Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 1 articles for you...
203
security advisoryupdatesoftware fixMageia 7 MGASA-2020-0267 Moderate: Libjpeg Buffer Over-Read
Updated libjpeg packages fix security vulnerability: libjpeg-turbo 2.0.4 has a heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file (CVE-2020-13790). . MGASA-2020-0267 - Updated libjpeg packages fix security vulnerability Publication date: 19 Jun 2020 URL: https://advisories.mageia.org/MGASA-2020-0267.html Type: security Affected Mageia releases: 7 CVE: CVE-2020-13790 Updated libjpeg packages fix security vulnerability: libjpeg-turbo 2.0.4 has a heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file (CVE-2020-13790). References: - https://bugs.mageia.org/show_bug.cgi?id=26784 - https://ubuntu.com/security/notices/USN-4386-1 - https://www.cve.org/CVERecord?id=CVE-2020-13790 SRPMS: - 7/core/libjpeg-2.0.4-1.1.mga7 . Newly released libjpeg updates resolve a buffer over-read flaw in Mageia that impacts libjpeg-turbo version 2.0.4.. libjpeg security, Mageia update, buffer over-read, libjpeg-turbo, software fix. . Severity: Important. LinuxSecurity.com Team
Jun 19, 2020
•Important
Mageia
203
security advisorysecurity issuesoftware updateMageia: 2019-0329 Critical Update for Libjpeg Integer Overflow
The updated packages fix a security vulnerability: Several integer overflow issues and subsequent segfaults occur in libjpeg-turbo when attempting to compress or decompress gigapixel images. (CVE-2019-2201) . MGASA-2019-0329 - Updated libjpeg packages fix security vulnerability Publication date: 19 Nov 2019 URL: https://advisories.mageia.org/MGASA-2019-0329.html Type: security Affected Mageia releases: 7 CVE: CVE-2019-2201 The updated packages fix a security vulnerability: Several integer overflow issues and subsequent segfaults occur in libjpeg-turbo when attempting to compress or decompress gigapixel images. (CVE-2019-2201) References: - https://bugs.mageia.org/show_bug.cgi?id=25296 - https://github.com/libjpeg-turbo/libjpeg-turbo/issues/361 - https://source.android.com/docs/security/bulletin/2019-11-01 - https://www.openwall.com/lists/oss-security/2019/11/11/1 - https://www.cve.org/CVERecord?id=CVE-2019-2201 SRPMS: - 7/core/libjpeg-2.0.3-1.mga7 . Recent libjpeg updates address integer overflow vulnerabilities and segmentation faults in Mageia, bolstering overall security.. libjpeg turBot,safety patch,security fixes,Mageia updates. . Severity: Critical. LinuxSecurity.com Team
Nov 19, 2019
•Critical
Mageia
200
security advisorydenial of servicemoderate severityScientific Linux Advisory: SLSA-2019:2052-1 Moderate libjpeg-turbo DDoS
libjpeg: null pointer dereference in cjpeg (CVE-2016-3616) * libjpeg-turbo: heap-based buffer over-read via crafted 8-bit BMP in get_8bit_row in rdbmp.c leads to denial of service (CVE-2018-14498) * libjpeg-turbo: Divide By Zero in alloc_sarray function in jmemmgr.c (CVE-2018-11212) * libjpeg: Segmentation fault in get_text_gray_row function in rdppm.c (CVE-2018-11213) * libjpeg: Segmentat [More...]. Synopsis: Moderate: libjpeg-turbo security update Advisory ID: SLSA-2019:2052-1 Issue Date: 2019-08-06 CVE Numbers: CVE-2016-3616 CVE-2018-11213 CVE-2018-11212 CVE-2018-11214 CVE-2018-14498 CVE-2018-11813 -- Security Fix(es): * libjpeg: null pointer dereference in cjpeg (CVE-2016-3616) * libjpeg-turbo: heap-based buffer over-read via crafted 8-bit BMP in get_8bit_row in rdbmp.c leads to denial of service (CVE-2018-14498) * libjpeg-turbo: Divide By Zero in alloc_sarray function in jmemmgr.c (CVE-2018-11212) * libjpeg: Segmentation