From Mageia wiki
Revision as of 17:04, 6 August 2012 by Tmb (talk | contribs) (Created page with "== MGASA-2012-0203 == {| |'''Date:''' |August 6th, 2012 |- |'''Affected releases:''' |1, 2 |} '''Description:'''<br/> Updated libjpeg packages fix security vulnerability:<br/>...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

MGASA-2012-0203

Date: August 6th, 2012
Affected releases: 1, 2


Description:
Updated libjpeg packages fix security vulnerability:

A Heap-based buffer overflow was found in the way libjpeg-turbo
decompressed certain corrupt JPEG images in which the component count
was erroneously set to a large value. An attacker could create a
specially-crafted JPEG image that, when opened, could cause an
application using libjpeg to crash or, possibly, execute arbitrary
code with the privileges of the user running the application
(CVE-2012-2806).


Updated Packages:
Mageia 1:
lib(64)jpeg62-6b-49.1.mga1
lib(64)jpeg62-devel-6b-49.1.mga1
lib(64)jpeg62-static-devel-6b-49.1.mga1
jpeg6-progs-6b-49.1.mga1
lib(64)jpeg8-8b-5.1.mga1
lib(64)jpeg-devel-8b-5.1.mga1
lib(64)jpeg-static-devel-8b-5.1.mga1
jpeg-progs-8b-5.1.mga1

Mageia 2:
lib(64)jpeg8-1.2.0-4.1.mga2
lib(64)jpeg62-1.2.0-4.1.mga2
lib(64)jpeg-devel-1.2.0-4.1.mga2
lib(64)jpeg-static-devel-1.2.0-4.1.mga2
jpeg-progs-1.2.0-4.1.mga2


References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2806
http://lists.opensuse.org/opensuse-updates/2012-08/msg00002.html
https://bugs.mageia.org/show_bug.cgi?id=6928