubuntu Security Notice USN-8209-2 June 01, 2026 lcms2 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: Little CMS could be made to crash or run programs if it opened a specially crafted ICC profile. Software Description: - lcms2: Little CMS color management library Details: USN-8209-1 fixed vulnerabilities in Little CMS. This update contains the fixes for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. Original advisory details: It was discovered that Little CMS incorrectly handled certain malformed ICC profiles. An attacker could use this issue to cause Little CMS to crash, resulting in a denial of service, or possibly execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS liblcms2-2 2.9-4ubuntu0.1~esm1 Available with Ubuntu Pro liblcms2-dev 2.9-4ubuntu0.1~esm1 Available with Ubuntu Pro liblcms2-utils 2.9-4ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 18.04 LTS liblcms2-2 2.9-1ubuntu0.1+esm1 Available with Ubuntu Pro liblcms2-dev 2.9-1ubuntu0.1+esm1 Available with Ubuntu Pro liblcms2-utils 2.9-1ubuntu0.1+esm1 Available with Ubuntu Pro Ubuntu 16.04 LTS liblcms2-2 2.6-3ubuntu2.1+esm1 Available with Ubuntu Pro liblcms2-dev 2.6-3ubuntu2.1+esm1 Available with Ubuntu Pro liblcms2-utils 2.6-3ubuntu2.1+esm1 Available with Ubuntu Pro Ubuntu 14.04 LTS liblcms2-2 2.5-0ubuntu4.2+esm1 Available with Ubuntu Pro liblcms2-dev 2.5-0ubuntu4.2+esm1 Available with Ubuntu Pro liblcms2-utils 2.5-0ubuntu4.2+esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8209-2 https://ubuntu.com/security/notices/USN-8209-1 CVE-2026-41254
Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEE+8neBLO2Hp/ppPlOcpJm3tlzhgEFAmod6m8ACgkQcpJm3tlz hgHNeA/+I28hqarYJxYexsmlPJY4+6BjQiLpaam+8BlDzfCboAh/bh+vnZkED/Vw BSPrRZEvJ/nq0Uw9vu/QTK4pk3VD0L8HV5PMU0lHn1sBUhVAkb5taclSaY33/Pw9 uoCb73CsQktD6m57b19UAko3+Ev/zweZzdfc3mo1Iqnv9Ls/6CqgTwpCTTB71a+f LEhAKLoh7/Td81wwXpqrEaltIuHaPKTI6aGfu7hLeUlaRNxw5Uu7nM7q3Yk6Jmn6 SScM7poAhXOzaem/JndXMlHKCPjeY5a7NnSYDPWHAdUnJqez6cVnv0Chx/g1OHLo Dl7KQs6fcQUapwwhvsVIgObYJa/rtyZpf1gapAD2kYHtYfBePxUFDpPt6Hx1kAho d/9yQMphTEvmIaAw+X+JG6uQbW1VTWrN2xvQ6w80U57Wqxz/lAwZ8Tu38ZcfCMNJ TVKvu7MN5FilOvXWU7HySHVzrqvXkFte1OeTy7LWEItb7BxP66xEXZCQDlGT96Z1 ITq6iasy38CCC0VSLKbg1wZ64bCJOi1/NHmDvk1bIYEwF0M5O6ikLlb2msWwsCn6 z/Rg5ZrYpx1HqcgTXFdCk5+oUurE6ZsfMbg8RCsrufVDqkxUy0eT3Xopjtm3dYhN GMynSMGwo7Mwh/FL0D5UB3vzdWwVu23GikcQQb65EU02e9dklsM= =Neg1 -----END PGP SIGNATURE-----