Paketname
libjpeg-turbo
Datum
2012-08-01
Advisory ID
MDVSA-2012:121
Betroffene Versionen
2011 i586 , 2011 x86_64

Problembeschreibung

A vulnerability has been discovered and corrected in libjpeg-turbo:

A Heap-based buffer overflow was found in the way libjpeg-turbo
decompressed certain corrupt JPEG images in which the component
count was erroneously set to a large value. An attacker could create
a specially-crafted JPEG image that, when opened, could cause an
application using libpng to crash or, possibly, execute arbitrary
code with the privileges of the user running the application
(CVE-2012-2806).

The updated packages have been patched to correct this issue.

Aktualisierte Pakete

2011 i586

 22126edfc4b866b219f44ba286d7bec7  2011/i586/jpeg-progs-1.1.1-1.1-mdv2011.0.i586.rpm
 983947719c5d2d72affaa12d7a212673  2011/i586/libjpeg62-1.1.1-1.1-mdv2011.0.i586.rpm
 855f23b907f2f2a20ec582668802af3b  2011/i586/libjpeg8-1.1.1-1.1-mdv2011.0.i586.rpm
 3713a686dd32c348b04f489b687671e0  2011/i586/libjpeg-devel-1.1.1-1.1-mdv2011.0.i586.rpm
 af33ccf8296bd218d364b5557c1284a9  2011/i586/libjpeg-static-devel-1.1.1-1.1-mdv2011.0.i586.rpm 
 ec0ff59b860f30b96311e76e06c7e57f  2011/SRPMS/libjpeg-turbo-1.1.1-1.1.src.rpm

2011 x86_64

 ffa20228c1de0d40df4ecab727c8826f  2011/x86_64/jpeg-progs-1.1.1-1.1-mdv2011.0.x86_64.rpm
 3d9e34e8e4250f9aa3a940d05b139acf  2011/x86_64/lib64jpeg62-1.1.1-1.1-mdv2011.0.x86_64.rpm
 eb25c0134c64bc23e92fff9b532c30ad  2011/x86_64/lib64jpeg8-1.1.1-1.1-mdv2011.0.x86_64.rpm
 0ccc1fefcf0320c387de3b6ab73ae91c  2011/x86_64/lib64jpeg-devel-1.1.1-1.1-mdv2011.0.x86_64.rpm
 f08cddd88a7eff5fe3bee4d5066ed605  2011/x86_64/lib64jpeg-static-devel-1.1.1-1.1-mdv2011.0.x86_64.rpm 
 ec0ff59b860f30b96311e76e06c7e57f  2011/SRPMS/libjpeg-turbo-1.1.1-1.1.src.rpm

Referenzen