ID CVE-2013-6630
Summary The get_dht function in jdmarker.c in libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48 and other products, does not set all elements of a certain Huffman value array during the reading of segments that follow Define Huffman Table (DHT) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.
References
Vulnerable Configurations
  • Google Chrome 31.0.1650.47
    cpe:2.3:a:google:chrome:31.0.1650.47
  • Google Chrome 31.0.1650.46
    cpe:2.3:a:google:chrome:31.0.1650.46
  • Google Chrome 31.0.1650.45
    cpe:2.3:a:google:chrome:31.0.1650.45
  • Google Chrome 31.0.1650.44
    cpe:2.3:a:google:chrome:31.0.1650.44
  • Google Chrome 31.0.1650.43
    cpe:2.3:a:google:chrome:31.0.1650.43
  • Google Chrome 31.0.1650.42
    cpe:2.3:a:google:chrome:31.0.1650.42
  • Google Chrome 31.0.1650.41
    cpe:2.3:a:google:chrome:31.0.1650.41
  • Google Chrome 31.0.1650.39
    cpe:2.3:a:google:chrome:31.0.1650.39
  • Google Chrome 31.0.1650.38
    cpe:2.3:a:google:chrome:31.0.1650.38
  • Google Chrome 31.0.1650.37
    cpe:2.3:a:google:chrome:31.0.1650.37
  • Google Chrome 31.0.1650.36
    cpe:2.3:a:google:chrome:31.0.1650.36
  • Google Chrome 31.0.1650.35
    cpe:2.3:a:google:chrome:31.0.1650.35
  • Google Chrome 31.0.1650.34
    cpe:2.3:a:google:chrome:31.0.1650.34
  • Google Chrome 31.0.1650.33
    cpe:2.3:a:google:chrome:31.0.1650.33
  • Google Chrome 31.0.1650.32
    cpe:2.3:a:google:chrome:31.0.1650.32
  • Google Chrome 31.0.1650.31
    cpe:2.3:a:google:chrome:31.0.1650.31
  • Google Chrome 31.0.1650.30
    cpe:2.3:a:google:chrome:31.0.1650.30
  • Google Chrome 31.0.1650.29
    cpe:2.3:a:google:chrome:31.0.1650.29
  • Google Chrome 31.0.1650.28
    cpe:2.3:a:google:chrome:31.0.1650.28
  • Google Chrome 31.0.1650.27
    cpe:2.3:a:google:chrome:31.0.1650.27
  • Google Chrome 31.0.1650.26
    cpe:2.3:a:google:chrome:31.0.1650.26
  • Google Chrome 31.0.1650.25
    cpe:2.3:a:google:chrome:31.0.1650.25
  • Google Chrome 31.0.1650.23
    cpe:2.3:a:google:chrome:31.0.1650.23
  • Google Chrome 31.0.1650.22
    cpe:2.3:a:google:chrome:31.0.1650.22
  • Google Chrome 31.0.1650.20
    cpe:2.3:a:google:chrome:31.0.1650.20
  • Google Chrome 31.0.1650.19
    cpe:2.3:a:google:chrome:31.0.1650.19
  • Google Chrome 31.0.1650.18
    cpe:2.3:a:google:chrome:31.0.1650.18
  • Google Chrome 31.0.1650.17
    cpe:2.3:a:google:chrome:31.0.1650.17
  • Google Chrome 31.0.1650.16
    cpe:2.3:a:google:chrome:31.0.1650.16
  • Google Chrome 31.0.1650.15
    cpe:2.3:a:google:chrome:31.0.1650.15
  • Google Chrome 31.0.1650.14
    cpe:2.3:a:google:chrome:31.0.1650.14
  • Google Chrome 31.0.1650.13
    cpe:2.3:a:google:chrome:31.0.1650.13
  • Google Chrome 31.0.1650.12
    cpe:2.3:a:google:chrome:31.0.1650.12
  • Google Chrome 31.0.1650.11
    cpe:2.3:a:google:chrome:31.0.1650.11
  • Google Chrome 31.0.1650.10
    cpe:2.3:a:google:chrome:31.0.1650.10
  • Google Chrome 31.0.1650.9
    cpe:2.3:a:google:chrome:31.0.1650.9
  • Google Chrome 31.0.1650.8
    cpe:2.3:a:google:chrome:31.0.1650.8
  • Google Chrome 31.0.1650.7
    cpe:2.3:a:google:chrome:31.0.1650.7
  • Google Chrome 31.0.1650.6
    cpe:2.3:a:google:chrome:31.0.1650.6
  • Google Chrome 31.0.1650.5
    cpe:2.3:a:google:chrome:31.0.1650.5
  • Google Chrome 31.0.1650.4
    cpe:2.3:a:google:chrome:31.0.1650.4
  • Google Chrome 31.0.1650.3
    cpe:2.3:a:google:chrome:31.0.1650.3
  • Google Chrome 31.0.1650.2
    cpe:2.3:a:google:chrome:31.0.1650.2
  • Google Chrome 31.0.1650.0
    cpe:2.3:a:google:chrome:31.0.1650.0
CVSS
Base: 5.0 (as of 15-11-2016 - 13:56)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2013-961.NASL
    description Chromium was updated to 31.0.1650.57: Stable channel update : - Security Fixes : - CVE-2013-6632: Multiple memory corruption issues. - Update to Chromium 31.0.1650.48 Stable Channel update : - Security fixes : - CVE-2013-6621: Use after free related to speech input elements.. - CVE-2013-6622: Use after free related to media elements. - CVE-2013-6623: Out of bounds read in SVG. - CVE-2013-6624: Use after free related to “id” attribute strings. - CVE-2013-6625: Use after free in DOM ranges. - CVE-2013-6626: Address bar spoofing related to interstitial warnings. - CVE-2013-6627: Out of bounds read in HTTP parsing. - CVE-2013-6628: Issue with certificates not being checked during TLS renegotiation. - CVE-2013-2931: Various fixes from internal audits, fuzzing and other initiatives. - CVE-2013-6629: Read of uninitialized memory in libjpeg and libjpeg-turbo. - CVE-2013-6630: Read of uninitialized memory in libjpeg-turbo. - CVE-2013-6631: Use after free in libjingle. - Added patch chromium-fix-chromedriver-build.diff to fix the chromedriver build - Enable ARM build for Chromium. - Added patches chromium-arm-webrtc-fix.patch, chromium-fix-arm-icu.patch and chromium-fix-arm-sysroot.patch to resolve ARM specific build issues - Update to Chromium 30.0.1599.114 Stable Channel update: fix build for 32bit systems - Drop patch chromium-fix-chromedriver-build.diff. This is now fixed upstream - For openSUSE versions lower than 13.1, build against the in-tree libicu - Update to Chromium 30.0.1599.101 - Security Fixes : + CVE-2013-2925: Use after free in XHR + CVE-2013-2926: Use after free in editing + CVE-2013-2927: Use after free in forms. + CVE-2013-2928: Various fixes from internal audits, fuzzing and other initiatives. - Update to Chromium 30.0.1599.66 - Easier searching by image - A number of new apps/extension APIs - Lots of under the hood changes for stability and performance - Security fixes : + CVE-2013-2906: Races in Web Audio + CVE-2013-2907: Out of bounds read in Window.prototype object + CVE-2013-2908: Address bar spoofing related to the “204 No Content” status code + CVE-2013-2909: Use after free in inline-block rendering + CVE-2013-2910: Use-after-free in Web Audio + CVE-2013-2911: Use-after-free in XSLT + CVE-2013-2912: Use-after-free in PPAPI + CVE-2013-2913: Use-after-free in XML document parsing + CVE-2013-2914: Use after free in the Windows color chooser dialog + CVE-2013-2915: Address bar spoofing via a malformed scheme + CVE-2013-2916: Address bar spoofing related to the “204 No Content” status code + CVE-2013-2917: Out of bounds read in Web Audio + CVE-2013-2918: Use-after-free in DOM + CVE-2013-2919: Memory corruption in V8 + CVE-2013-2920: Out of bounds read in URL parsing + CVE-2013-2921: Use-after-free in resource loader + CVE-2013-2922: Use-after-free in template element + CVE-2013-2923: Various fixes from internal audits, fuzzing and other initiatives + CVE-2013-2924: Use-after-free in ICU. Upstream bug
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 75225
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75225
    title openSUSE Security Update : chromium (openSUSE-SU-2013:1861-1)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_FIREFOX_26.NASL
    description The installed version of Firefox is earlier than 26.0 and is, therefore, potentially affected by multiple vulnerabilities : - Memory issues exist in the browser engine that could result in a denial of service or arbitrary code execution. (CVE-2013-5609, CVE-2013-5610) - An issue exists where the notification for a Web App installation could persist from one website to another website. This could be used by a malicious website to trick a user into installing an application from one website while making it appear to come from another website. (CVE-2013-5611) - Cross-site scripting filtering evasion may be possible due to character encodings being inherited from a previously visited website when character set encoding is missing from the current website. (CVE-2013-5612) - Two use-after-free vulnerabilities exist in the functions for synthetic mouse movement handling. (CVE-2013-5613) - Sandbox restrictions may be bypassed because 'iframe sandbox' restrictions are not properly