You are here
Home > Preporuke > Sigurnosni nedostatak programske biblioteke libjpeg-turbo

Sigurnosni nedostatak programske biblioteke libjpeg-turbo

by Marina Dimic Vugec - 0
  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-4386-1
June 09, 2020

libjpeg-turbo vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 20.04 LTS
– Ubuntu 19.10
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS
– Ubuntu 14.04 ESM
– Ubuntu 12.04 ESM

Summary:

libjpeg-turbo could be made to expose sensitive information if it received a specially
crafted PPM file.

Software Description:
– libjpeg-turbo: library for handling JPEG files

Details:

It was discovered that libjpeg-turbo incorrectly handled certain PPM files.
An attacker could possibly use this issue to access sensitive information.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS:
libjpeg-turbo8 2.0.3-0ubuntu1.20.04.1

Ubuntu 19.10:
libjpeg-turbo8 2.0.3-0ubuntu1.19.10.1

Ubuntu 18.04 LTS:
libjpeg-turbo8 1.5.2-0ubuntu5.18.04.4

Ubuntu 16.04 LTS:
libjpeg-turbo8 1.4.2-0ubuntu3.4

Ubuntu 14.04 ESM:
libjpeg-turbo8 1.3.0-0ubuntu2.1+esm1

Ubuntu 12.04 ESM:
libjpeg-turbo8 1.1.90+svn733-0ubuntu4.6

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4386-1
CVE-2020-13790

Package Information:
https://launchpad.net/ubuntu/+source/libjpeg-turbo/2.0.3-0ubuntu1.20.04.1
https://launchpad.net/ubuntu/+source/libjpeg-turbo/2.0.3-0ubuntu1.19.10.1
https://launchpad.net/ubuntu/+source/libjpeg-turbo/1.5.2-0ubuntu5.18.04.4
https://launchpad.net/ubuntu/+source/libjpeg-turbo/1.4.2-0ubuntu3.4
—–BEGIN PGP SIGNATURE—–

iQIzBAABCgAdFiEEf+ebRFcoyOoAQoOeRbznW4QLH2kFAl7f5SUACgkQRbznW4QL
H2mfBA//Ra0XE83Xr/rJq7iZNz6wwT6fLL/787HJm3DQ9ppj8QnvM2d/fLwKDhSW
bEAmLMKFgRi1u3+vw7g5+YuT7pVvzbsc//TyBh05yjtLHdM/eylF5+ui1MjIOB04
rMg5zYwfxkYtgDfyhf1YTpmb6ydV5giZbgrRJ/ZlmLkGJ/VBXtikOVnUvE66yCnB
JdtT2NDPaX5oyqEyI59N4DzoU50zGOZ/p9PI+mI7O5tFWAccjR7d8bT2v5Rmmwez
pwoNYMNIBJh3BoUUiFrcKWXMLRfyH7Z4C3s2251xDEyxUpAaebHpb2Ba18sQP2eS
DHZAd70FznO0n1T24/6kQLJCd6iGuGILWNsMleZBCOiiUB9zjYEXpJIN+qM32UTj
FMSnWOg2OSsc9yXYL6w81dDDYYkLX5lY/4tqRv+2qea3BI3HsZympjd9yyBkjnyP
pGtcOoh30QWMG88tkxbfgcooZVJE1CE80SV4kg4taSPOnxfpTrFmdjFA4TikoXIj
DVAOOb0bmGDzeXJBRJp/1pEKZ1zKVmrPg+QoIEDJ2iPydZvzRMvPmdMNBPqzZQ1z
4Z1tEcXYehpzvjj3QMJ/yfnHa6YoSQgV/30xWLPTzMNAhhx+Uk1YcA5UL0P7qh+w
DqB+jt4wmRWrVmcAY04jkv1D5+CJDGC8y8OKY33n1raH0ZbsdAc=
=urkT
—–END PGP SIGNATURE—–

AutorGoran Culibrk
Cert idNCERT-REF-2020-06-0001-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
IzvorAdobe
Marina Dimic Vugec
Top
More in Preporuke
Sigurnosni nedostatak programskog paketa .NET Core

Otkriven je sigurnosni nedostatak u programskom paketu .NET Core za operacijski sustav Red Hat. Otkriveni nedostatak potencijalnim napadačima omogućuje izazivanje...

Close