Mageia alert MGASA-2012-0203 (libjpeg) [LWN.net]


From:
    	       Mageia Updates <buildsystem-daemon@mageia.org> 
To:
    	       updates-announce@ml.mageia.org 
Subject:
    	       [updates-announce] MGASA-2012-0203: libjpeg6-6b-49.1.mga1,
 libjpeg-8b-5.1.mga1 (1/core), libjpeg-1.2.0-4.1.mga2 (2/core) 
Date:
    	       Mon, 6 Aug 2012 19:18:24 +0200
Message-ID:
    	       <20120806171824.GA14778@valstar.mageia.org>
Archive-link:
    	       Article, Thread
              
MGASA-2012-0203
Date: 	August 6th, 2012
Affected releases: 	1, 2


Description:
Updated libjpeg packages fix security vulnerability:

A Heap-based buffer overflow was found in the way libjpeg-turbo
decompressed certain corrupt JPEG images in which the component count
was erroneously set to a large value. An attacker could create a
specially-crafted JPEG image that, when opened, could cause an
application using libjpeg to crash or, possibly, execute arbitrary
code with the privileges of the user running the application
(CVE-2012-2806).


Updated Packages:
Mageia 1:
lib(64)jpeg62-6b-49.1.mga1
lib(64)jpeg62-devel-6b-49.1.mga1
lib(64)jpeg62-static-devel-6b-49.1.mga1
jpeg6-progs-6b-49.1.mga1
lib(64)jpeg8-8b-5.1.mga1
lib(64)jpeg-devel-8b-5.1.mga1
lib(64)jpeg-static-devel-8b-5.1.mga1
jpeg-progs-8b-5.1.mga1

Mageia 2:
lib(64)jpeg8-1.2.0-4.1.mga2
lib(64)jpeg62-1.2.0-4.1.mga2
lib(64)jpeg-devel-1.2.0-4.1.mga2
lib(64)jpeg-static-devel-1.2.0-4.1.mga2
jpeg-progs-1.2.0-4.1.mga2


References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2806
http://lists.opensuse.org/opensuse-updates/2012-08/msg000...
https://bugs.mageia.org/show_bug.cgi?id=6928
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-...
(Log in to post comments)