Mageia alert MGASA-2017-0407 (libjpeg)


From:
    	       Mageia Updates <buildsystem-daemon@mageia.org> 
To:
    	       updates-announce@ml.mageia.org 
Subject:
    	       [updates-announce] MGASA-2017-0407: Updated libjpeg packages fix a security vulnerability 
Date:
    	       Fri, 10 Nov 2017 20:33:44 +0100
Message-ID:
    	       <20171110193344.8096E9FEE5@duvel.mageia.org>
MGASA-2017-0407 - Updated libjpeg packages fix a security vulnerability

Publication date: 10 Nov 2017
URL: https://advisories.mageia.org/MGASA-2017-0407.html
Type: security
Affected Mageia releases: 5, 6
CVE: CVE-2017-15232

Description:
libjpeg-turbo 1.5.2 has a NULL Pointer Dereference in jdpostct.c and
jquant1.c via a crafted JPEG file. (CVE-2017-15232)

References:
- https://bugs.mageia.org/show_bug.cgi?id=21974
- https://lists.opensuse.org/opensuse-updates/2017-10/msg00...
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1...

SRPMS:
- 6/core/libjpeg-1.5.1-1.1.mga6
- 5/core/libjpeg-1.3.1-4.2.mga5

From:		Mageia Updates <buildsystem-daemon@mageia.org>
To:		updates-announce@ml.mageia.org
Subject:		[updates-announce] MGASA-2017-0407: Updated libjpeg packages fix a security vulnerability
Date:		Fri, 10 Nov 2017 20:33:44 +0100
Message-ID:		<20171110193344.8096E9FEE5@duvel.mageia.org>