Nom du paquet
libjpeg
Date
2013-11-21
Advisory ID
MDVSA-2013:274
Affected versions
MES5 i586 , MES5 x86_64

Problem description

Updated libjpeg packages fix security vulnerabilities:

A Heap-based buffer overflow was found in the way libjpeg-turbo
decompressed certain corrupt JPEG images in which the component
count was erroneously set to a large value. An attacker could create
a specially-crafted JPEG image that, when opened, could cause an
application using libpng to crash or, possibly, execute arbitrary
code with the privileges of the user running the application
(CVE-2012-2806).

libjpeg 6b and libjpeg-turbo will use uninitialized memory when
decoding images with missing SOS data for the luminance component
(Y) in presence of valid chroma data (Cr, Cb) (CVE-2013-6629).

libjpeg-turbo will use uninitialized memory when handling Huffman
tables (CVE-2013-6630).

Updated packages

MES5 i586

 79d040dfdb170231f3c90e649c6726a8  mes5/i586/jpeg-progs-6b-43.1mdvmes5.2.i586.rpm
 9fdefbd8518fecfd42c2a795abd7d5e4  mes5/i586/libjpeg62-6b-43.1mdvmes5.2.i586.rpm
 9044749a76bc17e3a21d8bff786017a3  mes5/i586/libjpeg62-devel-6b-43.1mdvmes5.2.i586.rpm
 35373c288fdc90904e610d723aef96a8  mes5/i586/libjpeg62-static-devel-6b-43.1mdvmes5.2.i586.rpm 
 0b9c6863a436a7dd8c162ea291ecfa79  mes5/SRPMS/libjpeg-6b-43.1mdvmes5.2.src.rpm

MES5 x86_64

 1503af16a0b1f50ada9c289480e6aba4  mes5/x86_64/jpeg-progs-6b-43.1mdvmes5.2.x86_64.rpm
 d7dc5dc5e2e7d5b451cbe752040e1043  mes5/x86_64/lib64jpeg62-6b-43.1mdvmes5.2.x86_64.rpm
 db64b158f6f1a46f019238995d4a27cb  mes5/x86_64/lib64jpeg62-devel-6b-43.1mdvmes5.2.x86_64.rpm
 b70b2089d2b46ca51df1a17b1331083c  mes5/x86_64/lib64jpeg62-static-devel-6b-43.1mdvmes5.2.x86_64.rpm 
 0b9c6863a436a7dd8c162ea291ecfa79  mes5/SRPMS/libjpeg-6b-43.1mdvmes5.2.src.rpm

References