Amazon Linux 1 Security Advisory: ALAS-2014-337
Advisory Release Date: 2014-05-13 16:23 Pacific
Advisory Updated Date: 2014-09-18 00:34 Pacific
Stack-based buffer overflow in the jbg_dec_in function in libjbig/jbig.c in JBIG-KIT before 2.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted image file.
Affected Packages:
jbigkit
Issue Correction:
Run yum update jbigkit to update your system.
i686:
jbigkit-debuginfo-2.0-11.4.amzn1.i686
jbigkit-libs-2.0-11.4.amzn1.i686
jbigkit-2.0-11.4.amzn1.i686
jbigkit-devel-2.0-11.4.amzn1.i686
src:
jbigkit-2.0-11.4.amzn1.src
x86_64:
jbigkit-2.0-11.4.amzn1.x86_64
jbigkit-devel-2.0-11.4.amzn1.x86_64
jbigkit-debuginfo-2.0-11.4.amzn1.x86_64
jbigkit-libs-2.0-11.4.amzn1.x86_64