Executive Summary

Summary
Title libjpeg security update
Informations
Name RHSA-2013:1804 First vendor Publication 2013-12-09
Vendor RedHat Last vendor Modification 2013-12-09
Severity (Vendor) Moderate Revision 01

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Cvss Base Score 5 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

An updated libjpeg package that fixes one security issue is now available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.

2. Relevant releases/architectures:

RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64

3. Description:

The libjpeg package contains a library of functions for manipulating JPEG images. It also contains simple client programs for accessing the libjpeg functions.

An uninitialized memory read issue was found in the way libjpeg decoded images with missing Start Of Scan (SOS) JPEG markers. A remote attacker could create a specially crafted JPEG image that, when decoded, could possibly lead to a disclosure of potentially sensitive information. (CVE-2013-6629)

All libjpeg users are advised to upgrade to this updated package, which contains a backported patch to correct this issue.

4. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1031734 - CVE-2013-6629 libjpeg: information leak (read of uninitialized memory)

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2013-1804.html

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-200 Information Exposure

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:21129
 
Oval ID: oval:org.mitre.oval:def:21129
Title: RHSA-2013:1804: libjpeg security update (Moderate)
Description: The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.
Family: unix Class: patch
Reference(s): RHSA-2013:1804-00
CESA-2013:1804
CVE-2013-6629
Version: 4
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): libjpeg
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21236
 
Oval ID: oval:org.mitre.oval:def:21236
Title: The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.
Description: The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.
Family: windows Class: vulnerability
Reference(s): CVE-2013-6629
Version: 15
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): Google Chrome
Mozilla Firefox
Mozilla Thunderbird
Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23646
 
Oval ID: oval:org.mitre.oval:def:23646
Title: ELSA-2013:1804: libjpeg security update (Moderate)
Description: The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.
Family: unix Class: patch
Reference(s): ELSA-2013:1804-00
CVE-2013-6629
Version: 6
Platform(s): Oracle Linux 5
Product(s): libjpeg
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24712
 
Oval ID: oval:org.mitre.oval:def:24712
Title: Vulnerability in Java SE 5.0u61, Java SE 6u71, Java SE 7u51, Java SE 8 allows successful unauthenticated network attacks via multiple protocols
Description: The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.
Family: windows Class: vulnerability
Reference(s): CVE-2013-6629
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26181
 
Oval ID: oval:org.mitre.oval:def:26181
Title: HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.
Family: unix Class: vulnerability
Reference(s): CVE-2013-6629
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26976
 
Oval ID: oval:org.mitre.oval:def:26976
Title: DEPRECATED: ELSA-2013-1804 -- libjpeg security update (moderate)
Description: [6b-38] - Add patch for CVE-2013-6629 - Resolves: #1031952
Family: unix Class: patch
Reference(s): ELSA-2013-1804
CVE-2013-6629
Version: 4
Platform(s): Oracle Linux 5
Product(s): libjpeg
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 16
Application 3174
Application 1
Application 352
Application 35
Application 204
Application 244
Os 5
Os 2
Os 3
Os 3
Os 3
Os 1

Information Assurance Vulnerability Management (IAVM)

Date Description
2014-03-13 IAVM : 2014-B-0024 - Multiple Security Vulnerabilities in Apple iOS
Severity : Category I - VMSKEY : V0046157
2014-02-27 IAVM : 2014-A-0030 - Apple Mac OS X Security Update 2014-001
Severity : Category I - VMSKEY : V0044547
2013-12-12 IAVM : 2013-A-0233 - Multiple Vulnerabilities in Mozilla Products
Severity : Category I - VMSKEY : V0042596
2013-11-14 IAVM : 2013-B-0124 - Multiple Vulnerabilities in Google Chrome
Severity : Category I - VMSKEY : V0042301

