Amazon Linux 1 Security Advisory: ALAS-2013-267
Advisory Release Date: 2013-12-17 21:32 Pacific
Advisory Updated Date: 2014-09-16 22:13 Pacific
FAQs regarding Amazon Linux ALAS/CVE Severity
An uninitialized memory read issue was found in the way libjpeg-turbo decoded images with missing Start Of Scan (SOS) JPEG markers or Define Huffman Table (DHT) JPEG markers. A remote attacker could create a specially crafted JPEG image that, when decoded, could possibly lead to a disclosure of potentially sensitive information. (CVE-2013-6629, CVE-2013-6630)
Affected Packages:
libjpeg-turbo
Issue Correction:
Run yum update libjpeg-turbo to update your system.
i686:
libjpeg-turbo-static-1.2.1-3.4.amzn1.i686
libjpeg-turbo-debuginfo-1.2.1-3.4.amzn1.i686
libjpeg-turbo-utils-1.2.1-3.4.amzn1.i686
turbojpeg-1.2.1-3.4.amzn1.i686
turbojpeg-devel-1.2.1-3.4.amzn1.i686
libjpeg-turbo-devel-1.2.1-3.4.amzn1.i686
libjpeg-turbo-1.2.1-3.4.amzn1.i686
src:
libjpeg-turbo-1.2.1-3.4.amzn1.src
x86_64:
libjpeg-turbo-static-1.2.1-3.4.amzn1.x86_64
libjpeg-turbo-debuginfo-1.2.1-3.4.amzn1.x86_64
libjpeg-turbo-devel-1.2.1-3.4.amzn1.x86_64
turbojpeg-devel-1.2.1-3.4.amzn1.x86_64
libjpeg-turbo-utils-1.2.1-3.4.amzn1.x86_64
turbojpeg-1.2.1-3.4.amzn1.x86_64
libjpeg-turbo-1.2.1-3.4.amzn1.x86_64