Skip to navigation

Security Advisory Moderate: libjpeg security update

Advisory: RHSA-2013:1804-1
Type: Security Advisory
Severity: Moderate
Issued on: 2013-12-09
Last updated on: 2013-12-09
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
CVEs (cve.mitre.org): CVE-2013-6629

Details

An updated libjpeg package that fixes one security issue is now available
for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

The libjpeg package contains a library of functions for manipulating JPEG
images. It also contains simple client programs for accessing the
libjpeg functions.

An uninitialized memory read issue was found in the way libjpeg decoded
images with missing Start Of Scan (SOS) JPEG markers. A remote attacker
could create a specially crafted JPEG image that, when decoded, could
possibly lead to a disclosure of potentially sensitive information.
(CVE-2013-6629)

All libjpeg users are advised to upgrade to this updated package, which
contains a backported patch to correct this issue.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the
Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258

Updated packages

RHEL Desktop Workstation (v. 5 client)

SRPMS:
libjpeg-6b-38.src.rpm     MD5: c8f37b285c86bd2e68154353694a2a19
SHA-256: 0bbfc3a9822a26069feb3d7596b7b3761b84ee2db46a0999988fcf6b331e8e39
 
IA-32:
libjpeg-debuginfo-6b-38.i386.rpm     MD5: 054842598e693aa94ec785007decfab8
SHA-256: 483bf226b73e51453b37fa2e646b2c238e41a36a94780f4347e60f201ead3a64
libjpeg-devel-6b-38.i386.rpm     MD5: aa49d144cf030210cdb1968af7e2fa5c
SHA-256: 43d661543ba2ff8394bc571c1ec7543bcb12ded122708d8ad181dddca5f8025e
 
x86_64:
libjpeg-debuginfo-6b-38.i386.rpm     MD5: 054842598e693aa94ec785007decfab8
SHA-256: 483bf226b73e51453b37fa2e646b2c238e41a36a94780f4347e60f201ead3a64
libjpeg-debuginfo-6b-38.x86_64.rpm     MD5: 53dcfc8e5bafe6b183e4f28bed378bb4
SHA-256: cbbe516fc9a3cb78e513cebf2d4f87356601666000c99b3a59f56e21308db055
libjpeg-devel-6b-38.i386.rpm     MD5: aa49d144cf030210cdb1968af7e2fa5c
SHA-256: 43d661543ba2ff8394bc571c1ec7543bcb12ded122708d8ad181dddca5f8025e
libjpeg-devel-6b-38.x86_64.rpm     MD5: a87e92e5e51f9631a79b0c6db35258af
SHA-256: 05e30174e3b463250102615b55f3d075743c561df94e4459c796cdf312fa204c
 
Red Hat Enterprise Linux (v. 5 server)

SRPMS:
libjpeg-6b-38.src.rpm     MD5: c8f37b285c86bd2e68154353694a2a19
SHA-256: 0bbfc3a9822a26069feb3d7596b7b3761b84ee2db46a0999988fcf6b331e8e39
 
IA-32:
libjpeg-6b-38.i386.rpm     MD5: f567a6dd3bb57f27a3ab7e059fdb9c5b
SHA-256: 0f35a9df4d10ec41841be55572de06a81a3b72da9102d8e7e50adc901eeef268
libjpeg-debuginfo-6b-38.i386.rpm     MD5: 054842598e693aa94ec785007decfab8
SHA-256: 483bf226b73e51453b37fa2e646b2c238e41a36a94780f4347e60f201ead3a64
libjpeg-devel-6b-38.i386.rpm     MD5: aa49d144cf030210cdb1968af7e2fa5c
SHA-256: 43d661543ba2ff8394bc571c1ec7543bcb12ded122708d8ad181dddca5f8025e
 
IA-64:
libjpeg-6b-38.i386.rpm     MD5: f567a6dd3bb57f27a3ab7e059fdb9c5b
SHA-256: 0f35a9df4d10ec41841be55572de06a81a3b72da9102d8e7e50adc901eeef268
libjpeg-6b-38.ia64.rpm     MD5: f2720290ef3dc6c9527d5e9a94a4e7f6
SHA-256: 4298c70366373a46f2c24c0b6d453c2431caf982792877b406e05ca559c995f5
libjpeg-debuginfo-6b-38.i386.rpm     MD5: 054842598e693aa94ec785007decfab8
SHA-256: 483bf226b73e51453b37fa2e646b2c238e41a36a94780f4347e60f201ead3a64
libjpeg-debuginfo-6b-38.ia64.rpm     MD5: 595d99775b2becae9c26d5b625b69603
SHA-256: ca23dc509393efe9b35270590a2ceae3e5b93d8caa2584761e4f6ad9a695cc6e
libjpeg-devel-6b-38.ia64.rpm     MD5: 28b325cecbd38662b75cc77167ceab9c
SHA-256: fd1fdbdbaf150803a8f4e0184d4ad80a1382c4269e1fc60cc0ed61d595ddaac8
 
