A Heap-based buffer overflow was found in the way libjpeg-turbo decompressed certain corrupt JPEG images in which the component count was erroneously set to a large value. An attacker could create a specially-crafted JPEG image that, when opened, could cause an application using libpng to crash or, possibly, execute arbitrary code with the privileges of the user running the application. References: https://bugzilla.redhat.com/show_bug.cgi?id=826849 http://libjpeg-turbo.svn.sourceforge.net/viewvc/libjpeg-turbo?view=revision&revision=830 This issue has been assigned CVE-2012-2806. Upstream release of libjpeg-turbo-1.2.1 resolves this issue. Thanx to Huzaifa Sidhpurwala / Red Hat Security Response Team Fix: update to libjpeg-turbo-1.2.1 Patch attached with submission follows:
Class Changed From-To: update->maintainer-update Fix category (submitter is maintainer) (via the GNATS Auto Assign Tool)
State Changed From-To: open->feedback Where is the patch? Something is missing here.
Author: cs Date: Wed Jul 18 20:28:47 2012 New Revision: 301124 URL: http://svn.freebsd.org/changeset/ports/301124 Log: Document buffer overflow in jpeg-turbo PR: ports/169963 Submitted by: Denis E Podolskiy <bytestore@yandex.ru> Security: CVE-2012-2806 Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Wed Jul 18 20:26:20 2012 (r301123) +++ head/security/vuxml/vuln.xml Wed Jul 18 20:28:47 2012 (r301124) @@ -52,6 +52,41 @@ Note: Please add new entries to the beg --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="a460035e-d111-11e1-aff7-001fd056c417"> + <topic>libjpeg-turbo -- heap-based buffer overflow</topic> + <affects> + <package> + <name>libjpeg-turbo</name> + <range><lt>1.2.0</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <blockquote cite="http://sourceforge.net/projects/libjpeg-turbo/files/1.2.1/README.txt"> + <p>The Changelog for version 1.2.1 says: Fixed a regression caused by + 1.2.0[6] in which decompressing corrupt JPEG images (specifically, + images in which the component count was erroneously set to a large + value) would cause libjpeg-turbo to segfault.</p> + </blockquote> + <blockquote cite="https://bugzilla.redhat.com/show_bug.cgi?id=826849"> + <p>A Heap-based buffer overflow was found in the way libjpeg-turbo + decompressed certain corrupt JPEG images in which the component count + was erroneously set to a large value. An attacker could create a + specially-crafted JPEG image that, when opened, could cause an + application using libpng to crash or, possibly, execute arbitrary code + with the privileges of the user running the application.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2012-2806</cvename> + </references> + <dates> + <discovery>2012-05-31</discovery> + <entry>2012-07-18</entry> + </dates> + </vuln> + <vuln vid="2fe4b57f-d110-11e1-ac76-10bf48230856"> <topic>Dokuwiki -- cross site scripting vulnerability</topic> <affects> _______________________________________________ svn-ports-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-ports-all To unsubscribe, send any mail to "svn-ports-all-unsubscribe@freebsd.org"
cFo> Where is the patch? Something is missing here. There was a failure when loading, here a patch once again
Responsible Changed From-To: freebsd-ports-bugs->cs I'll take it.
Tested in redports and portlint fine.
Author: cs Date: Fri Aug 3 07:03:55 2012 New Revision: 301942 URL: http://svn.freebsd.org/changeset/ports/301942 Log: Update to 1.2.1 PR: ports/169963 Submitted by: Denis E Podolskiy <bytestore@yandex.ru> Modified: head/graphics/libjpeg-turbo/Makefile head/graphics/libjpeg-turbo/distinfo Modified: head/graphics/libjpeg-turbo/Makefile ============================================================================== --- head/graphics/libjpeg-turbo/Makefile Fri Aug 3 06:57:00 2012 (r301941) +++ head/graphics/libjpeg-turbo/Makefile Fri Aug 3 07:03:55 2012 (r301942) @@ -6,8 +6,7 @@ # PORTNAME= libjpeg-turbo -PORTVERSION= 1.2.0 -PORTREVISION= 1 +PORTVERSION= 1.2.1 CATEGORIES= graphics MASTER_SITES= SF/${PORTNAME}/${PORTVERSION} Modified: head/graphics/libjpeg-turbo/distinfo ============================================================================== --- head/graphics/libjpeg-turbo/distinfo Fri Aug 3 06:57:00 2012 (r301941) +++ head/graphics/libjpeg-turbo/distinfo Fri Aug 3 07:03:55 2012 (r301942) @@ -1,2 +1,2 @@ -SHA256 (libjpeg-turbo-1.2.0.tar.gz) = 629db2a9b1295a1b0e5fa8dddda36c5da61a90536bef8295e0b209cbcd50f98e -SIZE (libjpeg-turbo-1.2.0.tar.gz) = 1752925 +SHA256 (libjpeg-turbo-1.2.1.tar.gz) = cb3323f054a02cedad193bd0ca418d46934447f995d19e678ea64f78e4903770 +SIZE (libjpeg-turbo-1.2.1.tar.gz) = 1755264 _______________________________________________ svn-ports-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-ports-all To unsubscribe, send any mail to "svn-ports-all-unsubscribe@freebsd.org"
State Changed From-To: feedback->closed Committed. Thank you very much.