From 623ee73d661e5ed8475cb264511f683407d87365 Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Sun, 12 Apr 2020 03:41:30 +0100 Subject: gentoo Easter resync : 12.04.2020 --- metadata/glsa/glsa-202003-23.xml | 51 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 51 insertions(+) create mode 100644 metadata/glsa/glsa-202003-23.xml (limited to 'metadata/glsa/glsa-202003-23.xml') diff --git a/metadata/glsa/glsa-202003-23.xml b/metadata/glsa/glsa-202003-23.xml new file mode 100644 index 000000000000..0a16d80df9a3 --- /dev/null +++ b/metadata/glsa/glsa-202003-23.xml @@ -0,0 +1,51 @@ + + + + libjpeg-turbo: User-assisted execution of arbitrary code + Several integer overflows in libjpeg-turbo might allow an attacker + to execute arbitrary code. + + libjpeg-turbo + 2020-03-15 + 2020-03-15 + 699830 + local, remote + + + 2.0.3 + 2.0.3 + + + +

libjpeg-turbo is a MMX, SSE, and SSE2 SIMD accelerated JPEG library.

+ + +

It was discovered that libjpeg-turbo incorrectly handled certain JPEG + images. +

+ + +

A remote attacker could entice a user to open a specially crafted JPEG + file in an application linked against libjpeg-turbo, possibly resulting + in execution of arbitrary code with the privileges of the process or a + Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All libjpeg-turbo users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/libjpeg-turbo-2.0.3" + + + + + CVE-2019-2201 + + whissi + whissi + -- cgit v1.2.3