Bug 3569 - [UPDATE REQUEST] [UPSTREAM UPDATE] libjpeg-turbo
: [UPDATE REQUEST] [UPSTREAM UPDATE] libjpeg-turbo
Status: RESOLVED FIXED
Product: Server Bugs
Classification: ROSA Server
Component: Main Packages
: unspecified
: All Linux
: Normal normal
: ---
Assigned To: Andrew Lukoshko
: ROSA Server Bugs
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2014-01-13 14:50 MSK by Andrew Lukoshko
Modified: 2014-01-16 20:26 MSK (History)
1 user (show)

See Also:
RPM Package:
ISO-related:
Bad POT generating:
Upstream:
vladimir.potapov: qa_verified+
andrew.lukoshko: published_server+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Andrew Lukoshko 2014-01-13 14:50:20 MSK
An uninitialized memory read issue was found in the way libjpeg-turbo decoded images with missing Start Of Scan (SOS) JPEG markers or Define Huffman Table (DHT) JPEG markers. A remote attacker could create a specially crafted JPEG image that, when decoded, could possibly lead to a disclosure of potentially sensitive information. (CVE-2013-6629, CVE-2013-6630)

http://rhn.redhat.com/errata/RHSA-2013-1803.html

https://abf.rosalinux.ru/build_lists/1513290
https://abf.rosalinux.ru/build_lists/1513291
Comment 1 Vladimir Potapov 2014-01-14 08:48:24 MSK
libjpeg-turbo-1.2.1-3.res6
************************** RHEL Advisory *****************************
An uninitialized memory read issue was found in the way libjpeg-turbo decoded images with missing Start Of Scan (SOS) JPEG markers or Define Huffman Table (DHT) JPEG markers. A remote attacker could create a specially crafted JPEG image that, when decoded, could possibly lead to a disclosure of potentially sensitive information. (CVE-2013-6629, CVE-2013-6630)
***********************************************************************
QA Verified