GLSA 202405-20: libjpeg-turbo: Multiple Vulnerabilities

Severity:	normal
Title:	libjpeg-turbo: Multiple Vulnerabilities
Date:	05/07/2024
Bugs:	#797424, #814206
ID:	202405-20

Synopsis

Multiple vulnerabilities have been discovered in libjpeg-turbo, the worst of which could lead to arbitrary code execution.

Background

libjpeg-turbo is a MMX, SSE, and SSE2 SIMD accelerated JPEG library.

Affected packages

Package	Vulnerable	Unaffected	Architecture(s)
media-libs/libjpeg-turbo	< 2.1.1	>= 2.1.1	All supported architectures

Description

Multiple vulnerabilities have been discovered in libjpeg-turbo. Please review the CVE identifiers referenced below for details.

Impact

Please review the referenced CVE identifiers for details.

Workaround

There is no known workaround at this time.

Resolution

All libjpeg-turbo users should upgrade to the latest version:

          # emerge --sync
          # emerge --ask --oneshot --verbose ">=media-libs/libjpeg-turbo-2.1.1"
        

References

• CVE-2021-37972
• CVE-2021-37971
• CVE-2021-37970
• CVE-2021-37968
• CVE-2021-37967
• CVE-2021-37966
• CVE-2021-37965
• CVE-2021-37963
• CVE-2021-37962
• CVE-2021-37961
• CVE-2021-37960
• CVE-2021-37959
• CVE-2021-37958
• CVE-2021-37957
• CVE-2021-37956
• CVE-2020-17541

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-202405-20.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2010 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.