Opened 3 years ago

Closed 3 years ago

#11672 closed enhancement (fixed)

libjpeg-turbo-2.0.2 (CVE-2018-19664 CVE-2018-20330)

Reported by: Bruce Dubbs Owned by: Douglas R. Reno
Priority: high Milestone: 8.4
Component: BOOK Version: SVN
Severity: normal Keywords:
Cc:

Description

New point version. Not too late for 8.4.

Change History (8)

comment:1 by Douglas R. Reno, 3 years ago

Summary: libjpeg-turbo-2.0.2libjpeg-turbo-2.0.2 (CVE-2018-19664 CVE-2018-20330)
2.0.2
Significant changes relative to 2.0.1:

    Fixed a regression introduced by 2.0.1[5] that prevented a runtime search path (rpath) from being embedded in the libjpeg-turbo shared libraries and executables for macOS and iOS. This caused a fatal error of the form "dyld: Library not loaded" when attempting to use one of the executables, unless DYLD_LIBRARY_PATH was explicitly set to the location of the libjpeg-turbo shared libraries.

    Fixed an integer overflow and subsequent segfault (CVE-2018-20330) that occurred when attempting to load a BMP file with more than 1 billion pixels using the tjLoadImage() function.

    Fixed a buffer overrun (CVE-2018-19664) that occurred when attempting to decompress a specially-crafted malformed JPEG image to a 256-color BMP using djpeg.

    Fixed a floating point exception that occurred when attempting to decompress a specially-crafted malformed JPEG image with a specified image width or height of 0 using the C version of TJBench.

    The TurboJPEG API will now decompress 4:4:4 JPEG images with 2x1, 1x2, 3x1, or 1x3 luminance and chrominance sampling factors. This is a non-standard way of specifying 1x subsampling (normally 4:4:4 JPEGs have 1x1 luminance and chrominance sampling factors), but the JPEG format and the libjpeg API both allow it.

    Fixed a regression introduced by 2.0 beta1[7] that caused djpeg to generate incorrect PPM images when used with the -colors option.

    Fixed an issue whereby a static build of libjpeg-turbo (a build in which ENABLE_SHARED is 0) could not be installed using the Visual Studio IDE.

    Fixed a severe performance issue in the Loongson MMI SIMD extensions that occurred when compressing RGB images whose image rows were not 64-bit-aligned.

Security fixes: CVE-2018-20330 CVE-2018-19664

comment:2 by Douglas R. Reno, 3 years ago

Priority: normalhigh

Actually bump to the proper priority.

comment:3 by Douglas R. Reno, 3 years ago

I think I might be able to get to this tonight. Does anyone have any objections to me taking it?

comment:4 by Bruce Dubbs, 3 years ago

Owner: changed from blfs-book to Douglas R. Reno

comment:5 by Douglas R. Reno, 3 years ago

Status: newassigned

comment:6 by Bruce Dubbs, 3 years ago

Only needs stats update.

100% tests passed, 0 tests failed out of 151

SBU=.329
2112 /usr/src/libjpeg-turbo/libjpeg-turbo-2.0.2.tar.gz SIZE (2.062 MB)
31568 kilobytes BUILD SIZE (30.828 MB)
md5sum : 79f76fbfb0c6109631332762d10e16d2

comment:7 by Douglas R. Reno, 3 years ago

Thank you for the heads up. Are you on your way through X? I'm halted on LLVM right now.

comment:8 by Douglas R. Reno, 3 years ago

Resolution: fixed
Status: assignedclosed

Fixed at r21176

Note: See TracTickets for help on using tickets.