Description of problem:
Version of lcms as shipped in EPEL4 (lcms version 1.15) is affected by two security flaws:
CVE-2008-5316 lcms: insufficient input validation in ReadEmbeddedTextTag
CVE-2008-5317 lcms: unsigned -> signed integer cast issue in cmsAllocGamma
See parent bugs ("Blocks" BZ field) for further details and patches.
EPEL-4 has reached end of life and is no longer supported.
Please retest your bug against EPEL-5 or EPEL-6 and re-open if the bug persists in the packages available in those releases, or file a new bug.