PPC:
libjpeg-6b-38.ppc.rpm     MD5: 37ec8664bcc8e745b1de060fb86fec57
SHA-256: e8b8b8e9178115a6463f177b259ec366a23f12196f8d677f3aaa8a7bef566325
libjpeg-6b-38.ppc64.rpm     MD5: 68f4aefa4f3fff86e80145a083c92aa7
SHA-256: d20e943a27dbeca04070deb9a7e98b754c864808aeb36c0fb78b6625e9082087
libjpeg-debuginfo-6b-38.ppc.rpm     MD5: 7fe759189d750f0584e70cf65327f468
SHA-256: ba392f6a2dd3fb9dfa9b9ba8a36f86c48b774b8a3f2a373a48f56456fe340bb4
libjpeg-debuginfo-6b-38.ppc64.rpm     MD5: 9f631c41633eac9be54c17db4eb94092
SHA-256: b4e3363a6d814a84d312901eb3a1b2431cb7538ff76010d34a809dc84c51ad8c
libjpeg-devel-6b-38.ppc.rpm     MD5: 17deac4bdc5875301ac84a3fa887b697
SHA-256: b74512a8201607fc6205545fcb75eccf8d3499232a7715abc51d002d522896fa
libjpeg-devel-6b-38.ppc64.rpm     MD5: a60bba3b7989368050ac22703c06f0e8
SHA-256: 5ad1b77859f38dcde288f8674253ec610265a609b85598cb7fea5e619423dbe8
 
s390x:
libjpeg-6b-38.s390.rpm     MD5: f91c94c20173d863171fa67b358b4ee6
SHA-256: 6cd494ebf20088d20e3d21808a0ac8fc41bf67d2b3b131d2fe0d4f135a11abd9
libjpeg-6b-38.s390x.rpm     MD5: 6b226427253efde3ca53e7efb16eb517
SHA-256: ac49bf022ca3d8dcb27f22d613fc8e24d54fa348554c75a6001e38f41964147a
libjpeg-debuginfo-6b-38.s390.rpm     MD5: f9f73e93eb6220a6e9ad0d73d594e624
SHA-256: f7b7977ef70e0d49cbe799d1c78a6ad17b5de5c77f3288256dca7655dd94e8f2
libjpeg-debuginfo-6b-38.s390x.rpm     MD5: c388195d5f1d67753ce8112cf8eb056b
SHA-256: 20a42a8f68afee61d42df484f4f36ed4556d375ed6a8c338587e52e35d34576f
libjpeg-devel-6b-38.s390.rpm     MD5: 7a0fec0ebef5bb5e592100da7b1c0ab5
SHA-256: 6906a6ef2b33f94c382a47f2fa5157d57fb619bbbc946736b72f10812f5861c4
libjpeg-devel-6b-38.s390x.rpm     MD5: de2ab190a77c5f694a81ff4d058ccd0c
SHA-256: f0622bcf9cde5cbb8852288931fb28f060a5119297d844584dc62a0812ceaa38
 
x86_64:
libjpeg-6b-38.i386.rpm     MD5: f567a6dd3bb57f27a3ab7e059fdb9c5b
SHA-256: 0f35a9df4d10ec41841be55572de06a81a3b72da9102d8e7e50adc901eeef268
libjpeg-6b-38.x86_64.rpm     MD5: db59c24a33a5b112b1e104b1f40bb4bc
SHA-256: 2cdd998a424f77c4ee9cfcab06023b5bb988f4171b95bd9b3c1ce744d24b496f
libjpeg-debuginfo-6b-38.i386.rpm     MD5: 054842598e693aa94ec785007decfab8
SHA-256: 483bf226b73e51453b37fa2e646b2c238e41a36a94780f4347e60f201ead3a64
libjpeg-debuginfo-6b-38.x86_64.rpm     MD5: 53dcfc8e5bafe6b183e4f28bed378bb4
SHA-256: cbbe516fc9a3cb78e513cebf2d4f87356601666000c99b3a59f56e21308db055
libjpeg-devel-6b-38.i386.rpm     MD5: aa49d144cf030210cdb1968af7e2fa5c
SHA-256: 43d661543ba2ff8394bc571c1ec7543bcb12ded122708d8ad181dddca5f8025e
libjpeg-devel-6b-38.x86_64.rpm     MD5: a87e92e5e51f9631a79b0c6db35258af
SHA-256: 05e30174e3b463250102615b55f3d075743c561df94e4459c796cdf312fa204c
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
libjpeg-6b-38.src.rpm     MD5: c8f37b285c86bd2e68154353694a2a19
SHA-256: 0bbfc3a9822a26069feb3d7596b7b3761b84ee2db46a0999988fcf6b331e8e39
 
IA-32:
libjpeg-6b-38.i386.rpm     MD5: f567a6dd3bb57f27a3ab7e059fdb9c5b
SHA-256: 0f35a9df4d10ec41841be55572de06a81a3b72da9102d8e7e50adc901eeef268
libjpeg-debuginfo-6b-38.i386.rpm     MD5: 054842598e693aa94ec785007decfab8
SHA-256: 483bf226b73e51453b37fa2e646b2c238e41a36a94780f4347e60f201ead3a64
 
x86_64:
libjpeg-6b-38.i386.rpm     MD5: f567a6dd3bb57f27a3ab7e059fdb9c5b
SHA-256: 0f35a9df4d10ec41841be55572de06a81a3b72da9102d8e7e50adc901eeef268
libjpeg-6b-38.x86_64.rpm     MD5: db59c24a33a5b112b1e104b1f40bb4bc
SHA-256: 2cdd998a424f77c4ee9cfcab06023b5bb988f4171b95bd9b3c1ce744d24b496f
libjpeg-debuginfo-6b-38.i386.rpm     MD5: 054842598e693aa94ec785007decfab8
SHA-256: 483bf226b73e51453b37fa2e646b2c238e41a36a94780f4347e60f201ead3a64
libjpeg-debuginfo-6b-38.x86_64.rpm     MD5: 53dcfc8e5bafe6b183e4f28bed378bb4
SHA-256: cbbe516fc9a3cb78e513cebf2d4f87356601666000c99b3a59f56e21308db055
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

1031734 - CVE-2013-6629 libjpeg: information leak (read of uninitialized memory)


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/