Bug 1031734 (CVE-2013-6629)
Summary: | CVE-2013-6629 libjpeg: information leak (read of uninitialized memory) | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Vincent Danen <vdanen> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | cpelland, erik-fedora, fedora-mingw, jkurik, jrusnack, kalevlember, lfarkas, pfrields, phracek, rbalakri, rjones, thoger |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2015-03-02 18:04:27 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1031737, 1031739, 1031740, 1031741, 1031952, 1031954, 1031955, 1031957 | ||
Bug Blocks: | 1030229, 1082776 |
Description
Vincent Danen
2013-11-18 16:21:31 UTC
Created libjpeg-turbo tracking bugs for this issue: Affects: fedora-all [bug 1031737] Created mingw-libjpeg-turbo tracking bugs for this issue: Affects: fedora-all [bug 1031740] Created mingw32-libjpeg tracking bugs for this issue: Affects: epel-5 [bug 1031741] The Chromium bug is https://code.google.com/p/chromium/issues/detail?id=258723 but it's not currently public. Common Vulnerabilities and Exposures assigned an identifier CVE-2013-6629 to the following vulnerability: Name: CVE-2013-6629 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6629 Assigned: 20131105 Reference: FULLDISC:20131112 bugs in IJG jpeg6b & libjpeg-turbo Reference: http://archives.neohapsis.com/archives/fulldisclosure/2013-11/0080.html Reference: http://bugs.ghostscript.com/show_bug.cgi?id=686980 Reference: http://googlechromereleases.blogspot.com/2013/11/stable-channel-update.html Reference: https://code.google.com/p/chromium/issues/detail?id=258723 Reference: https://src.chromium.org/viewvc/chrome?revision=229729&view=revision The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image. This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2013:1804 https://rhn.redhat.com/errata/RHSA-2013-1804.html This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2013:1803 https://rhn.redhat.com/errata/RHSA-2013-1803.html Michal Zalewski's test page for this bug: http://lcamtuf.coredump.cx/jpeg_leak/ This issue has been addressed in following products: Oracle Java for Red Hat Enterprise Linux 6 Oracle Java for Red Hat Enterprise Linux 5 Via RHSA-2014:0413 https://rhn.redhat.com/errata/RHSA-2014-0413.html This issue has been addressed in following products: Supplementary for Red Hat Enterprise Linux 6 Supplementary for Red Hat Enterprise Linux 5 Via RHSA-2014:0412 https://rhn.redhat.com/errata/RHSA-2014-0412.html OpenJDK upstream commit: http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/5ccfde781cdb This issue has been addressed in following products: Oracle Java for Red Hat Enterprise Linux 6 Oracle Java for Red Hat Enterprise Linux 5 Via RHSA-2014:0414 https://rhn.redhat.com/errata/RHSA-2014-0414.html This issue has been addressed in following products: Supplementary for Red Hat Enterprise Linux 5 Supplementary for Red Hat Enterprise Linux 6 Via RHSA-2014:0486 https://rhn.redhat.com/errata/RHSA-2014-0486.html This issue has been addressed in following products: Supplementary for Red Hat Enterprise Linux 5 Supplementary for Red Hat Enterprise Linux 6 Via RHSA-2014:0508 https://rhn.redhat.com/errata/RHSA-2014-0508.html This issue has been addressed in following products: Supplementary for Red Hat Enterprise Linux 5 Supplementary for Red Hat Enterprise Linux 6 Via RHSA-2014:0509 https://rhn.redhat.com/errata/RHSA-2014-0509.html *** Bug 1106388 has been marked as a duplicate of this bug. *** This issue has been addressed in following products: Supplementary for Red Hat Enterprise Linux 7 Via RHSA-2014:0705 https://rhn.redhat.com/errata/RHSA-2014-0705.html This issue has been addressed in following products: Red Hat Network Satellite Server v 5.4 Red Hat Network Satellite Server v 5.5 Red Hat Satellite Server v 5.6 Via RHSA-2014:0982 https://rhn.redhat.com/errata/RHSA-2014-0982.html All the bugs are closed. This bugzilla can be closed too. |