fault in get_text_gray_row function in rdppm.c (CVE-2018-11213) * libjpeg: Segmentation fault in get_text_rgb_row function in rdppm.c (CVE-2018-11214) * libjpeg: "cjpeg" utility large loop because read_pixel in rdtarga.c mishandles EOF (CVE-2018-11813) -- SL7 x86_64 libjpeg-turbo-devel-1.2.90-8.el7.x86_64.rpm libjpeg-turbo-1.2.90-8.el7.i686.rpm libjpeg-turbo-devel-1.2.90-8.el7.i686.rpm libjpeg-turbo-1.2.90-8.el7.x86_64.rpm libjpeg-turbo-static-1.2.90-8.el7.x86_64.rpm turbojpeg-devel-1.2.90-8.el7.i686.rpm turbojpeg-1.2.90-8.el7.x86_64.rpm libjpeg-turbo-utils-1.2.90-8.el7.x86_64.rpm turbojpeg-devel-1.2.90-8.el7.x86_64.rpm turbojpeg-1.2.90-8.el7.i686.rpm libjpeg-turbo-static-1.2.90-8.el7.i686.rpm libjpeg-turbo-debuginfo-1.2.90-8.el7.i686.rpm libjpeg-turbo-debuginfo-1.2.90-8.el7.x86_64.rpm - Scientific Linux Development Team . A recent security patch for libjpeg-turbo resolves several vulnerabilities, such as integeroverflow and potential service interruption.. libjpeg-turbo update, security advisory, SL7 x86_64. . LinuxSecurity.com Team
Aug 26, 2019
Scientific Linux
203
security advisorymoderatedenial of serviceMageia: 2020-0145 Moderate Denial of Service in Libjpeg
get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted 8-bit BMP in which one or more of the color indices is out of range for the number of palette entries. (CVE-2018-14498) . MGASA-2019-0132 - Updated libjpeg packages fix security vulnerability Publication date: 05 Apr 2019 URL: https://advisories.mageia.org/MGASA-2019-0132.html Type: security Affected Mageia releases: 6 CVE: CVE-2018-14498 get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted 8-bit BMP in which one or more of the color indices is out of range for the number of palette entries. (CVE-2018-14498) References: - https://bugs.mageia.org/show_bug.cgi?id=24565 - http://lists.suse.com/pipermail/sle-security-updates/2019-March/005227.html - https://lists.fedoraproject.org/archives/list/
Apr 05, 2019
•Important
Mageia
198
security advisorydenial of servicemedium riskFedora: FED-202201-8 Low Risk: lib32-libpng DoS Threat Resolution
The package lib32-libpng before version 1.6.27-1 is vulnerable to denial of service. . Arch Linux Security Advisory ASA-201701-5 ======================================== Severity: Low Date : 2017-01-02 CVE-ID : CVE-2016-10087 Package : lib32-libpng Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-120 Summary ====== The package lib32-libpng before version 1.6.27-1 is vulnerable to denial of service. Resolution ========= Upgrade to 1.6.27-1. # pacman -Syu "lib32-libpng> =1.6.27-1" The problem has been fixed upstream in version 1.6.27. Workaround ========= None. Description ========== A NULL-pointer dereference issue has been found in png_set_text_2() in libpng. To be vulnerable, an application has to load a text chunk into the png structure, then delete all text, then add another text chunk to the same png structure. Impact ===== A remote attacker is able to crash the application under certain circumstances. References ========= https://seclists.org/oss-sec/2016/q4/782 https://security.archlinux.org/CVE-2016-10087 . The advisory for Arch Linux ASA-202104-5 discusses a potential denial of service issue in lib32-libjpeg prior to version 9c-1. Users are advised to perform an upgrade.. Arch Linux, libjpeg, lib32-libpng, Denial Of Service, Security Advisory. . Severity: Low. LinuxSecurity.com Team
Jan 02, 2017
•Low
ArchLinux
172
security advisorycriticalinformation exposureUbuntu 2060-1: Critical Info Exposure In Libjpeg And Libjpeg-Turbo
