Описание
Security update for libjpeg-turbo
This update for libjpeg-turbo fixes the following issues:
The following security vulnerabilities were addressed:
- CVE-2018-14498: Fixed a heap-based buffer over read in get_8bit_row function which could allow to an attacker to cause denial of service (bsc#1128712).
- CVE-2018-11813: Fixed the end-of-file mishandling in read_pixel in rdtarga.c, which allowed remote attackers to cause a denial-of-service via crafted JPG files due to a large loop (bsc#1096209)
- CVE-2018-1152: Fixed a denial of service in start_input_bmp() rdbmp.c caused by a divide by zero when processing a crafted BMP image (bsc#1098155)
Список пакетов
Container caasp/v4/nginx-ingress-controller:beta1
libjpeg8-8.1.2-31.14.2
Image SLES12-SP5-Azure-SAP-BYOS
libjpeg62-62.2.0-31.14.2
libjpeg8-8.1.2-31.14.2
Image SLES12-SP5-Azure-SAP-On-Demand
libjpeg62-62.2.0-31.14.2
libjpeg8-8.1.2-31.14.2
Image SLES12-SP5-EC2-SAP-BYOS
libjpeg62-62.2.0-31.14.2
libjpeg8-8.1.2-31.14.2
Image SLES12-SP5-EC2-SAP-On-Demand
libjpeg62-62.2.0-31.14.2
libjpeg8-8.1.2-31.14.2
Image SLES12-SP5-GCE-SAP-BYOS
libjpeg62-62.2.0-31.14.2
libjpeg8-8.1.2-31.14.2
Image SLES12-SP5-GCE-SAP-On-Demand
libjpeg62-62.2.0-31.14.2
libjpeg8-8.1.2-31.14.2
Image SLES12-SP5-OCI-BYOS-SAP-BYOS
libjpeg62-62.2.0-31.14.2
libjpeg8-8.1.2-31.14.2
Image SLES12-SP5-SAP-Azure-LI-BYOS-Production
libjpeg62-62.2.0-31.14.2
libjpeg8-8.1.2-31.14.2
Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production
libjpeg62-62.2.0-31.14.2
libjpeg8-8.1.2-31.14.2
SUSE Linux Enterprise Desktop 12 SP3
libjpeg-turbo-1.5.3-31.14.2
libjpeg62-62.2.0-31.14.2
libjpeg62-32bit-62.2.0-31.14.2
libjpeg62-turbo-1.5.3-31.14.2
libjpeg8-8.1.2-31.14.2
libjpeg8-32bit-8.1.2-31.14.2
libturbojpeg0-8.1.2-31.14.2
SUSE Linux Enterprise Desktop 12 SP4
libjpeg-turbo-1.5.3-31.14.2
libjpeg62-62.2.0-31.14.2
libjpeg62-32bit-62.2.0-31.14.2
libjpeg62-turbo-1.5.3-31.14.2
libjpeg8-8.1.2-31.14.2
libjpeg8-32bit-8.1.2-31.14.2
libturbojpeg0-8.1.2-31.14.2
SUSE Linux Enterprise Server 12 SP3
libjpeg-turbo-1.5.3-31.14.2
libjpeg62-62.2.0-31.14.2
libjpeg62-32bit-62.2.0-31.14.2
libjpeg62-turbo-1.5.3-31.14.2
libjpeg8-8.1.2-31.14.2
libjpeg8-32bit-8.1.2-31.14.2
libturbojpeg0-8.1.2-31.14.2
SUSE Linux Enterprise Server 12 SP4
libjpeg-turbo-1.5.3-31.14.2
libjpeg62-62.2.0-31.14.2
libjpeg62-32bit-62.2.0-31.14.2
libjpeg62-turbo-1.5.3-31.14.2
libjpeg8-8.1.2-31.14.2
libjpeg8-32bit-8.1.2-31.14.2
libturbojpeg0-8.1.2-31.14.2
SUSE Linux Enterprise Server for SAP Applications 12 SP3
libjpeg-turbo-1.5.3-31.14.2
libjpeg62-62.2.0-31.14.2
libjpeg62-32bit-62.2.0-31.14.2
libjpeg62-turbo-1.5.3-31.14.2
libjpeg8-8.1.2-31.14.2
libjpeg8-32bit-8.1.2-31.14.2
libturbojpeg0-8.1.2-31.14.2
SUSE Linux Enterprise Server for SAP Applications 12 SP4
libjpeg-turbo-1.5.3-31.14.2
libjpeg62-62.2.0-31.14.2
libjpeg62-32bit-62.2.0-31.14.2
libjpeg62-turbo-1.5.3-31.14.2
libjpeg8-8.1.2-31.14.2
libjpeg8-32bit-8.1.2-31.14.2
libturbojpeg0-8.1.2-31.14.2
SUSE Linux Enterprise Software Development Kit 12 SP3
libjpeg62-devel-62.2.0-31.14.2
libjpeg8-devel-8.1.2-31.14.2
SUSE Linux Enterprise Software Development Kit 12 SP4
libjpeg62-devel-62.2.0-31.14.2
libjpeg8-devel-8.1.2-31.14.2
Ссылки
- Link for SUSE-SU-2019:1111-1
- E-Mail link for SUSE-SU-2019:1111-1
- SUSE Security Ratings
- SUSE Bug 1096209
- SUSE Bug 1098155
- SUSE Bug 1128712
- SUSE CVE CVE-2018-1152 page
- SUSE CVE CVE-2018-11813 page
- SUSE CVE CVE-2018-14498 page
Описание
libjpeg-turbo 1.5.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted BMP image.
Затронутые продукты
Container caasp/v4/nginx-ingress-controller:beta1:libjpeg8-8.1.2-31.14.2
Image SLES12-SP5-Azure-SAP-BYOS:libjpeg62-62.2.0-31.14.2
Image SLES12-SP5-Azure-SAP-BYOS:libjpeg8-8.1.2-31.14.2
Image SLES12-SP5-Azure-SAP-On-Demand:libjpeg62-62.2.0-31.14.2
Ссылки
- CVE-2018-1152
- SUSE Bug 1098155
Описание
libjpeg 9c has a large loop because read_pixel in rdtarga.c mishandles EOF.
Затронутые продукты
Container caasp/v4/nginx-ingress-controller:beta1:libjpeg8-8.1.2-31.14.2
Image SLES12-SP5-Azure-SAP-BYOS:libjpeg62-62.2.0-31.14.2
Image SLES12-SP5-Azure-SAP-BYOS:libjpeg8-8.1.2-31.14.2
Image SLES12-SP5-Azure-SAP-On-Demand:libjpeg62-62.2.0-31.14.2
Ссылки
- CVE-2018-11813
- SUSE Bug 1096209
- SUSE Bug 1172994
- SUSE Bug 1172995
Описание
get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted 8-bit BMP in which one or more of the color indices is out of range for the number of palette entries.
Затронутые продукты
Container caasp/v4/nginx-ingress-controller:beta1:libjpeg8-8.1.2-31.14.2
Image SLES12-SP5-Azure-SAP-BYOS:libjpeg62-62.2.0-31.14.2
Image SLES12-SP5-Azure-SAP-BYOS:libjpeg8-8.1.2-31.14.2
Image SLES12-SP5-Azure-SAP-On-Demand:libjpeg62-62.2.0-31.14.2
Ссылки
- CVE-2018-14498
- SUSE Bug 1128712