Описание
Security update for libjpeg-turbo
This update for libjpeg-turbo fixes the following issues:
The following security vulnerabilities were addressed:
- CVE-2018-14498: Fixed a heap-based buffer over read in get_8bit_row function which could allow to an attacker to cause denial of service (bsc#1128712).
- CVE-2018-11813: Fixed the end-of-file mishandling in read_pixel in rdtarga.c, which allowed remote attackers to cause a denial-of-service via crafted JPG files due to a large loop (bsc#1096209)
- CVE-2018-1152: Fixed a denial of service in start_input_bmp() rdbmp.c caused by a divide by zero when processing a crafted BMP image (bsc#1098155)
Список пакетов
Container bci/openjdk-devel:11
libjpeg8-8.1.2-5.7.1
Container bci/openjdk:latest
libjpeg8-8.1.2-5.7.1
Container suse/rmt-nginx:latest
libjpeg8-8.1.2-5.7.1
Container suse/sles/15.2/virt-launcher:0.38.1
libjpeg8-8.1.2-5.7.1
Container suse/sles/15.3/libguestfs-tools:0.45.0
libjpeg8-8.1.2-5.7.1
Container suse/sles/15.3/virt-launcher:0.45.0
libjpeg8-8.1.2-5.7.1
Image SLES15-SP3-EC2-HVM
libjpeg8-8.1.2-5.7.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure
libjpeg8-8.1.2-5.7.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM
libjpeg8-8.1.2-5.7.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE
libjpeg8-8.1.2-5.7.1
Image SLES15-SP3-SAP-Azure
libjpeg8-8.1.2-5.7.1
Image SLES15-SP3-SAP-Azure-LI-BYOS-Production
libjpeg62-62.2.0-5.7.1
libjpeg8-8.1.2-5.7.1
Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production
libjpeg62-62.2.0-5.7.1
libjpeg8-8.1.2-5.7.1
Image SLES15-SP3-SAP-BYOS-Azure
libjpeg62-62.2.0-5.7.1
libjpeg8-8.1.2-5.7.1
Image SLES15-SP3-SAP-BYOS-EC2-HVM
libjpeg62-62.2.0-5.7.1
libjpeg8-8.1.2-5.7.1
Image SLES15-SP3-SAP-BYOS-GCE
libjpeg62-62.2.0-5.7.1
libjpeg8-8.1.2-5.7.1
Image SLES15-SP3-SAP-EC2-HVM
libjpeg8-8.1.2-5.7.1
Image SLES15-SP3-SAP-GCE
libjpeg8-8.1.2-5.7.1
Image SLES15-SP3-SAPCAL-Azure
libjpeg8-8.1.2-5.7.1
Image SLES15-SP3-SAPCAL-EC2-HVM
libjpeg8-8.1.2-5.7.1
Image SLES15-SP3-SAPCAL-GCE
libjpeg8-8.1.2-5.7.1
SUSE Linux Enterprise Module for Basesystem 15
libjpeg62-62.2.0-5.7.1
libjpeg62-devel-62.2.0-5.7.1
libjpeg8-8.1.2-5.7.1
libjpeg8-devel-8.1.2-5.7.1
libturbojpeg0-8.1.2-5.7.1
SUSE Linux Enterprise Module for Desktop Applications 15
libjpeg8-32bit-8.1.2-5.7.1
SUSE Linux Enterprise Module for Package Hub 15
libjpeg-turbo-1.5.3-5.7.1
Ссылки
- Link for SUSE-SU-2019:0711-1
- E-Mail link for SUSE-SU-2019:0711-1
- SUSE Security Ratings
- SUSE Bug 1096209
- SUSE Bug 1098155
- SUSE Bug 1128712
- SUSE CVE CVE-2018-1152 page
- SUSE CVE CVE-2018-11813 page
- SUSE CVE CVE-2018-14498 page
Описание
libjpeg-turbo 1.5.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted BMP image.
Затронутые продукты
Container bci/openjdk-devel:11:libjpeg8-8.1.2-5.7.1
Container bci/openjdk:latest:libjpeg8-8.1.2-5.7.1
Container suse/rmt-nginx:latest:libjpeg8-8.1.2-5.7.1
Container suse/sles/15.2/virt-launcher:0.38.1:libjpeg8-8.1.2-5.7.1
Ссылки
- CVE-2018-1152
- SUSE Bug 1098155
Описание
libjpeg 9c has a large loop because read_pixel in rdtarga.c mishandles EOF.
Затронутые продукты
Container bci/openjdk-devel:11:libjpeg8-8.1.2-5.7.1
Container bci/openjdk:latest:libjpeg8-8.1.2-5.7.1
Container suse/rmt-nginx:latest:libjpeg8-8.1.2-5.7.1
Container suse/sles/15.2/virt-launcher:0.38.1:libjpeg8-8.1.2-5.7.1
Ссылки
- CVE-2018-11813
- SUSE Bug 1096209
- SUSE Bug 1172994
- SUSE Bug 1172995
Описание
get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted 8-bit BMP in which one or more of the color indices is out of range for the number of palette entries.
Затронутые продукты
Container bci/openjdk-devel:11:libjpeg8-8.1.2-5.7.1
Container bci/openjdk:latest:libjpeg8-8.1.2-5.7.1
Container suse/rmt-nginx:latest:libjpeg8-8.1.2-5.7.1
Container suse/sles/15.2/virt-launcher:0.38.1:libjpeg8-8.1.2-5.7.1
Ссылки
- CVE-2018-14498
- SUSE Bug 1128712