libjpeg and libjpeg-turbo could be made to expose sensitive information.. =========================================================================Ubuntu Security Notice USN-2060-1 December 19, 2013 libjpeg-turbo, libjpeg6b vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 13.10 - Ubuntu 13.04 - Ubuntu 12.10 - Ubuntu 12.04 LTS - Ubuntu 10.04 LTS Summary: libjpeg and libjpeg-turbo could be made to expose sensitive information. Software Description: - libjpeg-turbo: library for handling JPEG files - libjpeg6b: library for handling JPEG files Details: Michal Zalewski discovered that libjpeg and libjpeg-turbo incorrectly handled certain memory operations. An attacker could use this issue with a specially-crafted JPEG file to possibly expose sensitive information. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 13.10: libjpeg-turbo8 1.3.0-0ubuntu1.1 libjpeg62 6b1-3ubuntu1.13.10.1 libturbojpeg 1.3.0-0ubuntu1.1 Ubuntu 13.04: libjpeg-turbo8 1.2.1-0ubuntu2.13.04.1 libjpeg62 6b1-3ubuntu1.13.04.1 libturbojpeg 1.2.1-0ubuntu2.13.04.1 Ubuntu 12.10: libjpeg-turbo8 1.2.1-0ubuntu2.12.10.1 libjpeg62 6b1-2ubuntu2.1 libturbojpeg 1.2.1-0ubuntu2.12.10.1 Ubuntu 12.04 LTS: libjpeg-turbo8 1.1.90+svn733-0ubuntu4.3 libjpeg62 6b1-2ubuntu1.1 libturbojpeg 1.1.90+svn733-0ubuntu4.3 Ubuntu 10.04 LTS: libjpeg62 6b-15ubuntu1.1 After a standard system update you need to restart your session to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-2060-1 CVE-2013-6629,CVE-2013-6630 Package Information: https://launchpad.net/ubuntu/+source/libjpeg-turbo/1.3.0-0ubuntu1.1 https://launchpad.net/ubuntu/+source/libjpeg6b/6b1-3ubuntu1.13.10.1 https://launchpad.net/ubuntu/+source/libjpeg-turbo/1.2.1-0ubuntu2.13.04.1 https://launchpad.net/ubuntu/+source/libjpeg6b/6b1-3ubuntu1.13.04.1 https://launchpad.net/ubuntu/+source/libjpeg-turbo/1.2.1-0ubuntu2.12.10.1 https://launchpad.net/ubuntu/+source/libjpeg6b/6b1-2ubuntu2.1 https://launchpad.net/ubuntu/+source/libjpeg-turbo/1.1.90+svn733-0ubuntu4.3 https://launchpad.net/ubuntu/+source/libjpeg6b/6b1-2ubuntu1.1 https://launchpad.net/ubuntu/+source/libjpeg6b/6b-15ubuntu1.1 . Important notice about risks to sensitive data due to vulnerabilities found in Libjpeg and Libjpeg-Turbo across several Ubuntu versions. Immediate action is advised to reduce exposure. libjpeg,turbo,insecurity,ubuntu release,information exposure. . Severity: Critical. LinuxSecurity.com Team
Dec 19, 2013
•Critical
Ubuntu
99
security advisorycriticalsecurity fixSlackware 14.1: 2013-350-02 Critical: Libjpeg Uninitialized Memory Exploit
New libjpeg packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] libjpeg (SSA:2013-350-02) New libjpeg packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/libjpeg-v8a-i486-2_slack14.1.txz: Rebuilt. Fix use of uninitialized memory when decoding images with missing SOS data for the luminance component (Y) in presence of valid chroma data (Cr, Cb). This could allow remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image. For more information, see: https://www.cve.org/CVERecord?id=CVE-2013-6629 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you. Updated package for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/libjpeg-6b-i486-6_slack13.0.txz Updated package for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/libjpeg-6b-x86_64-6_slack13.0.txz Updated package for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/libjpeg-v8a-i486-2_slack13.1.txz Updated package for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/libjpeg-v8a-x86_64-2_slack13.1.txz Updated package for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/libjpeg-v8a-i486-2_slack13.37.txz Updated package for Slackware x86_6413.