Nessus® Vulnerability Scanner

Date Description
2017-04-12 Name : An application installed on the remote macOS or Mac OS X host is affected by ...
File : macosx_ms17-04-4019460_mono.nasl - Type : ACT_GATHER_INFO
2017-04-12 Name : The remote Windows host is affected by multiple vulnerabilities.
File : smb_nt_ms17_apr_4015550.nasl - Type : ACT_GATHER_INFO
2017-04-12 Name : The remote Windows host is affected by multiple vulnerabilities.
File : smb_nt_ms17_apr_4015549.nasl - Type : ACT_GATHER_INFO
2017-04-12 Name : The remote Windows host is affected by an information disclosure vulnerability.
File : smb_nt_ms17_apr_4015383.nasl - Type : ACT_GATHER_INFO
2017-04-11 Name : A web application framework running on the remote host is affected by an info...
File : smb_nt_ms17_apr_4017094.nasl - Type : ACT_GATHER_INFO
2017-04-11 Name : The remote Windows host is affected by multiple vulnerabilities.
File : smb_nt_ms17-apr_4015551.nasl - Type : ACT_GATHER_INFO
2017-04-11 Name : The remote Windows host is affected by multiple vulnerabilities.
File : smb_nt_ms17_apr_4015217.nasl - Type : ACT_GATHER_INFO
2017-04-11 Name : The remote Windows host is affected by multiple vulnerabilities.
File : smb_nt_ms17_apr_4015219.nasl - Type : ACT_GATHER_INFO
2017-04-11 Name : The remote Windows host is affected by multiple vulnerabilities.
File : smb_nt_ms17_apr_4015221.nasl - Type : ACT_GATHER_INFO
2017-04-11 Name : The remote Windows host is affected by multiple vulnerabilities.
File : smb_nt_ms17_apr_4015583.nasl - Type : ACT_GATHER_INFO
2016-06-06 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201606-03.nasl - Type : ACT_GATHER_INFO
2016-05-24 Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL59503294.nasl - Type : ACT_GATHER_INFO
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2014-0732-1.nasl - Type : ACT_GATHER_INFO
2014-12-16 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-773.nasl - Type : ACT_GATHER_INFO
2014-12-16 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-772.nasl - Type : ACT_GATHER_INFO
2014-11-08 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0982.nasl - Type : ACT_GATHER_INFO
2014-11-08 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0414.nasl - Type : ACT_GATHER_INFO
2014-11-08 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0413.nasl - Type : ACT_GATHER_INFO
2014-11-08 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2014-0041.nasl - Type : ACT_GATHER_INFO
2014-09-23 Name : The remote host has software installed that is affected by multiple vulnerabi...
File : ibm_domino_9_0_1_fp2.nasl - Type : ACT_GATHER_INFO
2014-09-23 Name : The remote host has software installed that is affected by multiple vulnerabi...
File : domino_9_0_1_fp2.nasl - Type : ACT_GATHER_INFO
2014-09-23 Name : The remote host has software installed that is affected by multiple vulnerabi...
File : ibm_notes_9_0_1_fp2.nasl - Type : ACT_GATHER_INFO
2014-09-17 Name : The remote host has a virtualization management application installed that is...
File : vmware_vcenter_vmsa-2014-0008.nasl - Type : ACT_GATHER_INFO
2014-09-17 Name : The remote host has an update manager installed that is affected by multiple ...
File : vmware_vcenter_update_mgr_vmsa-2014-0008.nasl - Type : ACT_GATHER_INFO
2014-07-30 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0705.nasl - Type : ACT_GATHER_INFO
2014-07-28 Name : The remote AIX host has a version of Java SDK installed that is potentially a...
File : aix_java_apr2014_advisory.nasl - Type : ACT_GATHER_INFO
2014-06-30 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201406-32.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2013-993.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2013-1022.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2013-1023.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2013-1024.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2013-903.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2013-904.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2013-961.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2013-994.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2013-995.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-2.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-37.nasl - Type : ACT_GATHER_INFO
2014-06-10 Name : The remote Fedora host is missing a security update.
File : fedora_2014-6870.nasl - Type : ACT_GATHER_INFO
2014-06-10 Name : The remote Fedora host is missing a security update.
File : fedora_2014-6859.nasl - Type : ACT_GATHER_INFO
2014-06-03 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_java-1_6_0-ibm-140514.nasl - Type : ACT_GATHER_INFO
2014-06-01 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_java-1_7_0-ibm-140515.nasl - Type : ACT_GATHER_INFO
2014-05-16 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0509.nasl - Type : ACT_GATHER_INFO
2014-05-16 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0508.nasl - Type : ACT_GATHER_INFO
2014-05-14 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_java-1_7_0-openjdk-140508.nasl - Type : ACT_GATHER_INFO
