Univention Bugzilla – Bug 51762
libjpeg-turbo: Multiple issues (4.4)
Last modified: 2020-08-05 15:15:42 CEST
New Debian libjpeg-turbo 1:1.5.1-2+deb9u1 fixes: This update addresses the following issues: * Divide by zero allows for denial of service via crafted BMP image (CVE-2018-1152) * heap-based buffer over-read via crafted 8-bit BMP in get_8bit_row in rdbmp.c leads to denial of service (CVE-2018-14498) * heap-based buffer over-read in get_rgb_row() in rdppm.c (CVE-2020-13790) * improper handling of max_memory_to_use setting can lead to excessive memory consumption (CVE-2020-14152)
--- mirror/ftp/4.3/unmaintained/4.3-0/source/libjpeg-turbo_1.5.1-2.dsc +++ apt/ucs_4.4-0-errata4.4-5/source/libjpeg-turbo_1.5.1-2+deb9u1.dsc @@ -1,3 +1,18 @@ +1:1.5.1-2+deb9u1 [Wed, 29 Jul 2020 08:53:14 +0300] Adrian Bunk <bunk@debian.org>: + + * Non-maintainer upload by the LTS team. + * CVE-2018-1152: Denial of service vulnerability caused by a + divide by zero when processing a crafted BMP image in TJBench. + * CVE-2018-14498: Denial of service (heap-based buffer + over-read and application crash) via a crafted 8-bit BMP + in which one or more of the color indices is out of range + for the number of palette entries. + * CVE-2020-13790: Heap-based buffer over-read via a malformed + PPM input file. + * CVE-2020-14152: jpeg_mem_available() does not honor the + max_memory_to_use setting, possibly causing excessive + memory consumption. + 1:1.5.1-2 [Thu, 20 Oct 2016 15:51:27 +0200] Ondřej Surý <ondrej@debian.org>: * Declare env on MIPS on first use (Courtesy of Aurelien Jarno) (Closes: #841129) <http://10.200.17.11/4.4-5/#7616611690449066860>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-5] 602b406a23 Bug #51762: libjpeg-turbo 1:1.5.1-2+deb9u1 doc/errata/staging/libjpeg-turbo.yaml | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+)
<https://errata.software-univention.de/#/?erratum=4.4x692>