Gentoo Linux Security Advisory 201606-3 - Two vulnerabilities have been discovered in libjpeg-turbo, the worse of which could allow remote attackers access to sensitive information. Versions prior to 1.4.2 are affected.
3cfb7ea243a05a648dea862fda0a8f0a5b163f83e82414c758b2fcfab197f918HP Security Bulletin HPSBUX03092 SSRT101668 - Potential security vulnerabilities have been identified in the Java Runtime Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities. Revision 1 of this advisory.
c475e47d56e402b9414d3d4787a5237a281a3f776dad71a9c75166d6b88b3ce1HP Security Bulletin HPSBUX03091 SSRT101667 - Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities. Revision 1 of this advisory.
a73ee293e490e0bc1321df066c53a0382b005d71d29f3d9b45085803e2a2f61cRed Hat Security Advisory 2014-0982-01 - This update corrects several security vulnerabilities in the IBM Java Runtime Environment shipped as part of Red Hat Network Satellite Server 5.4, 5.5, and 5.6. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. Several flaws were fixed in the IBM Java 2 Runtime Environment.
b4ddf444c5203044fecdf2fbe1d797919572413a3765151f718ef34faded1004Red Hat Security Advisory 2014-0508-01 - IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
90ddd4af030964838b2a1b328a5c7b9afc6b06fcb961dfc88d17c98ff3cc7f86Red Hat Security Advisory 2014-0509-01 - IBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
985dc09ea3dc919948c0e034b12323d756ba379e4d13d506967760d5a5afea60Red Hat Security Advisory 2014-0486-01 - IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
536d12cae6ea15d0d648b278cd51e8722b13f68ca7c008ded9487330b2408cb6Debian Linux Security Advisory 2923-1 - Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure or denial of service.
41db98129c7ced616079f72d5a8c232d6ab7d4a478b44de3842882ebf72fd54fRed Hat Security Advisory 2014-0412-01 - Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section.
14e6e30de1dd8d53d0118bd04bcdd0bae0938c861f8eebcd77cbd8be81d4fe4cRed Hat Security Advisory 2014-0413-02 - Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section.
36273595a316596e5e9c175f2af277f4b20df80c8667ad56d776f9fbe9258c28Apple Security Advisory 2014-03-10-2 - Apple TV 6.1 is now available and addresses information disclosure, date checking failure, buffer overflow, and various other vulnerabilities.
49c40a29a380c50803951ca030c4505c5a3bee971409553f3f4a97d6fc09fea0Apple Security Advisory 2014-03-10-1 - iOS 7.1 is now available and addresses multiple security vulnerabilities.
6c19d4e53e5fb1272b5bc0bf7fa4cc0fda92443e3c83f9bab736bb9f31bcb45dApple Security Advisory 2014-02-25-1 - OS X Mavericks 10.9.2 and Security Update 2014-001 is now available and addresses multiple security issues including the recent SSL vulnerability.
1d8f727073c1ea1d6289c8c7fa93c5237ad978b58d6ca700d78a6f12ea0f3b83Ubuntu Security Notice 2060-1 - Michal Zalewski discovered that libjpeg and libjpeg-turbo incorrectly handled certain memory operations. An attacker could use this issue with a specially-crafted JPEG file to possibly expose sensitive information.
ada724d80f6116cda0c73d2efd4024177e4c219c100094a3b9792cfeff4db895Slackware Security Advisory - New libjpeg packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue.
3e973178e555d20266eeb8d1dbcd714d627496aac57d36741091e9b882a4b23cUbuntu Security Notice 2053-1 - Ben Turner, Bobby Holley, Jesse Ruderman and Christian Holler discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. Tyson Smith and Jesse Schwartzentruber discovered a use-after-free in event listeners. If a user had enabled scripting, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. Various other issues were also addressed.
5159e7e7049d07c70b2c77d71de23572e9d141a50325c9e5342c445e96450dd1Ubuntu Security Notice 2052-1 - Ben Turner, Bobby Holley, Jesse Ruderman, Christian Holler and Christoph Diehl discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. Myk Melez discovered that the doorhanger notification for web app installation could persist between page navigations. An attacker could potentially exploit this to conduct clickjacking attacks. Various other issues were also addressed.
f5392ed2aec4c1a38337707139196b135dfb0210fd9d2c93db8ff4b5a38a983eRed Hat Security Advisory 2013-1804-01 - The libjpeg package contains a library of functions for manipulating JPEG images. It also contains simple client programs for accessing the libjpeg functions. An uninitialized memory read issue was found in the way libjpeg decoded images with missing Start Of Scan JPEG markers. A remote attacker could create a specially crafted JPEG image that, when decoded, could possibly lead to a disclosure of potentially sensitive information. All libjpeg users are advised to upgrade to this updated package, which contains a backported patch to correct this issue.
e6ee9501390f972f9e60ef6e91ee17272c95dfdb401e9c4b6a505e8e801d79e4Red Hat Security Advisory 2013-1803-01 - The libjpeg-turbo package contains a library of functions for manipulating JPEG images. It also contains simple client programs for accessing the libjpeg functions. An uninitialized memory read issue was found in the way libjpeg-turbo decoded images with missing Start Of Scan JPEG markers or Define Huffman Table JPEG markers. A remote attacker could create a specially crafted JPEG image that, when decoded, could possibly lead to a disclosure of potentially sensitive information.
764f2d1a0341a239da957f3ea164643680617a5f4bc005d7ab678c7618a811d7Mandriva Linux Security Advisory 2013-274 - A Heap-based buffer overflow was found in the way libjpeg-turbo decompressed certain corrupt JPEG images in which the component count was erroneously set to a large value. An attacker could create a specially-crafted JPEG image that, when opened, could cause an application using libpng to crash or, possibly, execute arbitrary code with the privileges of the user running the application. libjpeg 6b and libjpeg-turbo will use uninitialized memory when decoding images with missing SOS data for the luminance component in presence of valid chroma data. libjpeg-turbo will use uninitialized memory when handling Huffman tables.
a699eb9668adc83d9e220126707f88b19e9c60554afb68016efe762bd8825c95Mandriva Linux Security Advisory 2013-273 - libjpeg 6b and libjpeg-turbo will use uninitialized memory when decoding images with missing SOS data for the luminance component in presence of valid chroma data. libjpeg-turbo will use uninitialized memory when handling Huffman tables.
5ab93357e99a13fa424ef091ade9a5dad87aacf8255791e14c00578bc7cd0c4ejpeg6b and some of its optimized clones (e.g., libjpeg-turbo) will use uninitialized memory when decoding images with missing SOS data for the luminance component (Y) in presence of valid chroma data (Cr, Cb).
75281af87c2ac01e67120a1b37a4356f62199b948183ba8069556c239c29df05
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed