Oval Definition:oval:com.redhat.rhsa:def:20131803
Revision Date:2013-12-09Version:637
Title:RHSA-2013:1803: libjpeg-turbo security update (Moderate)
Description:The libjpeg-turbo package contains a library of functions for manipulating JPEG images. It also contains simple client programs for accessing the libjpeg functions.

  • An uninitialized memory read issue was found in the way libjpeg-turbo decoded images with missing Start Of Scan (SOS) JPEG markers or Define Huffman Table (DHT) JPEG markers. A remote attacker could create a specially crafted JPEG image that, when decoded, could possibly lead to a disclosure of potentially sensitive information. (CVE-2013-6629, CVE-2013-6630)

    All libjpeg-turbo users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2013-6629
    CVE-2013-6629
    CVE-2013-6630
    CVE-2013-6630
    RHSA-2013:1803
    RHSA-2013:1803-00
    RHSA-2013:1803-02
    Platform(s):Red Hat Enterprise Linux 6
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 6 is installed
  • AND
  • libjpeg-turbo is earlier than 0:1.2.1-3.el6_5
  • AND libjpeg-turbo is signed with Red Hat redhatrelease2 key
  • libjpeg-turbo-devel is earlier than 0:1.2.1-3.el6_5
  • AND libjpeg-turbo-devel is signed with Red Hat redhatrelease2 key
  • libjpeg-turbo-static is earlier than 0:1.2.1-3.el6_5
  • AND libjpeg-turbo-static is signed with Red Hat redhatrelease2 key
    • BACK