You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa libjpeg-turbo

Sigurnosni nedostaci programskog paketa libjpeg-turbo

==========================================================================
Ubuntu Security Notice USN-4190-1
November 13, 2019

libjpeg-turbo vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 19.04
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in libjpeg-turbo.

Software Description:
– libjpeg-turbo: library for handling JPEG files

Details:

It was discovered that libjpeg-turbo incorrectly handled certain BMP images.
An attacker could possibly use this issue to expose sensitive information.
This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.
(CVE-2018-14498)

It was discovered that libjpeg-turbo incorrectly handled certain JPEG images.
An attacker could possibly use this issue to expose sensitive information.
This issue only affected Ubuntu 19.04. (CVE-2018-19664)

It was discovered that libjpeg-turbo incorrectly handled certain BMP images.
An attacker could possibly use this issue to execute arbitrary code. This
issue only affected Ubuntu 19.04. (CVE-2018-20330)

It was discovered that libjpeg-turbo incorrectly handled certain JPEG images.
An attacker could possibly cause a denial of service or execute arbitrary code.
(CVE-2019-2201)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.04:
libjpeg-turbo8 2.0.1-0ubuntu2.2

Ubuntu 18.04 LTS:
libjpeg-turbo8 1.5.2-0ubuntu5.18.04.3

Ubuntu 16.04 LTS:
libjpeg-turbo8 1.4.2-0ubuntu3.3

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4190-1
CVE-2018-14498, CVE-2018-19664, CVE-2018-20330, CVE-2019-2201

Package Information:
https://launchpad.net/ubuntu/+source/libjpeg-turbo/2.0.1-0ubuntu2.2
https://launchpad.net/ubuntu/+source/libjpeg-turbo/1.5.2-0ubuntu5.18.04.3
https://launchpad.net/ubuntu/+source/libjpeg-turbo/1.4.2-0ubuntu3.3
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIcBAEBAgAGBQJdzDUNAAoJEEW851uECx9pC2IP/2UD6NLpNIBiEPPYhxCAU2BT
XabfPdHP/UfzO9Af0JSzd9KTuNxBb1j4AYKI0saHpptyWQhXtO7D466xAkT53jEs
57iARaJQTDwju/rnFE4S+oRN/8FxVNSfybISdaz9i+qrlLASY372+6Vnd/Vv9MSj
thNCFivRoomrHqFzaFBMMWQ7e/8tMHPzbe7WCjw0ZTbuxlehIjX+NFfanPy69qhP
muXUhv5X0RZnbtRh+9qCEBHH2XvqjWusFXbs6fjvVWnqGEpFMP+28IW3YvXpHLRl
SiHlQNXDgZxdkZ7WxgbT4WBjabu2z0Uf9/nclaOOTEQ3BWUGXba0ahmKof0p5e8j
ECtFpTeF/Iq7btlg8wAEUgeKCbo8Brck/vIYu+VD0d5oayRFqVb8tN2gwHYqsul0
OqwsIiobvBHQzJkd1pwJWxtw/9nd8FeQJIztGR5eUY3QLg2jZOE498CU0g9gI+am
c6ha7gXiKC6jXOveOe0m8rJEfZjoEJgkWGVCEbG5rRe8EZJ58VFDOvz5G4EsZIep
0L2j+2oDchBxPGymCnoSFvuHyMLez7FCxCu8ZkxjLZU8PwO/hG/1zYUPgV2mbd2b
6g0JAKknTKbvnpwWt5zLSIbhrfLUj1vUXwFj7v1Pki1/68rCyyipTf+wcPTL3SFp
7fRS6ulHEYLjY++UE7gS
=Q5f8
—–END PGP SIGNATURE—–

Top
More in Preporuke
Sigurnosni nedostatak programskog paketa dpdk

Otkriven je sigurnosni nedostatak u programskom paketu dpdk za operacijski sustav Ubuntu. Otkriveni nedostatak potencijalnim napadačima omogućuje izazivanje DoS stanja....

Close