applied to 'object' elements in sandboxed iframes. (CVE-2013-5614) - An issue exists in which 'GetElementIC' typed array stubs can be generated outside observed typesets. This could lead to unpredictable behavior with a potential security impact. (CVE-2013-5615) - A use-after-free vulnerability exists when interacting with event listeners from the mListeners array. This could result in a denial of service or arbitrary code execution. (CVE-2013-5616) - A use-after-free vulnerability exists in the table editing user interface of the editor during garbage collection. This could result in a denial of service or arbitrary code execution. (CVE-2013-5618) - Memory issues exist in the binary search algorithms in the SpiderMonkey JavaScript engine that could result in a denial of service or arbitrary code execution. (CVE-2013-5619) - Issues exist with the JPEG format image processing with Start Of Scan (SOS) and Define Huffman Table (DHT) markers in the 'libjpeg' library. This could allow attackers to read arbitrary memory content as well as cross-domain image theft. (CVE-2013-6629, CVE-2013-6630) - A memory issue exists when inserting an ordered list into a document through a script that could result in a denial of service or arbitrary code execution. (CVE-2013-6671) - Trust settings for built-in root certificates are ignored during extended validation (EV) certificate validation. This removes the ability of users to explicitly untrust root certificates from specific certificate authorities. (CVE-2013-6673) - An intermediate certificate that is used by a man-in- the-middle (MITM) traffic management device exists in Mozilla's root certificate authorities. Reportedly, this certificate has been misused.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 71344
    published 2013-12-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71344
    title Firefox < 26.0 Multiple Vulnerabilities (Mac OS X)
  • NASL family Windows
    NASL id MOZILLA_FIREFOX_26.NASL
    description The installed version of Firefox is earlier than 26.0 and is, therefore, potentially affected by the following vulnerabilities : - Memory issues exist in the browser engine that could result in a denial of service or arbitrary code execution. (CVE-2013-5609, CVE-2013-5610) - An issue exists where the notification for a Web App installation could persist from one website to another website. This could be used by a malicious website to trick a user into installing an application from one website while making it appear to come from another website. (CVE-2013-5611) - Cross-site scripting filtering evasion may be possible due to character encodings being inherited from a previously visited website when character set encoding is missing from the current website. (CVE-2013-5612) - Two use-after-free vulnerabilities exist in the functions for synthetic mouse movement handling. (CVE-2013-5613) - Sandbox restrictions may be bypassed because 'iframe sandbox' restrictions are not properly applied to 'object' elements in sandboxed iframes. (CVE-2013-5614) - An issue exists in which 'GetElementIC' typed array stubs can be generated outside observed typesets. This could lead to unpredictable behavior with a potential security impact. (CVE-2013-5615) - A use-after-free vulnerability exists when interacting with event listeners from the mListeners array. This could result in a denial of service or arbitrary code execution. (CVE-2013-5616) - A use-after-free vulnerability exists in the table editing user interface of the editor during garbage collection. This could result in a denial of service or arbitrary code execution. (CVE-2013-5618) - Memory issues exist in the binary search algorithms in the SpiderMonkey JavaScript engine that could result in a denial of service or arbitrary code execution. (CVE-2013-5619) - Issues exist with the JPEG format image processing with Start Of Scan (SOS) and Define Huffman Table (DHT) markers in the 'libjpeg' library. This could allow attackers to read arbitrary memory content as well as cross-domain image theft. (CVE-2013-6629, CVE-2013-6630) - A memory issue exists when inserting an ordered list into a document through a script that could result in a denial of service or arbitrary code execution. (CVE-2013-6671) - Trust settings for built-in root certificates are ignored during extended validation (EV) certificate validation. This removes the ability of users to explicitly untrust root certificates from specific certificate authorities. (CVE-2013-6673) - An intermediate certificate that is used by a man-in- the-middle (MITM) traffic management device exists in Mozilla's root certificate authorities. Reportedly, this certificate has been misused.
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 71347
    published 2013-12-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71347
    title Firefox < 26.0 Multiple Vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2014-37.NASL
    description - Update to Chromium 31.0.1650.63 Stable channel update : - Security fixes : - CVE-2013-6634: Session fixation in sync related to 302 redirects - CVE-2013-6635: Use-after-free in editing - CVE-2013-6636: Address bar spoofing related to modal dialogs - CVE-2013-6637: Various fixes from internal audits, fuzzing and other initiatives. - CVE-2013-6638: Buffer overflow in v8 - CVE-2013-6639: Out of bounds write in v8. - CVE-2013-6640: Out of bounds read in v8 - and 12 other security fixes. - Remove the build flags to build according to the Chrome ffmpeg branding and the proprietary codecs. (bnc#847971) - Update to Chromium 31.0.1650.57 Stable channel update : - Security Fixes : - CVE-2013-6632: Multiple memory corruption issues. - Update to Chromium 31.0.1650.48 Stable Channel update : - Security fixes : - CVE-2013-6621: Use after free related to speech input elements.. - CVE-2013-6622: Use after free related to media elements. - CVE-2013-6623: Out of bounds read in SVG. - CVE-2013-6624: Use after free related to “id” attribute strings. - CVE-2013-6625: Use after free in DOM ranges. - CVE-2013-6626: Address bar spoofing related to interstitial warnings. - CVE-2013-6627: Out of bounds read in HTTP parsing. - CVE-2013-6628: Issue with certificates not being checked during TLS renegotiation. - CVE-2013-2931: Various fixes from internal audits, fuzzing and other initiatives. - CVE-2013-6629: Read of uninitialized memory in libjpeg and libjpeg-turbo. - CVE-2013-6630: Read of uninitialized memory in libjpeg-turbo. - CVE-2013-6631: Use after free in libjingle. - Added patch chromium-fix-chromedriver-build.diff to fix the chromedriver build - Enable ARM build for Chromium. - Added patches chromium-arm-webrtc-fix.patch, chromium-fix-arm-icu.patch and chromium-fix-arm-sysroot.patch to resolve ARM specific build issues - Update to Chromium 30.0.1599.114 Stable Channel update: fix build for 32bit systems - Drop patch chromium-fix-chromedriver-build.diff. This is now fixed upstream - For openSUSE versions lower than 13.1, build against the in-tree libicu - Update to Chromium 30.0.1599.101 - Security Fixes : + CVE-2013-2925: Use after free in XHR + CVE-2013-2926: Use after free in editing + CVE-2013-2927: Use after free in forms. + CVE-2013-2928: Various fixes from internal audits, fuzzing and other initiatives. - Update to Chromium 30.0.1599.66 - Easier searching by image - A number of new apps/extension APIs - Lots of under the hood changes for stability and performance - Security fixes : + CVE-2013-2906: Races in Web Audio + CVE-2013-2907: Out of bounds read in Window.prototype object + CVE-2013-2908: Address bar spoofing related to the “204 No Content” status code + CVE-2013-2909: Use after free in inline-block rendering + CVE-2013-2910: Use-after-free in Web Audio + CVE-2013-2911: Use-after-free in XSLT + CVE-2013-2912: Use-after-free in PPAPI + CVE-2013-2913: