Lucene search

K
suseSuseOPENSUSE-SU-2019:1118-1
HistoryApr 02, 2019 - 12:00 a.m.

Security update for libjpeg-turbo (moderate)

2019-04-0200:00:00
lists.opensuse.org
134

EPSS

0.008

Percentile

81.2%

An update that fixes three vulnerabilities is now available.

Description:

This update for libjpeg-turbo fixes the following issues:

The following security vulnerabilities were addressed:

  • CVE-2018-14498: Fixed a heap-based buffer over read in get_8bit_row
    function which could allow to an attacker to cause denial of service
    (bsc#1128712).
  • CVE-2018-11813: Fixed the end-of-file mishandling in read_pixel in
    rdtarga.c, which allowed remote attackers to cause a denial-of-service
    via crafted JPG files due to a large loop (bsc#1096209)
  • CVE-2018-1152: Fixed a denial of service in start_input_bmp() rdbmp.c
    caused by a divide by zero when processing a crafted BMP image
    (bsc#1098155)

This update was imported from the SUSE:SLE-15:Update update project.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

  • openSUSE Leap 15.0:

    zypper in -t patch openSUSE-2019-1118=1

OSVersionArchitecturePackageVersionFilename
openSUSE Leap15.0i586< - openSUSE Leap 15.0 (i586 x86_64):- openSUSE Leap 15.0 (i586 x86_64):.i586.rpm
openSUSE Leap15.0x86_64< - openSUSE Leap 15.0 (i586 x86_64):- openSUSE Leap 15.0 (i586 x86_64):.x86_64.rpm
openSUSE Leap15.0x86_64< - openSUSE Leap 15.0 (x86_64):- openSUSE Leap 15.0 (x86_64):.x86_64.rpm