The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of libjpeg-turbo: denial of service via Exif Marker

Synthesis of the vulnerability 

An attacker can generate a fatal error via Exif Marker of libjpeg-turbo, in order to trigger a denial of service.
Vulnerable software: Fedora, openSUSE, Ubuntu.
Severity of this announce: 2/4.
Creation date: 10/07/2018.
Références of this computer vulnerability: CVE-2014-9092, FEDORA-2014-17543, FEDORA-2014-17561, FEDORA-2015-2580, FEDORA-2015-2615, MDVSA-2015:014, MDVSA-2015:152, openSUSE-SU-2014:1637-1, USN-3706-1, USN-3706-2, VIGILANCE-VUL-26665.

Description of the vulnerability 

An attacker can generate a fatal error via Exif Marker of libjpeg-turbo, in order to trigger a denial of service.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This computer vulnerability bulletin impacts software or systems such as Fedora, openSUSE, Ubuntu.

Our Vigil@nce team determined that the severity of this vulnerability bulletin is medium.

The trust level is of type confirmed by the editor, with an origin of document.

An attacker with a expert ability can exploit this threat note.

Solutions for this threat 

Fedora: new libjpeg-turbo packages.
New packages are available:
  Fedora 20: libjpeg-turbo 1.3.1-3.fc20
  Fedora 21: libjpeg-turbo 1.3.1-5.fc21

Fedora: new mingw-libjpeg-turbo packages.
New packages are available:
  Fedora 20: mingw-libjpeg-turbo 1.3.1-4.fc20
  Fedora 21: mingw-libjpeg-turbo 1.3.1-4.fc21

Mandriva BS2: new libjpeg packages.
New packages are available:
  Mandriva BS2: libjpeg 1.3.0-4.1.mbs2

Mandriva: new libjpeg packages.
New packages are available:
  Mandriva BS1: libjpeg 1.2.0-5.3.mbs1

openSUSE: new libjpeg-turbo packages.
New packages are available:
  openSUSE 12.3: libjpeg-turbo 1.2.1-19.20.1
  openSUSE 13.1: libjpeg-turbo 1.2.1-24.4.1
  openSUSE 13.2: libjpeg-turbo 1.3.1-30.5.1

Ubuntu: new libjpeg-turbo packages.
New packages are available:
  Ubuntu 18.04 LTS: libjpeg-turbo8 1.5.2-0ubuntu5.18.04.1
  Ubuntu 17.10: libjpeg-turbo8 1.5.2-0ubuntu5.17.10.1
  Ubuntu 16.04 LTS: libjpeg-turbo8 1.4.2-0ubuntu3.1
  Ubuntu 14.04 LTS: libjpeg-turbo8 1.3.0-0ubuntu2.1
  Ubuntu 12.04 ESM: libjpeg-turbo8 1.1.90+svn733-0ubuntu4.5
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides applications vulnerabilities alerts. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications.