Synopsis: Moderate: libjpeg-turbo security update
Advisory ID: SLSA-2019:2052-1
Issue Date: 2019-08-06
CVE Numbers: CVE-2016-3616
CVE-2018-11213
CVE-2018-11212
CVE-2018-11214
CVE-2018-14498
CVE-2018-11813
—
Security Fix(es):
* libjpeg: null pointer dereference in cjpeg (CVE-2016-3616)
* libjpeg-turbo: heap-based buffer over-read via crafted 8-bit BMP in
get_8bit_row in rdbmp.c leads to denial of service (CVE-2018-14498)
* libjpeg-turbo: Divide By Zero in alloc_sarray function in jmemmgr.c
(CVE-2018-11212)
* libjpeg: Segmentation fault in get_text_gray_row function in rdppm.c
(CVE-2018-11213)
* libjpeg: Segmentation fault in get_text_rgb_row function in rdppm.c
(CVE-2018-11214)
* libjpeg: “cjpeg” utility large loop because read_pixel in rdtarga.c
mishandles EOF (CVE-2018-11813)
—
SL7
x86_64
libjpeg-turbo-devel-1.2.90-8.el7.x86_64.rpm
libjpeg-turbo-1.2.90-8.el7.i686.rpm
libjpeg-turbo-devel-1.2.90-8.el7.i686.rpm
libjpeg-turbo-1.2.90-8.el7.x86_64.rpm
libjpeg-turbo-static-1.2.90-8.el7.x86_64.rpm
turbojpeg-devel-1.2.90-8.el7.i686.rpm
turbojpeg-1.2.90-8.el7.x86_64.rpm
libjpeg-turbo-utils-1.2.90-8.el7.x86_64.rpm
turbojpeg-devel-1.2.90-8.el7.x86_64.rpm
turbojpeg-1.2.90-8.el7.i686.rpm
libjpeg-turbo-static-1.2.90-8.el7.i686.rpm
libjpeg-turbo-debuginfo-1.2.90-8.el7.i686.rpm
libjpeg-turbo-debuginfo-1.2.90-8.el7.x86_64.rpm
– Scientific Linux Development Team
