Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 573
Alerts This Week
Warning Icon 1 573

Ubuntu 16.04 & 14.04 ESM USN-5553-1: libjpeg-turbo DoS Issues

ubuntu
Calendar Grey August 8, 2022
Dist Ubuntu Esm H88
Multiple vulnerabilities addressed in libjpeg-turbo. This notification outlines remediation measures for impacted Ubuntu users.
Several security issues were fixed in libjpeg-turbo.

Summary

Several security issues were fixed in libjpeg-turbo.

Software Description:

- libjpeg-turbo: library for handling JPEG files

Details:

It was discovered that libjpeg-turbo was not properly handling EOF

characters,

which could lead to excessive memory consumption through the execution of a

large loop. An attacker could possibly use this issue to cause a denial of

service. (CVE-2018-11813)

It was discovered that libjpeg-turbo was not properly performing bounds

check operations, which could lead to a heap-based buffer overread. If a

user

or automated system were tricked into opening a specially crafted file, an

attacker could possibly use this issue to cause a denial of service. This

issue only affected Ubuntu 14.04 ESM. (CVE-2018-14498)

It was discovered that libjpeg-turbo was not properly limiting the amount of

main memory being consumed by the system during decompression or multi-pass

compression operations, which could lead to excessive memory consumpti...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 ESM:
   libjpeg-turbo-progs             1.4.2-0ubuntu3.4+esm1
   libjpeg-turbo-test              1.4.2-0ubuntu3.4+esm1
   libjpeg-turbo8                  1.4.2-0ubuntu3.4+esm1
   libturbojpeg                    1.4.2-0ubuntu3.4+esm1

Ubuntu 14.04 ESM:
   libjpeg-turbo-progs             1.3.0-0ubuntu2.1+esm2
   libjpeg-turbo-test              1.3.0-0ubuntu2.1+esm2
   libjpeg-turbo8                  1.3.0-0ubuntu2.1+esm2
   libturbojpeg                    1.3.0-0ubuntu2.1+esm2

In general, a standard system update will make all the necessary changes.

References

  https://ubuntu.com/security/notices/USN-5553-1

  CVE-2018-11813, CVE-2018-14498, CVE-2020-14152, CVE-2020-17541

Severity
important
Lowest
Low
Medium
High
Critical

August 08, 2022

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.