Updated libjpeg packages fix security vulnerabilities
Publication date: 10 Aug 2018Modification date: 10 Aug 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-1152 , CVE-2018-11813
Description
Updated libjpeg package fixes security vulnerabilities:
It was found that libjpeg is vulnerable to a denial of service
vulnerability caused by a divide by zero when processing a crafted
BMP image (CVE-2018-1152).
It was found that libjpeg had a defect where, due to a mishandled EOF,
a specially crafted malformed input file (specifically a file with a
valid Targa header but incomplete pixel data) would cause cjpeg to
generate a file that was potentially thousands of times larger than the
input file (CVE-2018-11813).
References
- https://bugs.mageia.org/show_bug.cgi?id=23238
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/3CDV3ULRXQEMV7OHCB5MSITEIVOI5EPN/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/OHRJSPZHPTSJWFXG5YW7OD4MM4WAPXFF/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1152
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11813
SRPMS
6/core
- libjpeg-1.5.1-1.2.mga6