MGASA-2020-0267 - Updated libjpeg packages fix security vulnerability

Publication date: 19 Jun 2020
URL: https://advisories.mageia.org/MGASA-2020-0267.html
Type: security
Affected Mageia releases: 7
CVE: CVE-2020-13790

Updated libjpeg packages fix security vulnerability:

libjpeg-turbo 2.0.4 has a heap-based buffer over-read in get_rgb_row()
in rdppm.c via a malformed PPM input file (CVE-2020-13790).

References:
- https://bugs.mageia.org/show_bug.cgi?id=26784
- https://usn.ubuntu.com/usn/usn-4386-1
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13790

SRPMS:
- 7/core/libjpeg-2.0.4-1.1.mga7

Mageia 2020-0267: libjpeg security update

Updated libjpeg packages fix security vulnerability: libjpeg-turbo 2.0.4 has a heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file (CVE-2020-137...

Summary

Updated libjpeg packages fix security vulnerability:
libjpeg-turbo 2.0.4 has a heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file (CVE-2020-13790).

References

- https://bugs.mageia.org/show_bug.cgi?id=26784

- https://usn.ubuntu.com/usn/usn-4386-1

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13790

Resolution

MGASA-2020-0267 - Updated libjpeg packages fix security vulnerability

SRPMS

- 7/core/libjpeg-2.0.4-1.1.mga7

Severity
Publication date: 19 Jun 2020
URL: https://advisories.mageia.org/MGASA-2020-0267.html
Type: security
CVE: CVE-2020-13790