Headline
Ubuntu Security Notice USN-5497-1
Ubuntu Security Notice 5497-1 - It was discovered that Libjpeg6b was not properly performing bounds checks when compressing PPM and Targa image files. An attacker could possibly use this issue to cause a denial of service. Chijin Zhou discovered that Libjpeg6b was incorrectly handling the EOF character in input data when generating JPEG files. An attacker could possibly use this issue to force the execution of a large loop, force excessive memory consumption, and cause a denial of service.
==========================================================================Ubuntu Security Notice USN-5497-1June 30, 2022libjpeg6b vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 14.04 ESMSummary:Several security issues were fixed in Libjpeg6b.Software Description:- libjpeg6b: library for handling JPEG filesDetails:It was discovered that Libjpeg6b was not properly performing boundschecks when compressing PPM and Targa image files. An attacker couldpossibly use this issue to cause a denial of service.(CVE-2018-11212)Chijin Zhou discovered that Libjpeg6b was incorrectly handling theEOF character in input data when generating JPEG files. An attackercould possibly use this issue to force the execution of a large loop,force excessive memory consumption, and cause a denial of service.(CVE-2018-11813)Sheng Shu and Dongdong She discovered that Libjpeg6b was not properlylimiting the amount of memory being used when it was performingdecompression or multi-pass compression operations. An attacker couldpossibly use this issue to force excessive memory consumption andcause a denial of service. (CVE-2020-14152)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 14.04 ESM: libjpeg62 6b1-4ubuntu1+esm1In general, a standard system update will make all the necessary changes.References: https://ubuntu.com/security/notices/USN-5497-1 CVE-2018-11212, CVE-2018-11213, CVE-2018-11214, CVE-2018-11813, CVE-2020-14152Related news
Ubuntu Security Notice 5631-1 - It was discovered that libjpeg-turbo incorrectly handled certain EOF characters. An attacker could possibly use this issue to cause libjpeg-turbo to consume resource, leading to a denial of service. This issue only affected Ubuntu 18.04 LTS. It was discovered that libjpeg-turbo incorrectly handled certain malformed jpeg files. An attacker could possibly use this issue to cause libjpeg-turbo to crash, resulting in a denial of service.
Ubuntu Security Notice 5553-1 - It was discovered that libjpeg-turbo was not properly handling EOF characters, which could lead to excessive memory consumption through the execution of a large loop. An attacker could possibly use this issue to cause a denial of service. It was discovered that libjpeg-turbo was not properly performing bounds check operations, which could lead to a heap-based buffer overread. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 ESM.
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service ...
In IJG JPEG (aka libjpeg) from version 8 through 9c, jdhuff.c has an out-of-bounds array read for certain table pointers.
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).