Mandriva Update For Libjpeg-turbo MDVSA-2012:121 (libjpeg-turbo) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

A vulnerability has been discovered and corrected in libjpeg-turbo: A Heap-based buffer overflow was found in the way libjpeg-turbo decompressed certain corrupt JPEG images in which the component count was erroneously set to a large value. An attacker could create a specially-crafted JPEG image that, when opened, could cause an application using libpng to crash or, possibly, execute arbitrary code with the privileges of the user running the application (CVE-2012-2806). The updated packages have been patched to correct this issue.

Affected

libjpeg-turbo on Mandriva Linux 2011.0

Severity

Classification

CVE CVE-2012-2806

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:051 (libpng)
Mandrake Security Advisory MDVSA-2009:145 (php)
Mandrake Security Advisory MDVSA-2009:043 (gnumeric)
Mandrake Security Advisory MDVSA-2009:206 (wget)
Mandrake Security Advisory MDVSA-2009:027 (cups)

Mandriva Update for libjpeg-turbo MDVSA-2012:121 (libjpeg-turbo)

Take action and discover your vulnerabilities