Advisories » MGASA-2013-0333

Updated libjpeg packages fix vulnerabilities in libjpeg-turbo

Publication date: 20 Nov 2013
Modification date: 20 Nov 2013
Type: security
Affected Mageia releases : 2 , 3
CVE: CVE-2013-6629 , CVE-2013-6630

Description

Updated libjpeg packages fix security vulnerabilities:

libjpeg 6b and libjpeg-turbo will use uninitialized memory when decoding
images with missing SOS data for the luminance component (Y) in presence of
valid chroma data (Cr, Cb) (CVE-2013-6629).

libjpeg-turbo will use uninitialized memory when handling Huffman tables
(CVE-2013-6630).
                

References

• http://permalink.gmane.org/gmane.comp.security.full-disclosure/90919
• http://googlechromereleases.blogspot.com/2013/11/stable-channel-update.html
• https://bugs.mageia.org/show_bug.cgi?id=11658
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6629
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6630

SRPMS

2/core

• libjpeg-1.2.0-4.2.mga2

3/core

• libjpeg-1.2.1-4.1.mga3