USN-2060-1: libjpeg, libjpeg-turbo vulnerabilities

19 December 2013

libjpeg and libjpeg-turbo could be made to expose sensitive information.

Releases

Packages

  • libjpeg-turbo - library for handling JPEG files
  • libjpeg6b - library for handling JPEG files

Details

Michal Zalewski discovered that libjpeg and libjpeg-turbo incorrectly
handled certain memory operations. An attacker could use this issue with
a specially-crafted JPEG file to possibly expose sensitive information.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 13.10
Ubuntu 13.04
Ubuntu 12.10
Ubuntu 12.04
Ubuntu 10.04

After a standard system update you need to restart your session to make all
the necessary changes.

Related notices