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/libjpeg-v8a-x86_64-2_slack13.37.txz Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/libjpeg-v8a-i486-2_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/libjpeg-v8a-x86_64-2_slack14.0.txz Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/libjpeg-v8a-i486-2_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/libjpeg-v8a-x86_64-2_slack14.1.txz Updated package for Slackware -current: Updated package for Slackware x86_64 -current: MD5 signatures: +-------------+ Slackware 13.0 package: e379288053d20a5d077e432f7d05f183 libjpeg-6b-i486-6_slack13.0.txz Slackware x86_64 13.0 package: 61c5a909e5abfd01603da3702ee7233a libjpeg-6b-x86_64-6_slack13.0.txz Slackware 13.1 package: 0764f943fea74dc027ce1b545cbb035a libjpeg-v8a-i486-2_slack13.1.txz Slackware x86_64 13.1 package: 0669329626d8b04bc2d16561610aaa6a libjpeg-v8a-x86_64-2_slack13.1.txz Slackware 13.37 package: 26228549d4f320a53aa9eafa86a5bcba libjpeg-v8a-i486-2_slack13.37.txz Slackware x86_64 13.37 package: 29bfae5d834f3092096237d46a23f476 libjpeg-v8a-x86_64-2_slack13.37.txz Slackware 14.0 package: 7ca059339e00033ab0949d4c86d2ffc4 libjpeg-v8a-i486-2_slack14.0.txz Slackware x86_64 14.0 package: 1c13b80899528284aa6b5f6b322f4f03 libjpeg-v8a-x86_64-2_slack14.0.txz Slackware 14.1 package: b19187c4d825483e92426fa21ad334f2 libjpeg-v8a-i486-2_slack14.1.txz Slackware x86_64 14.1 package: ea8ecbee6544657d4d9afc52c1909a7e libjpeg-v8a-x86_64-2_slack14.1.txz Slackware -current package: 04a85d8bfd5009b884243588bd4286fb l/libjpeg-v8a-i486-2.txz Slackware x86_64 -current package: 20691eba89f076552daccd40dcd312b4 l/libjpeg-v8a-x86_64-2.txz Installation instructions: +------------------------+ Upgrade thepackage as root: # upgradepkg libjpeg-v8a-i486-2_slack14.1.txz +-----+ . Updated libjpeg packages are now available for Slackware, rectifying a vulnerability related to uninitialized memory in image decoding processes.. libjpeg Packages, Slackware Security, Image Decoder Fix. . Severity: Critical. LinuxSecurity.com Team
Dec 17, 2013
•Critical
Slackware
200
security advisorymoderatesecurity issueScientific Linux SL5.x SLSA-2013:1804-1 Moderate: Libjpeg Data Disclosure
Moderate: libjpeg security update. Date: Tue, 10 Dec 2013 15:53:19 +0000 Reply-To: scientific-linux-users@ Sender: Security Errata for Scientific Linux From: Pat Riehecky Subject: Security ERRATA Moderate: libjpeg on SL5.x i386/x86_64 MIME-Version: 1.0 Synopsis: Moderate: libjpeg security update Advisory ID: SLSA-2013:1804-1 Issue Date: 2013-12-10 CVE Numbers: CVE-2013-6629 -- An uninitialized memory read issue was found in the way libjpeg decoded images with missing Start Of Scan (SOS) JPEG markers. A remote attacker could create a specially crafted JPEG image that, when decoded, could possibly lead to a disclosure of potentially sensitive information. (CVE-2013-6629) -- SL5 x86_64 libjpeg-6b-38.i386.rpm libjpeg-6b-38.x86_64.rpm libjpeg-debuginfo-6b-38.i386.rpm libjpeg-debuginfo-6b-38.x86_64.rpm libjpeg-devel-6b-38.i386.rpm libjpeg-devel-6b-38.x86_64.rpm i386 libjpeg-6b-38.i386.rpm libjpeg-debuginfo-6b-38.i386.rpm libjpeg-devel-6b-38.i386.rpm - Scientific Linux Development Team . Important libjpeg security patch released for Scientific Linux SL5.x to resolve a memory access vulnerability during image processing.. libjpeg security, scientific linux advisory, moderate update, memory issue, image decoding. . LinuxSecurity.com Team
Dec 10, 2013
Scientific Linux
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!