Security update for libjpeg-turbo SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2020:1413-1 Final 1 1 2020-09-11T14:25:03Z current 2020-09-11T14:25:03Z 2020-09-11T14:25:03Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for libjpeg-turbo This update for libjpeg-turbo fixes the following issues: - CVE-2020-13790: Fixed a heap-based buffer over-read via a malformed PPM input file (bsc#1172491). This update was imported from the SUSE:SLE-15:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2020-1413 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/52QOQYR4PVDHN5TNNBKZFP3AO4TWOOJE/ E-Mail link for openSUSE-SU-2020:1413-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1172491 SUSE Bug 1172491 https://www.suse.com/security/cve/CVE-2020-13790/ SUSE CVE CVE-2020-13790 page openSUSE Leap 15.1 libjpeg-turbo-1.5.3-lp151.6.6.1 libjpeg62-62.2.0-lp151.6.6.1 libjpeg62-32bit-62.2.0-lp151.6.6.1 libjpeg62-devel-62.2.0-lp151.6.6.1 libjpeg62-devel-32bit-62.2.0-lp151.6.6.1 libjpeg62-turbo-1.5.3-lp151.6.6.1 libjpeg8-8.1.2-lp151.6.6.1 libjpeg8-32bit-8.1.2-lp151.6.6.1 libjpeg8-devel-8.1.2-lp151.6.6.1 libjpeg8-devel-32bit-8.1.2-lp151.6.6.1 libturbojpeg0-8.1.2-lp151.6.6.1 libturbojpeg0-32bit-8.1.2-lp151.6.6.1 libjpeg-turbo-1.5.3-lp151.6.6.1 as a component of openSUSE Leap 15.1 libjpeg62-62.2.0-lp151.6.6.1 as a component of openSUSE Leap 15.1 libjpeg62-32bit-62.2.0-lp151.6.6.1 as a component of openSUSE Leap 15.1 libjpeg62-devel-62.2.0-lp151.6.6.1 as a component of openSUSE Leap 15.1 libjpeg62-devel-32bit-62.2.0-lp151.6.6.1 as a component of openSUSE Leap 15.1 libjpeg62-turbo-1.5.3-lp151.6.6.1 as a component of openSUSE Leap 15.1 libjpeg8-8.1.2-lp151.6.6.1 as a component of openSUSE Leap 15.1 libjpeg8-32bit-8.1.2-lp151.6.6.1 as a component of openSUSE Leap 15.1 libjpeg8-devel-8.1.2-lp151.6.6.1 as a component of openSUSE Leap 15.1 libjpeg8-devel-32bit-8.1.2-lp151.6.6.1 as a component of openSUSE Leap 15.1 libturbojpeg0-8.1.2-lp151.6.6.1 as a component of openSUSE Leap 15.1 libturbojpeg0-32bit-8.1.2-lp151.6.6.1 as a component of openSUSE Leap 15.1 libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file. CVE-2020-13790 openSUSE Leap 15.1:libjpeg-turbo-1.5.3-lp151.6.6.1 openSUSE Leap 15.1:libjpeg62-32bit-62.2.0-lp151.6.6.1 openSUSE Leap 15.1:libjpeg62-62.2.0-lp151.6.6.1 openSUSE Leap 15.1:libjpeg62-devel-32bit-62.2.0-lp151.6.6.1 openSUSE Leap 15.1:libjpeg62-devel-62.2.0-lp151.6.6.1 openSUSE Leap 15.1:libjpeg62-turbo-1.5.3-lp151.6.6.1 openSUSE Leap 15.1:libjpeg8-32bit-8.1.2-lp151.6.6.1 openSUSE Leap 15.1:libjpeg8-8.1.2-lp151.6.6.1 openSUSE Leap 15.1:libjpeg8-devel-32bit-8.1.2-lp151.6.6.1 openSUSE Leap 15.1:libjpeg8-devel-8.1.2-lp151.6.6.1 openSUSE Leap 15.1:libturbojpeg0-32bit-8.1.2-lp151.6.6.1 openSUSE Leap 15.1:libturbojpeg0-8.1.2-lp151.6.6.1 moderate 5.8 AV:N/AC:M/Au:N/C:P/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/52QOQYR4PVDHN5TNNBKZFP3AO4TWOOJE/ https://www.suse.com/security/cve/CVE-2020-13790.html CVE-2020-13790 https://bugzilla.suse.com/1172491 SUSE Bug 1172491