Advisories » MGASA-2014-0174

Updated jbigkit packages fix CVE-2013-6369

Publication date: 15 Apr 2014
Modification date: 15 Apr 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2013-6369

Description

Updated jbigkit packages fix security vulnerability:

Florian Weimer found a stack-based buffer overflow flaw in the libjbig library
(part of jbigkit).  A specially-crafted image file read by libjbig could be
used to cause a program linked to libjbig to crash or, potentially, to execute
arbitrary code (CVE-2013-6369).

The jbigkit package has been updated to version 2.1, which fixes this issue,
as well as a few other bugs, including the ability of corrupted input data to
force the jbig85 decoder into an end-less loop.
                

References

• https://www.cl.cam.ac.uk/~mgk25/jbigkit/CHANGES
• https://bugzilla.redhat.com/show_bug.cgi?id=1032273
• https://bugs.mageia.org/show_bug.cgi?id=13174
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6369

SRPMS

3/core

• jbigkit-2.1-1.mga3

4/core

• jbigkit-2.1-1.mga4