[SECURITY] [DLA 1719-1] libjpeg-turbo security update

2019-03-1819:11:26

lists.debian.org

117

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

Confidence

High

EPSS

0.002

Percentile

62.2%

JSON

Package : libjpeg-turbo
Version : 1:1.3.1-12+deb8u2
CVE ID : CVE-2018-14498
Debian Bug : #924678

It was discovered that there was a denial of service vulnerability in
the libjpeg-turbo CPU-optimised JPEG image library. A heap-based
buffer over-read could be triggered by a specially-crafted bitmap
(BMP) file.

For Debian 8 "Jessie", this issue has been fixed in libjpeg-turbo
version 1:1.3.1-12+deb8u2.

We recommend that you upgrade your libjpeg-turbo packages.

Regards,

  ,&#x27;&#x27;`.
 : :&#x27;  :     Chris Lamb
 `. `&#x27;`      [email protected] / chris-lamb.co.uk
   `-

OSVersionArchitecturePackageVersionFilename
Debian9amd64libturbojpeg0< 1:1.5.1-2+deb9u1libturbojpeg0_1:1.5.1-2+deb9u1_amd64.deb
Debian10ppc64ellibjpeg62-turbo< 1:1.5.2-2+deb10u1libjpeg62-turbo_1:1.5.2-2+deb10u1_ppc64el.deb
Debian10i386libturbojpeg0< 1:1.5.2-2+deb10u1libturbojpeg0_1:1.5.2-2+deb10u1_i386.deb
Debian8armhflibjpeg62-turbo< 1:1.3.1-12+deb8u2libjpeg62-turbo_1:1.3.1-12+deb8u2_armhf.deb
Debian10ppc64ellibjpeg-turbo-progs< 1:1.5.2-2+deb10u1libjpeg-turbo-progs_1:1.5.2-2+deb10u1_ppc64el.deb
Debian9arm64libjpeg-turbo-progs< 1:1.5.1-2+deb9u1libjpeg-turbo-progs_1:1.5.1-2+deb9u1_arm64.deb
Debian10armhflibturbojpeg0-dev< 1:1.5.2-2+deb10u1libturbojpeg0-dev_1:1.5.2-2+deb10u1_armhf.deb
Debian10s390xlibjpeg62-turbo< 1:1.5.2-2+deb10u1libjpeg62-turbo_1:1.5.2-2+deb10u1_s390x.deb
Debian8i386libturbojpeg1-dev< 1:1.3.1-12+deb8u2libturbojpeg1-dev_1:1.3.1-12+deb8u2_i386.deb
Debian10i386libturbojpeg0-dev< 1:1.5.2-2+deb10u1libturbojpeg0-dev_1:1.5.2-2+deb10u1_i386.deb

OS	Version	Architecture	Package	Version	Filename
Debian	9	amd64	libturbojpeg0	< 1:1.5.1-2+deb9u1	libturbojpeg0_1:1.5.1-2+deb9u1_amd64.deb
Debian	10	ppc64el	libjpeg62-turbo	< 1:1.5.2-2+deb10u1	libjpeg62-turbo_1:1.5.2-2+deb10u1_ppc64el.deb
Debian	10	i386	libturbojpeg0	< 1:1.5.2-2+deb10u1	libturbojpeg0_1:1.5.2-2+deb10u1_i386.deb
Debian	8	armhf	libjpeg62-turbo	< 1:1.3.1-12+deb8u2	libjpeg62-turbo_1:1.3.1-12+deb8u2_armhf.deb
Debian	10	ppc64el	libjpeg-turbo-progs	< 1:1.5.2-2+deb10u1	libjpeg-turbo-progs_1:1.5.2-2+deb10u1_ppc64el.deb
Debian	9	arm64	libjpeg-turbo-progs	< 1:1.5.1-2+deb9u1	libjpeg-turbo-progs_1:1.5.1-2+deb9u1_arm64.deb
Debian	10	armhf	libturbojpeg0-dev	< 1:1.5.2-2+deb10u1	libturbojpeg0-dev_1:1.5.2-2+deb10u1_armhf.deb
Debian	10	s390x	libjpeg62-turbo	< 1:1.5.2-2+deb10u1	libjpeg62-turbo_1:1.5.2-2+deb10u1_s390x.deb
Debian	8	i386	libturbojpeg1-dev	< 1:1.3.1-12+deb8u2	libturbojpeg1-dev_1:1.3.1-12+deb8u2_i386.deb
Debian	10	i386	libturbojpeg0-dev	< 1:1.5.2-2+deb10u1	libturbojpeg0-dev_1:1.5.2-2+deb10u1_i386.deb