[SECURITY] [DSA 6262-1] lcms2 security update

To: debian-security-announce@lists.debian.org
Subject: [SECURITY] [DSA 6262-1] lcms2 security update
From: Moritz Muehlenhoff <jmm@debian.org>
Date: Sun, 10 May 2026 16:00:20 +0000
Message-id: <[🔎] agCrlE5UvMsA4YLE@seger.debian.org>
Reply-to: debian-security-announce-request@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-6262-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
May 10, 2026                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : lcms2
CVE ID         : CVE-2026-41254 CVE-2026-42798

Two integer overflows were discovered in the LittleCMS 2 colour
management library.

For the oldstable distribution (bookworm), this problem has been fixed
in version 2.14-2+deb12u1.

For the stable distribution (trixie), this problem has been fixed in
version 2.16-2+deb13u2.

We recommend that you upgrade your lcms2 packages.

For the detailed security status of lcms2 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/lcms2

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmoAqlwACgkQEMKTtsN8
TjYH7g/9F6L8wuajS+U8gPJgapr1T8Z6P9yZIqa4oFDiQsQrMRsA2ZyFFNq/FgrS
lVVTyGXGczHUukBWpbInPkGxBPnaw1ODJRQBI6YpS+xt9VXIGJpwkLa22rbsfiNr
EpASxxccLQCl1tJyp70KxNQszHILMKMu5HhqXNOSzkDA4IcwiBwqZQEBSeYDFZPT
IRjOwwZt3pu27Tuuh9aO3MwrFdt79++x/lfKYxQbfilqAMFfzzvlm3CP6uAp+wVu
uAHMJC4m3kAIy1Ierln/zU4PhyhuUgsa7qHEFwCbfOcwd4YmYffwVf0R0KoiLfsk
EBYolfhCa2zRv9lqN4P4lbFhY4cgL/bvNtnrkjITdtC741ddc9KghvqE6wrP+YVB
CRURkmkxIz+4SG/0uijQw26JXnBi3Wwetbu4yb6IE2FWRH1rx5pBl0XtbQ8MfnTU
p0s4LGn+OI/rOC6dNYWp/z/2IYU7D8cshUxhqVfwsF2UF0vAeDkJ5rNbZAJO5bKr
P4a7r3n+2Y26P8EqbsELMgFMElWUo8xlBvJityfDx4TDxE8jN7+ShtQ5k1iiZtey
NX6oKzqvRFpFBs8D3DY8RICjvOOUueQjc2F7UN1HJuQ4SFvHM04Zgw2z/DfXoREc
SlEbsYifBrCM/UM3ZE2Rk75f0B40f8HDxXYnXn7fHIaUiBF5NfQ=
=bqYK
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DSA 6261-1] corosync security update
Next by Date: [SECURITY] [DSA 6263-1] libpng1.6 security update
Previous by thread: [SECURITY] [DSA 6261-1] corosync security update
Next by thread: [SECURITY] [DSA 6263-1] libpng1.6 security update
Index(es):
- Date
- Thread