2014-05-14 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0486.nasl - Type : ACT_GATHER_INFO
2014-05-06 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2923.nasl - Type : ACT_GATHER_INFO
2014-04-18 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0412.nasl - Type : ACT_GATHER_INFO
2014-04-16 Name : The remote Unix host contains a programming platform that is potentially affe...
File : oracle_java_cpu_apr_2014_unix.nasl - Type : ACT_GATHER_INFO
2014-04-16 Name : The remote Windows host contains a programming platform that is potentially a...
File : oracle_java_cpu_apr_2014.nasl - Type : ACT_GATHER_INFO
2014-03-12 Name : The remote device is affected by multiple vulnerabilities.
File : appletv_6_1.nasl - Type : ACT_GATHER_INFO
2014-02-25 Name : The remote host is missing a Mac OS X update that fixes multiple security vul...
File : macosx_SecUpd2014-001.nasl - Type : ACT_GATHER_INFO
2014-02-25 Name : The remote host is missing a Mac OS X update that fixes a certificate validat...
File : macosx_10_9_2.nasl - Type : ACT_GATHER_INFO
2014-01-12 Name : The remote Fedora host is missing a security update.
File : fedora_2013-23722.nasl - Type : ACT_GATHER_INFO
2014-01-03 Name : The remote Fedora host is missing a security update.
File : fedora_2013-23291.nasl - Type : ACT_GATHER_INFO
2013-12-24 Name : The remote Fedora host is missing a security update.
File : fedora_2013-23749.nasl - Type : ACT_GATHER_INFO
2013-12-23 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2013-267.nasl - Type : ACT_GATHER_INFO
2013-12-20 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2060-1.nasl - Type : ACT_GATHER_INFO
2013-12-18 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2013-23519.nasl - Type : ACT_GATHER_INFO
2013-12-17 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2013-350-02.nasl - Type : ACT_GATHER_INFO
2013-12-16 Name : The remote Fedora host is missing a security update.
File : fedora_2013-23295.nasl - Type : ACT_GATHER_INFO
2013-12-16 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_dd116b1964b311e3868f0025905a4771.nasl - Type : ACT_GATHER_INFO
2013-12-12 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2013-23127.nasl - Type : ACT_GATHER_INFO
2013-12-12 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2053-1.nasl - Type : ACT_GATHER_INFO
2013-12-12 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2052-1.nasl - Type : ACT_GATHER_INFO
2013-12-11 Name : The remote Mac OS X host contains a web browser that is potentially affected ...
File : macosx_firefox_24_2_esr.nasl - Type : ACT_GATHER_INFO
2013-12-11 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20131210_libjpeg_turbo_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2013-12-11 Name : The remote Mac OS X host contains a web browser that is potentially affected ...
File : macosx_firefox_26.nasl - Type : ACT_GATHER_INFO
2013-12-11 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20131210_libjpeg_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2013-12-11 Name : The remote Windows host contains a web browser that is potentially affected b...
File : mozilla_firefox_24_2_esr.nasl - Type : ACT_GATHER_INFO
2013-12-11 Name : The remote Windows host contains a web browser that is potentially affected b...
File : mozilla_firefox_26.nasl - Type : ACT_GATHER_INFO
2013-12-11 Name : The remote Windows host contains a web browser that is potentially affected b...
File : seamonkey_223.nasl - Type : ACT_GATHER_INFO
2013-12-11 Name : The remote Windows host contains a mail client that is potentially affected b...
File : mozilla_thunderbird_24_2.nasl - Type : ACT_GATHER_INFO
2013-12-11 Name : The remote Mac OS X host contains a mail client that is potentially affected ...
File : macosx_thunderbird_24_2.nasl - Type : ACT_GATHER_INFO
2013-12-11 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-1804.nasl - Type : ACT_GATHER_INFO
2013-12-10 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-1803.nasl - Type : ACT_GATHER_INFO
2013-12-10 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2013-1803.nasl - Type : ACT_GATHER_INFO
2013-12-10 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2013-1804.nasl - Type : ACT_GATHER_INFO
2013-12-10 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-1804.nasl - Type : ACT_GATHER_INFO
2013-12-10 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-1803.nasl - Type : ACT_GATHER_INFO
2013-11-22 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2013-273.nasl - Type : ACT_GATHER_INFO
2013-11-21 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2799.nasl - Type : ACT_GATHER_INFO
2013-11-14 Name : The remote host contains a web browser that is affected by multiple vulnerabi...
File : google_chrome_31_0_1650_48.nasl - Type : ACT_GATHER_INFO
2013-11-14 Name : The remote Mac OS X host contains a web browser that is affected by multiple ...
File : macosx_google_chrome_31_0_1650_48.nasl - Type : ACT_GATHER_INFO
2013-11-13 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_3bfc70164bcc11e3b0cf00262d5ed8ee.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2014-02-17 11:57:41
  • Multiple Updates
2013-12-10 05:18:07
  • First insertion