Описание
Security update for jpeg
This update for jpeg fixes the following issues:
- CVE-2017-15232: NULL pointer dereferences in jdpostct.c and jquant1.c could lead to denial of service (crash) when processing images [bsc#1062937]
- CVE-2018-11813: Fixed the end-of-file mishandling in read_pixel in rdtarga.c, which allowed remote attackers to cause a denial-of-service via crafted JPG files due to a large loop [bsc#1096209]
- CVE-2018-1152: Fixed a denial of service in start_input_bmp() rdbmp.c caused by a divide by zero when processing a crafted BMP image [bsc#1098155]
Список пакетов
SUSE Linux Enterprise Server 11 SP4
jpeg-6b-879.12.7.1
libjpeg-6.2.0-879.12.7.1
libjpeg-32bit-6.2.0-879.12.7.1
libjpeg-x86-6.2.0-879.12.7.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4
jpeg-6b-879.12.7.1
libjpeg-6.2.0-879.12.7.1
libjpeg-32bit-6.2.0-879.12.7.1
libjpeg-x86-6.2.0-879.12.7.1
SUSE Linux Enterprise Software Development Kit 11 SP4
libjpeg-devel-6.2.0-879.12.7.1
libjpeg-devel-32bit-6.2.0-879.12.7.1
Ссылки
- Link for SUSE-SU-2018:1825-1
- E-Mail link for SUSE-SU-2018:1825-1
- SUSE Security Ratings
- SUSE Bug 1062937
- SUSE Bug 1096209
- SUSE Bug 1098155
- SUSE CVE CVE-2017-15232 page
- SUSE CVE CVE-2018-1152 page
- SUSE CVE CVE-2018-11813 page
Описание
libjpeg-turbo 1.5.2 has a NULL Pointer Dereference in jdpostct.c and jquant1.c via a crafted JPEG file.
Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:jpeg-6b-879.12.7.1
SUSE Linux Enterprise Server 11 SP4:libjpeg-32bit-6.2.0-879.12.7.1
SUSE Linux Enterprise Server 11 SP4:libjpeg-6.2.0-879.12.7.1
SUSE Linux Enterprise Server 11 SP4:libjpeg-x86-6.2.0-879.12.7.1
Ссылки
- CVE-2017-15232
- SUSE Bug 1062937
Описание
libjpeg-turbo 1.5.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted BMP image.
Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:jpeg-6b-879.12.7.1
SUSE Linux Enterprise Server 11 SP4:libjpeg-32bit-6.2.0-879.12.7.1
SUSE Linux Enterprise Server 11 SP4:libjpeg-6.2.0-879.12.7.1
SUSE Linux Enterprise Server 11 SP4:libjpeg-x86-6.2.0-879.12.7.1
Ссылки
- CVE-2018-1152
- SUSE Bug 1098155
Описание
libjpeg 9c has a large loop because read_pixel in rdtarga.c mishandles EOF.
Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:jpeg-6b-879.12.7.1
SUSE Linux Enterprise Server 11 SP4:libjpeg-32bit-6.2.0-879.12.7.1
SUSE Linux Enterprise Server 11 SP4:libjpeg-6.2.0-879.12.7.1
SUSE Linux Enterprise Server 11 SP4:libjpeg-x86-6.2.0-879.12.7.1
Ссылки
- CVE-2018-11813
- SUSE Bug 1096209
- SUSE Bug 1172994
- SUSE Bug 1172995