Bug 51762 - libjpeg-turbo: Multiple issues (4.4)
libjpeg-turbo: Multiple issues (4.4)
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 4.4
All Linux
: P3 normal (vote)
: UCS 4.4-5-errata
Assigned To: Quality Assurance
Erik Damrose
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2020-08-03 09:43 CEST by Quality Assurance
Modified: 2020-08-05 15:15 CEST (History)
0 users

See Also:
What kind of report is it?: Security Issue
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score: 8.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H)


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Quality Assurance univentionstaff 2020-08-03 09:43:36 CEST
New Debian libjpeg-turbo 1:1.5.1-2+deb9u1 fixes:
This update addresses the following issues:
* Divide by zero allows for denial of service via crafted BMP image  (CVE-2018-1152)
* heap-based buffer over-read via crafted 8-bit BMP in get_8bit_row in  rdbmp.c leads to denial of service (CVE-2018-14498)
* heap-based buffer over-read in get_rgb_row() in rdppm.c (CVE-2020-13790)
* improper handling of max_memory_to_use setting can lead to excessive memory  consumption (CVE-2020-14152)
Comment 1 Quality Assurance univentionstaff 2020-08-03 10:01:00 CEST
--- mirror/ftp/4.3/unmaintained/4.3-0/source/libjpeg-turbo_1.5.1-2.dsc
+++ apt/ucs_4.4-0-errata4.4-5/source/libjpeg-turbo_1.5.1-2+deb9u1.dsc
@@ -1,3 +1,18 @@
+1:1.5.1-2+deb9u1 [Wed, 29 Jul 2020 08:53:14 +0300] Adrian Bunk <bunk@debian.org>:
+
+  * Non-maintainer upload by the LTS team.
+  * CVE-2018-1152: Denial of service vulnerability caused by a
+    divide by zero when processing a crafted BMP image in TJBench.
+  * CVE-2018-14498: Denial of service (heap-based buffer
+    over-read and application crash) via a crafted 8-bit BMP
+    in which one or more of the color indices is out of range
+    for the number of palette entries.
+  * CVE-2020-13790: Heap-based buffer over-read via a malformed
+    PPM input file.
+  * CVE-2020-14152: jpeg_mem_available() does not honor the
+    max_memory_to_use setting, possibly causing excessive
+    memory consumption.
+
 1:1.5.1-2 [Thu, 20 Oct 2016 15:51:27 +0200] Ondřej Surý <ondrej@debian.org>:
 
   * Declare env on MIPS on first use (Courtesy of Aurelien Jarno) (Closes: #841129)

<http://10.200.17.11/4.4-5/#7616611690449066860>
Comment 2 Erik Damrose univentionstaff 2020-08-04 11:51:59 CEST
OK: yaml
OK: announce_errata
OK: patch
OK: piuparts

[4.4-5] 602b406a23 Bug #51762: libjpeg-turbo 1:1.5.1-2+deb9u1
 doc/errata/staging/libjpeg-turbo.yaml | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)