SUSE Package Hub - SUSE-SLE-Module-Packagehub-Subpackages-15-2019-711

Update Info

SUSE-SLE-Module-Packagehub-Subpackages-15-2019-711

Security update for libjpeg-turbo

Type: security

Severity: moderate

Issued: 2019-03-22

Description:

This update for libjpeg-turbo fixes the following issues:

The following security vulnerabilities were addressed:

- CVE-2018-14498: Fixed a heap-based buffer over read in get_8bit_row function 
  which could allow to an attacker to cause denial of service (bsc#1128712).
- CVE-2018-11813: Fixed the end-of-file mishandling in read_pixel in rdtarga.c,
  which allowed remote attackers to cause a denial-of-service via crafted JPG
  files due to a large loop (bsc#1096209)
- CVE-2018-1152: Fixed a denial of service in start_input_bmp() rdbmp.c caused
  by a divide by zero when processing a crafted BMP image (bsc#1098155)

References

CVE: CVE-2018-14498
CVE: CVE-2018-11813
CVE: CVE-2018-1152
Bugzilla: 1128712 VUL-1: CVE-2018-14498: jpeg, libjpeg-turbo: denial of service in get_8bit_row in rdbmp.c
Bugzilla: 1098155 VUL-1: CVE-2018-1152: libjpeg-turbo: libjpeg-turbo 1.5.90 is vulnerable to a denial of service vulnerability causedby a divide by zero when processing a crafted BMP image
Bugzilla: 1096209 VUL-1: CVE-2018-11813: libjpeg-turbo,jpeg,libjpeg62-turbo: libjpeg 9c has a large loop because read_pixel in rdtarga.c mishandles EOF.

Packages

libjpeg-turbo-1.5.3-5.7.1