Synopsis: Moderate: libjpeg-turbo security update Advisory ID: SLSA-2019:2052-1 Issue Date: 2019-08-06 CVE Numbers: CVE-2016-3616 CVE-2018-11213 CVE-2018-11212 CVE-2018-11214 CVE-2018-14498 CVE-2018-11813 -- Security Fix(es): * libjpeg: null pointer dereference in cjpeg (CVE-2016-3616) * libjpeg-turbo: heap-based buffer over-read via crafted 8-bit BMP in get_8bit_row in rdbmp.c leads to denial of service (CVE-2018-14498) * libjpeg-turbo: Divide By Zero in alloc_sarray function in jmemmgr.c (CVE-2018-11212) * libjpeg: Segmentation fault in get_text_gray_row function in rdppm.c (CVE-2018-11213) * libjpeg: Segmentation fault in get_text_rgb_row function in rdppm.c (CVE-2018-11214) * libjpeg: "cjpeg" utility large loop because read_pixel in rdtarga.c mishandles EOF (CVE-2018-11813) -- SL7 x86_64 libjpeg-turbo-devel-1.2.90-8.el7.x86_64.rpm libjpeg-turbo-1.2.90-8.el7.i686.rpm libjpeg-turbo-devel-1.2.90-8.el7.i686.rpm libjpeg-turbo-1.2.90-8.el7.x86_64.rpm libjpeg-turbo-static-1.2.90-8.el7.x86_64.rpm turbojpeg-devel-1.2.90-8.el7.i686.rpm turbojpeg-1.2.90-8.el7.x86_64.rpm libjpeg-turbo-utils-1.2.90-8.el7.x86_64.rpm turbojpeg-devel-1.2.90-8.el7.x86_64.rpm turbojpeg-1.2.90-8.el7.i686.rpm libjpeg-turbo-static-1.2.90-8.el7.i686.rpm libjpeg-turbo-debuginfo-1.2.90-8.el7.i686.rpm libjpeg-turbo-debuginfo-1.2.90-8.el7.x86_64.rpm - Scientific Linux Development Team