Mageia alert MGASA-2012-0203 (libjpeg)

From:
    	       Mageia Updates <buildsystem-daemon@mageia.org> 
To:
    	       updates-announce@ml.mageia.org 
Subject:
    	       [updates-announce] MGASA-2012-0203: libjpeg6-6b-49.1.mga1,
 libjpeg-8b-5.1.mga1 (1/core), libjpeg-1.2.0-4.1.mga2 (2/core) 
Date:
    	       Mon, 6 Aug 2012 19:18:24 +0200
Message-ID:
    	       <20120806171824.GA14778@valstar.mageia.org>

MGASA-2012-0203
Date: 	August 6th, 2012
Affected releases: 	1, 2

Description:
Updated libjpeg packages fix security vulnerability:

A Heap-based buffer overflow was found in the way libjpeg-turbo
decompressed certain corrupt JPEG images in which the component count
was erroneously set to a large value. An attacker could create a
specially-crafted JPEG image that, when opened, could cause an
application using libjpeg to crash or, possibly, execute arbitrary
code with the privileges of the user running the application
(CVE-2012-2806).

Updated Packages:
Mageia 1:
lib(64)jpeg62-6b-49.1.mga1
lib(64)jpeg62-devel-6b-49.1.mga1
lib(64)jpeg62-static-devel-6b-49.1.mga1
jpeg6-progs-6b-49.1.mga1
lib(64)jpeg8-8b-5.1.mga1
lib(64)jpeg-devel-8b-5.1.mga1
lib(64)jpeg-static-devel-8b-5.1.mga1
jpeg-progs-8b-5.1.mga1

Mageia 2:
lib(64)jpeg8-1.2.0-4.1.mga2
lib(64)jpeg62-1.2.0-4.1.mga2
lib(64)jpeg-devel-1.2.0-4.1.mga2
lib(64)jpeg-static-devel-1.2.0-4.1.mga2
jpeg-progs-1.2.0-4.1.mga2

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2806
http://lists.opensuse.org/opensuse-updates/2012-08/msg000...
https://bugs.mageia.org/show_bug.cgi?id=6928
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-...

From:		Mageia Updates <buildsystem-daemon@mageia.org>
To:		updates-announce@ml.mageia.org
Subject:		[updates-announce] MGASA-2012-0203: libjpeg6-6b-49.1.mga1, libjpeg-8b-5.1.mga1 (1/core), libjpeg-1.2.0-4.1.mga2 (2/core)
Date:		Mon, 6 Aug 2012 19:18:24 +0200
Message-ID:		<20120806171824.GA14778@valstar.mageia.org>