Use-after-free in XML document parsing + CVE-2013-2914: Use after free in the Windows color chooser dialog + CVE-2013-2915: Address bar spoofing via a malformed scheme + CVE-2013-2916: Address bar spoofing related to the “204 No Content” status code + CVE-2013-2917: Out of bounds read in Web Audio + CVE-2013-2918: Use-after-free in DOM + CVE-2013-2919: Memory corruption in V8 + CVE-2013-2920: Out of bounds read in URL parsing + CVE-2013-2921: Use-after-free in resource loader + CVE-2013-2922: Use-after-free in template element + CVE-2013-2923: Various fixes from internal audits, fuzzing and other initiatives + CVE-2013-2924: Use-after-free in ICU. Upstream bug
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 75366
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75366
    title openSUSE Security Update : chromium (openSUSE-SU-2014:0065-1)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2013-904.NASL
    description Chromium was updated to 31.0.1650.57: Stable channel update : - Security Fixes : - CVE-2013-6632: Multiple memory corruption issues. - Update to Chromium 31.0.1650.48 (bnc#850430) Stable Channel update : - Security fixes : - CVE-2013-6621: Use after free related to speech input elements.. - CVE-2013-6622: Use after free related to media elements. - CVE-2013-6623: Out of bounds read in SVG. - CVE-2013-6624: Use after free related to “id” attribute strings. - CVE-2013-6625: Use after free in DOM ranges. - CVE-2013-6626: Address bar spoofing related to interstitial warnings. - CVE-2013-6627: Out of bounds read in HTTP parsing. - CVE-2013-6628: Issue with certificates not being checked during TLS renegotiation. - CVE-2013-2931: Various fixes from internal audits, fuzzing and other initiatives. - CVE-2013-6629: Read of uninitialized memory in libjpeg and libjpeg-turbo. - CVE-2013-6630: Read of uninitialized memory in libjpeg-turbo. - CVE-2013-6631: Use after free in libjingle. - Added patch chromium-fix-chromedriver-build.diff to fix the chromedriver build
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 75213
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75213
    title openSUSE Security Update : chromium (openSUSE-SU-2013:1777-1)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-2799.NASL
    description Several vulnerabilities have been discovered in the chromium web browser. - CVE-2013-2931 The chrome 31 development team found various issues from internal fuzzing, audits, and other studies. - CVE-2013-6621 Khalil Zhani discovered a use-after-free issue in speech input handling. - CVE-2013-6622 'cloudfuzzer' discovered a use-after-free issue in HTMLMediaElement. - CVE-2013-6623 'miaubiz' discovered an out-of-bounds read in the Blink/Webkit SVG implementation. - CVE-2013-6624 Jon Butler discovered a use-after-free issue in id attribute strings. - CVE-2013-6625 'cloudfuzzer' discovered a use-after-free issue in the Blink/Webkit DOM implementation. - CVE-2013-6626 Chamal de Silva discovered an address bar spoofing issue. - CVE-2013-6627 'skylined' discovered an out-of-bounds read in the HTTP stream parser. - CVE-2013-6628 Antoine Delignat-Lavaud and Karthikeyan Bhargavan of INRIA Paris discovered that a different (unverified) certificate could be used after successful TLS renegotiation with a valid certificate. - CVE-2013-6629 Michal Zalewski discovered an uninitialized memory read in the libjpeg and libjpeg-turbo libraries. - CVE-2013-6630 Michal Zalewski discovered another uninitialized memory read in the libjpeg and libjpeg-turbo libraries. - CVE-2013-6631 Patrik Hoglund discovered a use-free issue in the libjingle library. - CVE-2013-6632 Pinkie Pie discovered multiple memory corruption issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 70986
    published 2013-11-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70986
    title Debian DSA-2799-1 : chromium-browser - several vulnerabilities
