[SECURITY] [DLA 1719-1] libjpeg-turbo security update

2019-03-18T19:11:26
ID DEBIAN:DLA-1719-1:117FC
Type debian
Reporter Debian
Modified 2019-03-18T19:11:26

Description

Package : libjpeg-turbo Version : 1:1.3.1-12+deb8u2 CVE ID : CVE-2018-14498 Debian Bug : #924678

It was discovered that there was a denial of service vulnerability in the libjpeg-turbo CPU-optimised JPEG image library. A heap-based buffer over-read could be triggered by a specially-crafted bitmap (BMP) file.

For Debian 8 "Jessie", this issue has been fixed in libjpeg-turbo version 1:1.3.1-12+deb8u2.

We recommend that you upgrade your libjpeg-turbo packages.

Regards,


  ,''`.
 : :'  :     Chris Lamb
 `. `'`      lamby@debian.org / chris-lamb.co.uk
   `-