libjpeg-turbo-1.2.90-8.el7

エラータID: AXSA:2019-4124:02

Release date: 
Tuesday, August 20, 2019 - 03:00
Subject: 
libjpeg-turbo-1.2.90-8.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
Moderate
Description: 

The libjpeg-turbo packages contain a library of functions for manipulating JPEG images. They also contain simple client programs for accessing the libjpeg functions. These packages provide the same functionality and API as libjpeg but with better performance.

Security Fix(es):

* libjpeg: null pointer dereference in cjpeg (CVE-2016-3616)

* libjpeg-turbo: heap-based buffer over-read via crafted 8-bit BMP in get_8bit_row in rdbmp.c leads to denial of service (CVE-2018-14498)

* libjpeg-turbo: Divide By Zero in alloc_sarray function in jmemmgr.c (CVE-2018-11212)

* libjpeg: Segmentation fault in get_text_gray_row function in rdppm.c (CVE-2018-11213)

* libjpeg: Segmentation fault in get_text_rgb_row function in rdppm.c (CVE-2018-11214)

* libjpeg: "cjpeg" utility large loop because read_pixel in rdtarga.c mishandles EOF (CVE-2018-11813)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2016-3616
The cjpeg utility in libjpeg allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or execute arbitrary code via a crafted file.
CVE-2018-11212
An issue was discovered in libjpeg 9a. The alloc_sarray function in jmemmgr.c allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted file.
CVE-2018-11213
An issue was discovered in libjpeg 9a. The get_text_gray_row function in rdppm.c allows remote attackers to cause a denial of service (Segmentation fault) via a crafted file.
CVE-2018-11214
An issue was discovered in libjpeg 9a. The get_text_rgb_row function in rdppm.c allows remote attackers to cause a denial of service (Segmentation fault) via a crafted file.
CVE-2018-11813
libjpeg 9c has a large loop because read_pixel in rdtarga.c mishandles EOF.
CVE-2018-14498
get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted 8-bit BMP in which one or more of the color indices is out of range for the number of palette entries.

Solution: 

Update packages.

CVEs: 
CVE-2016-3616
The cjpeg utility in libjpeg allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or execute arbitrary code via a crafted file.
CVE-2018-11212
An issue was discovered in libjpeg 9a. The alloc_sarray function in jmemmgr.c allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted file.
CVE-2018-11213
An issue was discovered in libjpeg 9a. The get_text_gray_row function in rdppm.c allows remote attackers to cause a denial of service (Segmentation fault) via a crafted file.
CVE-2018-11214
An issue was discovered in libjpeg 9a. The get_text_rgb_row function in rdppm.c allows remote attackers to cause a denial of service (Segmentation fault) via a crafted file.
CVE-2018-11813
libjpeg 9c has a large loop because read_pixel in rdtarga.c mishandles EOF.
CVE-2018-14498
get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted 8-bit BMP in which one or more of the color indices is out of range for the number of palette entries.
Additional Info: 

N/A

Download: 

SRPMS
  1. libjpeg-turbo-1.2.90-8.el7.src.rpm
    MD5: ae2b37ea1a9ed69c7c04ff38ac9267c2
    SHA-256: 2b17552de1c19f77f0d3f1616ed38e21bb8f4974af87df7c721d54ac3621723e
    Size: 1.30 MB

Asianux Server 7 for x86_64
  1. libjpeg-turbo-1.2.90-8.el7.x86_64.rpm
    MD5: d2e4199a6bed0f7fde54c6369555e10b
    SHA-256: d55e7b97ab76ab13713c169a7715d2210de1568096a9b07d85f3b07fe354dd47
    Size: 133.62 kB
  2. libjpeg-turbo-devel-1.2.90-8.el7.x86_64.rpm
    MD5: 4e48bb08b595a0f2e7dab771379d4704
    SHA-256: 5aee15b51baa8d320edabbe35d4ae51dab3a0781e0442e514a48ea398d4aa16e
    Size: 98.23 kB
  3. libjpeg-turbo-1.2.90-8.el7.i686.rpm
    MD5: 2415c13a2b887cdc67a081d6072eeb1a
    SHA-256: a10b32bef9c86ce775c2467164f49ae19f79c126e41e5feea68176eab11bd218
    Size: 137.13 kB
  4. libjpeg-turbo-devel-1.2.90-8.el7.i686.rpm
    MD5: 9717f421df9041ee9cc47a1594482f9d
    SHA-256: 8420b6806d29b054e015e9bef8d99bf129b951c83dc3450409b706f2709d3f1e
    Size: 98.27 kB