Security update for jpeg

SUSE Security Update: Security update for jpeg
Announcement ID: SUSE-SU-2019:14069-1
Rating: low
References: #1122299 #1128712
Cross-References: CVE-2018-11212 CVE-2018-14498
Affected Products:
  • SUSE Linux Enterprise Debuginfo 11-SP4

An update that fixes two vulnerabilities is now available.

Description:

This update for jpeg fixes the following issue:
Security issue fixed:

  • CVE-2018-14498: Fixed a heap-based buffer over read in get_8bit_row function which could allow to an attacker to cause denial of service (bsc#1128712).
  • CVE-2018-11212: Fixed divide by zero in alloc_sarray function in jmemmgr.c (bsc#1122299).
  • CVE-2018-14498: Fixed denial of service in get_8bit_row in rdbmp.c (bsc#1128712).

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • SUSE Linux Enterprise Debuginfo 11-SP4:
    zypper in -t patch dbgsp4-jpeg-14069=1

Package List:

  • SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64):
    • jpeg-debuginfo-6b-879.12.12.1
    • jpeg-debugsource-6b-879.12.12.1

References: