Joined: 12 May 2004
|Posted: Sun Jun 05, 2016 8:26 pm Post subject: [ GLSA 201606-03 ] libjpeg-turbo
|Gentoo Linux Security Advisory
Title: libjpeg-turbo: Multiple vulnerabilities (GLSA 201606-03)
Date: June 05, 2016
Bug(s): #491150, #531418
Two vulnerabilities have been discovered in libjpeg-turbo, the
worse of which could allow remote attackers access to sensitive
libjpeg-turbo is a MMX, SSE, and SSE2 SIMD accelerated JPEG library
Vulnerable: < 1.4.2
Unaffected: >= 1.4.2
Architectures: All supported architectures
libjpeg-turbo does not check for certain duplications of component data
during the reading of segments that follow Start Of Scan (SOS) JPEG
Remote attackers could obtain sensitive information from uninitialized
memory locations via a crafted JPEG images.
There is no known workaround at this time.
All libjpeg-turbo users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=media-libs/libjpeg-turbo-1.4.2"