Preisgabe von Informationen in libjpeg-turbo
ID: | USN-4386-1 |
Distribution: | Ubuntu |
Plattformen: | Ubuntu 16.04 LTS, Ubuntu 12.04 ESM, Ubuntu 18.04 LTS, Ubuntu 14.04 ESM, Ubuntu 19.10, Ubuntu 20.04 LTS |
Datum: | Di, 9. Juni 2020, 21:52 |
Referenzen: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13790 |
Applikationen: | libjpeg-turbo |
Originalnachricht |
|
--===============8445744807849291296== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="OXfL5xGRrasGEqWY" Content-Disposition: inline --OXfL5xGRrasGEqWY Content-Type: text/plain; charset=us-ascii Content-Disposition: inline ========================================================================== Ubuntu Security Notice USN-4386-1 June 09, 2020 libjpeg-turbo vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 19.10 - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 ESM - Ubuntu 12.04 ESM Summary: libjpeg-turbo could be made to expose sensitive information if it received a specially crafted PPM file. Software Description: - libjpeg-turbo: library for handling JPEG files Details: It was discovered that libjpeg-turbo incorrectly handled certain PPM files. An attacker could possibly use this issue to access sensitive information. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS: libjpeg-turbo8 2.0.3-0ubuntu1.20.04.1 Ubuntu 19.10: libjpeg-turbo8 2.0.3-0ubuntu1.19.10.1 Ubuntu 18.04 LTS: libjpeg-turbo8 1.5.2-0ubuntu5.18.04.4 Ubuntu 16.04 LTS: libjpeg-turbo8 1.4.2-0ubuntu3.4 Ubuntu 14.04 ESM: libjpeg-turbo8 1.3.0-0ubuntu2.1+esm1 Ubuntu 12.04 ESM: libjpeg-turbo8 1.1.90+svn733-0ubuntu4.6 In general, a standard system update will make all the necessary changes. References: https://usn.ubuntu.com/4386-1 CVE-2020-13790 Package Information: https://launchpad.net/ubuntu/+source/libjpeg-turbo/2.0.3-0ubuntu1.20.04.1 https://launchpad.net/ubuntu/+source/libjpeg-turbo/2.0.3-0ubuntu1.19.10.1 https://launchpad.net/ubuntu/+source/libjpeg-turbo/1.5.2-0ubuntu5.18.04.4 https://launchpad.net/ubuntu/+source/libjpeg-turbo/1.4.2-0ubuntu3.4 --OXfL5xGRrasGEqWY Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEf+ebRFcoyOoAQoOeRbznW4QLH2kFAl7f5SUACgkQRbznW4QL H2mfBA//Ra0XE83Xr/rJq7iZNz6wwT6fLL/787HJm3DQ9ppj8QnvM2d/fLwKDhSW bEAmLMKFgRi1u3+vw7g5+YuT7pVvzbsc//TyBh05yjtLHdM/eylF5+ui1MjIOB04 rMg5zYwfxkYtgDfyhf1YTpmb6ydV5giZbgrRJ/ZlmLkGJ/VBXtikOVnUvE66yCnB JdtT2NDPaX5oyqEyI59N4DzoU50zGOZ/p9PI+mI7O5tFWAccjR7d8bT2v5Rmmwez pwoNYMNIBJh3BoUUiFrcKWXMLRfyH7Z4C3s2251xDEyxUpAaebHpb2Ba18sQP2eS DHZAd70FznO0n1T24/6kQLJCd6iGuGILWNsMleZBCOiiUB9zjYEXpJIN+qM32UTj FMSnWOg2OSsc9yXYL6w81dDDYYkLX5lY/4tqRv+2qea3BI3HsZympjd9yyBkjnyP pGtcOoh30QWMG88tkxbfgcooZVJE1CE80SV4kg4taSPOnxfpTrFmdjFA4TikoXIj DVAOOb0bmGDzeXJBRJp/1pEKZ1zKVmrPg+QoIEDJ2iPydZvzRMvPmdMNBPqzZQ1z 4Z1tEcXYehpzvjj3QMJ/yfnHa6YoSQgV/30xWLPTzMNAhhx+Uk1YcA5UL0P7qh+w DqB+jt4wmRWrVmcAY04jkv1D5+CJDGC8y8OKY33n1raH0ZbsdAc= =urkT -----END PGP SIGNATURE----- --OXfL5xGRrasGEqWY-- --===============8445744807849291296== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce |