Login
Newsletter
Werbung

Sicherheit: Preisgabe von Informationen in libjpeg-turbo
Aktuelle Meldungen Distributionen
Name: Preisgabe von Informationen in libjpeg-turbo
ID: USN-4386-1
Distribution: Ubuntu
Plattformen: Ubuntu 16.04 LTS, Ubuntu 12.04 ESM, Ubuntu 18.04 LTS, Ubuntu 14.04 ESM, Ubuntu 19.10, Ubuntu 20.04 LTS
Datum: Di, 9. Juni 2020, 21:52
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13790
Applikationen: libjpeg-turbo

Originalnachricht


--===============8445744807849291296==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="OXfL5xGRrasGEqWY"
Content-Disposition: inline


--OXfL5xGRrasGEqWY
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

==========================================================================
Ubuntu Security Notice USN-4386-1
June 09, 2020

libjpeg-turbo vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS
- Ubuntu 19.10
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 ESM
- Ubuntu 12.04 ESM

Summary:

libjpeg-turbo could be made to expose sensitive information if it received a
specially
crafted PPM file.

Software Description:
- libjpeg-turbo: library for handling JPEG files

Details:

It was discovered that libjpeg-turbo incorrectly handled certain PPM files.
An attacker could possibly use this issue to access sensitive information.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS:
libjpeg-turbo8 2.0.3-0ubuntu1.20.04.1

Ubuntu 19.10:
libjpeg-turbo8 2.0.3-0ubuntu1.19.10.1

Ubuntu 18.04 LTS:
libjpeg-turbo8 1.5.2-0ubuntu5.18.04.4

Ubuntu 16.04 LTS:
libjpeg-turbo8 1.4.2-0ubuntu3.4

Ubuntu 14.04 ESM:
libjpeg-turbo8 1.3.0-0ubuntu2.1+esm1

Ubuntu 12.04 ESM:
libjpeg-turbo8 1.1.90+svn733-0ubuntu4.6

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4386-1
CVE-2020-13790

Package Information:
https://launchpad.net/ubuntu/+source/libjpeg-turbo/2.0.3-0ubuntu1.20.04.1
https://launchpad.net/ubuntu/+source/libjpeg-turbo/2.0.3-0ubuntu1.19.10.1
https://launchpad.net/ubuntu/+source/libjpeg-turbo/1.5.2-0ubuntu5.18.04.4
https://launchpad.net/ubuntu/+source/libjpeg-turbo/1.4.2-0ubuntu3.4

--OXfL5xGRrasGEqWY
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEf+ebRFcoyOoAQoOeRbznW4QLH2kFAl7f5SUACgkQRbznW4QL
H2mfBA//Ra0XE83Xr/rJq7iZNz6wwT6fLL/787HJm3DQ9ppj8QnvM2d/fLwKDhSW
bEAmLMKFgRi1u3+vw7g5+YuT7pVvzbsc//TyBh05yjtLHdM/eylF5+ui1MjIOB04
rMg5zYwfxkYtgDfyhf1YTpmb6ydV5giZbgrRJ/ZlmLkGJ/VBXtikOVnUvE66yCnB
JdtT2NDPaX5oyqEyI59N4DzoU50zGOZ/p9PI+mI7O5tFWAccjR7d8bT2v5Rmmwez
pwoNYMNIBJh3BoUUiFrcKWXMLRfyH7Z4C3s2251xDEyxUpAaebHpb2Ba18sQP2eS
DHZAd70FznO0n1T24/6kQLJCd6iGuGILWNsMleZBCOiiUB9zjYEXpJIN+qM32UTj
FMSnWOg2OSsc9yXYL6w81dDDYYkLX5lY/4tqRv+2qea3BI3HsZympjd9yyBkjnyP
pGtcOoh30QWMG88tkxbfgcooZVJE1CE80SV4kg4taSPOnxfpTrFmdjFA4TikoXIj
DVAOOb0bmGDzeXJBRJp/1pEKZ1zKVmrPg+QoIEDJ2iPydZvzRMvPmdMNBPqzZQ1z
4Z1tEcXYehpzvjj3QMJ/yfnHa6YoSQgV/30xWLPTzMNAhhx+Uk1YcA5UL0P7qh+w
DqB+jt4wmRWrVmcAY04jkv1D5+CJDGC8y8OKY33n1raH0ZbsdAc=
=urkT
-----END PGP SIGNATURE-----

--OXfL5xGRrasGEqWY--


--===============8445744807849291296==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung