ALAS-2013-267


Amazon Linux 1 Security Advisory: ALAS-2013-267
Advisory Release Date: 2013-12-17 21:32 Pacific
Advisory Updated Date: 2014-09-16 22:13 Pacific
Severity: Medium

Issue Overview:

An uninitialized memory read issue was found in the way libjpeg-turbo decoded images with missing Start Of Scan (SOS) JPEG markers or Define Huffman Table (DHT) JPEG markers. A remote attacker could create a specially crafted JPEG image that, when decoded, could possibly lead to a disclosure of potentially sensitive information. (CVE-2013-6629, CVE-2013-6630)


Affected Packages:

libjpeg-turbo


Issue Correction:
Run yum update libjpeg-turbo to update your system.

New Packages:
i686:
    libjpeg-turbo-static-1.2.1-3.4.amzn1.i686
    libjpeg-turbo-debuginfo-1.2.1-3.4.amzn1.i686
    libjpeg-turbo-utils-1.2.1-3.4.amzn1.i686
    turbojpeg-1.2.1-3.4.amzn1.i686
    turbojpeg-devel-1.2.1-3.4.amzn1.i686
    libjpeg-turbo-devel-1.2.1-3.4.amzn1.i686
    libjpeg-turbo-1.2.1-3.4.amzn1.i686

src:
    libjpeg-turbo-1.2.1-3.4.amzn1.src

x86_64:
    libjpeg-turbo-static-1.2.1-3.4.amzn1.x86_64
    libjpeg-turbo-debuginfo-1.2.1-3.4.amzn1.x86_64
    libjpeg-turbo-devel-1.2.1-3.4.amzn1.x86_64
    turbojpeg-devel-1.2.1-3.4.amzn1.x86_64
    libjpeg-turbo-utils-1.2.1-3.4.amzn1.x86_64
    turbojpeg-1.2.1-3.4.amzn1.x86_64
    libjpeg-turbo-1.2.1-3.4.amzn1.x86_64