Updated libjpeg packages fix vulnerabilities in libjpeg-turbo
Publication date: 20 Nov 2013Modification date: 20 Nov 2013
Type: security
Affected Mageia releases : 2 , 3
CVE: CVE-2013-6629 , CVE-2013-6630
Description
Updated libjpeg packages fix security vulnerabilities: libjpeg 6b and libjpeg-turbo will use uninitialized memory when decoding images with missing SOS data for the luminance component (Y) in presence of valid chroma data (Cr, Cb) (CVE-2013-6629). libjpeg-turbo will use uninitialized memory when handling Huffman tables (CVE-2013-6630).
References
- http://permalink.gmane.org/gmane.comp.security.full-disclosure/90919
- http://googlechromereleases.blogspot.com/2013/11/stable-channel-update.html
- https://bugs.mageia.org/show_bug.cgi?id=11658
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6629
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6630
SRPMS
3/core
- libjpeg-1.2.1-4.1.mga3
2/core
- libjpeg-1.2.0-4.2.mga2