libjpeg-turbo-1.2.1-3.AXS4

エラータID: AXSA:2014-038:01

Release date: 
Tuesday, March 18, 2014 - 19:23
Subject: 
libjpeg-turbo-1.2.1-3.AXS4
Affected Channels: 
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity: 
High
Description: 

The libjpeg-turbo package contains a library of functions for manipulating JPEG images. It also contains simple client programs for accessing the libjpeg functions. It contains cjpeg, djpeg, jpegtran, rdjpgcom and wrjpgcom. Cjpeg compresses an image file into JPEG format. Djpeg decompresses a JPEG file into a regular image file. Jpegtran can perform various useful transformations on JPEG files. Rdjpgcom displays any text comments included in a JPEG file. Wrjpgcom inserts text comments into a JPEG file.

Security issues fixed with this release:

• CVE-2013-6629
The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.

• CVE-2013-6630
The get_dht function in jdmarker.c in libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48 and other products, does not set all elements of a certain Huffman value array during the reading of segments that follow Define Huffman Table (DHT) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.

Solution: 

Update packages.

CVEs: 
CVE-2013-6629
The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.
CVE-2013-6630
The get_dht function in jdmarker.c in libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48 and other products, does not set all elements of a certain Huffman value array during the reading of segments that follow Define Huffman Table (DHT) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.
Additional Info: 

N/A

Download: 

SRPMS
  1. libjpeg-turbo-1.2.1-3.AXS4.src.rpm
    MD5: ac6aa6beab671563758a4e57228a79be
    SHA-256: 662c23b59c269719e4456c0c764255cf113d2f73de5bc5147abbc7e6ab35c472
    Size: 1.68 MB

Asianux Server 4 for x86
  1. libjpeg-turbo-1.2.1-3.AXS4.i686.rpm
    MD5: 2c5ae2c766ca706d7f735b3cfe2fde88
    SHA-256: ac65f0731ddfe2d340faf548b9e29dc4127a890316449a394e1418459323f183
    Size: 176.77 kB
  2. libjpeg-turbo-devel-1.2.1-3.AXS4.i686.rpm
    MD5: 22af5a5495b723a76f5d42dc423c05f6
    SHA-256: afdfe66f6ee3e81785d2e342a2f7f3e9def92a85eda59cf2c069ff2d66247d53
    Size: 95.62 kB

Asianux Server 4 for x86_64
  1. libjpeg-turbo-1.2.1-3.AXS4.x86_64.rpm
    MD5: 8d7a1cdf9c5233130c5e7a1fecad0d12
    SHA-256: 02ce2a100f594ec5a7616455f1515438c3cb3689644237d79e06a3b33f230454
    Size: 174.12 kB
  2. libjpeg-turbo-devel-1.2.1-3.AXS4.x86_64.rpm
    MD5: aa4224dc86e37e0d3d8c79981074045c
    SHA-256: 906d28314a11b122dbf1b9433b727b25f6de75862a8e615c4428052d83425f8d
    Size: 95.20 kB
  3. libjpeg-turbo-1.2.1-3.AXS4.i686.rpm
    MD5: 2c5ae2c766ca706d7f735b3cfe2fde88
    SHA-256: ac65f0731ddfe2d340faf548b9e29dc4127a890316449a394e1418459323f183
    Size: 176.77 kB
  4. libjpeg-turbo-devel-1.2.1-3.AXS4.i686.rpm
    MD5: 22af5a5495b723a76f5d42dc423c05f6
    SHA-256: afdfe66f6ee3e81785d2e342a2f7f3e9def92a85eda59cf2c069ff2d66247d53
    Size: 95.62 kB