Scientific Linux alert SLSA-2019:2052-1 (libjpeg-turbo)
| From: | Farhan Ahmed <fahmed@fnal.gov> | |
| To: | scientific-linux-errata@listserv.fnal.gov | |
| Subject: | Security ERRATA Moderate: libjpeg-turbo on SL7.x x86_64 | |
| Date: | Mon, 26 Aug 2019 18:57:56 -0000 | |
| Message-ID: | <20190826185756.532.23615@slpackages.fnal.gov> |
Synopsis: Moderate: libjpeg-turbo security update Advisory ID: SLSA-2019:2052-1 Issue Date: 2019-08-06 CVE Numbers: CVE-2016-3616 CVE-2018-11213 CVE-2018-11212 CVE-2018-11214 CVE-2018-14498 CVE-2018-11813 -- Security Fix(es): * libjpeg: null pointer dereference in cjpeg (CVE-2016-3616) * libjpeg-turbo: heap-based buffer over-read via crafted 8-bit BMP in get_8bit_row in rdbmp.c leads to denial of service (CVE-2018-14498) * libjpeg-turbo: Divide By Zero in alloc_sarray function in jmemmgr.c (CVE-2018-11212) * libjpeg: Segmentation fault in get_text_gray_row function in rdppm.c (CVE-2018-11213) * libjpeg: Segmentation fault in get_text_rgb_row function in rdppm.c (CVE-2018-11214) * libjpeg: "cjpeg" utility large loop because read_pixel in rdtarga.c mishandles EOF (CVE-2018-11813) -- SL7 x86_64 libjpeg-turbo-devel-1.2.90-8.el7.x86_64.rpm libjpeg-turbo-1.2.90-8.el7.i686.rpm libjpeg-turbo-devel-1.2.90-8.el7.i686.rpm libjpeg-turbo-1.2.90-8.el7.x86_64.rpm libjpeg-turbo-static-1.2.90-8.el7.x86_64.rpm turbojpeg-devel-1.2.90-8.el7.i686.rpm turbojpeg-1.2.90-8.el7.x86_64.rpm libjpeg-turbo-utils-1.2.90-8.el7.x86_64.rpm turbojpeg-devel-1.2.90-8.el7.x86_64.rpm turbojpeg-1.2.90-8.el7.i686.rpm libjpeg-turbo-static-1.2.90-8.el7.i686.rpm libjpeg-turbo-debuginfo-1.2.90-8.el7.i686.rpm libjpeg-turbo-debuginfo-1.2.90-8.el7.x86_64.rpm - Scientific Linux Development Team