ALAS-2014-337


Amazon Linux AMI Security Advisory: ALAS-2014-337
Advisory Release Date: 2014-09-18 00:34 Pacific
Severity: Medium
References: CVE-2013-6369 

Issue Overview:

Stack-based buffer overflow in the jbg_dec_in function in libjbig/jbig.c in JBIG-KIT before 2.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted image file.


Affected Packages:

jbigkit


Issue Correction:
Run yum update jbigkit to update your system.

New Packages:
i686:
    jbigkit-debuginfo-2.0-11.4.amzn1.i686
    jbigkit-libs-2.0-11.4.amzn1.i686
    jbigkit-2.0-11.4.amzn1.i686
    jbigkit-devel-2.0-11.4.amzn1.i686

src:
    jbigkit-2.0-11.4.amzn1.src

x86_64:
    jbigkit-2.0-11.4.amzn1.x86_64
    jbigkit-devel-2.0-11.4.amzn1.x86_64
    jbigkit-debuginfo-2.0-11.4.amzn1.x86_64
    jbigkit-libs-2.0-11.4.amzn1.x86_64