  • NASL family F5 Networks Local Security Checks
    NASL id F5_BIGIP_SOL62655427.NASL
    description The get_dht function in jdmarker.c in libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48 and other products, does not set all elements of a certain Huffman value array during the reading of segments that follow Define Huffman Table (DHT) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image. (CVE-2013-6630)
    last seen 2019-02-21
    modified 2019-01-04
    plugin id 88873
    published 2016-02-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88873
    title F5 Networks BIG-IP : libjpeg-turbo vulnerability (K62655427)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2014-6859.NASL
    description - Update to 1.3.1 - Fixes CVE-2013-6629 and CVE-2013-6630 (RHBZ #1031740) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-19
    plugin id 74400
    published 2014-06-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74400
    title Fedora 19 : mingw-libjpeg-turbo-1.3.1-1.fc19 (2014-6859)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2013-23722.NASL
    description Apply fixes CVE-2013-6629, CVE-2013-6630 (#1031737) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-19
    plugin id 71903
    published 2014-01-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71903
    title Fedora 19 : libjpeg-turbo-1.2.90-3.fc19 (2013-23722)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2013-273.NASL
    description Updated libjpeg packages fix security vulnerabilities : libjpeg 6b and libjpeg-turbo will use uninitialized memory when decoding images with missing SOS data for the luminance component (Y) in presence of valid chroma data (Cr, Cb) (CVE-2013-6629). libjpeg-turbo will use uninitialized memory when handling Huffman tables (CVE-2013-6630).
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 71028
    published 2013-11-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71028
    title Mandriva Linux Security Advisory : libjpeg (MDVSA-2013:273)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2013-1803.NASL
    description Updated libjpeg-turbo packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The libjpeg-turbo package contains a library of functions for manipulating JPEG images. It also contains simple client programs for accessing the libjpeg functions. An uninitialized memory read issue was found in the way libjpeg-turbo decoded images with missing Start Of Scan (SOS) JPEG markers or Define Huffman Table (DHT) JPEG markers. A remote attacker could create a specially crafted JPEG image that, when decoded, could possibly lead to a disclosure of potentially sensitive information. (CVE-2013-6629, CVE-2013-6630) All libjpeg-turbo users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 71290
    published 2013-12-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71290
    title RHEL 6 : libjpeg-turbo (RHSA-2013:1803)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_3BFC70164BCC11E3B0CF00262D5ED8EE.NASL
    description Google Chrome Releases reports : 25 security fixes in this release, including : - [268565] Medium CVE-2013-6621: Use after free related to speech input elements. Credit to Khalil Zhani. - [272786] High CVE-2013-6622: Use after free related to media elements. Credit to cloudfuzzer. - [282925] High CVE-2013-6623: Out of bounds read in SVG. Credit to miaubiz. - [290566] High CVE-2013-6624: Use after free related to 'id' attribute strings. Credit to Jon Butler. - [295010] High CVE-2013-6625: Use after free in DOM ranges. Credit to cloudfuzzer. - [295695] Low CVE-2013-6626: Address bar spoofing related to interstitial warnings. Credit to Chamal de Silva. - [299892] High CVE-2013-6627: Out of bounds read in HTTP parsing. Credit to skylined. - [306959] Medium CVE-2013-6628: Issue with certificates not being checked during TLS renegotiation. Credit to Antoine Delignat-Lavaud and Karthikeyan Bhargavan from Prosecco of INRIA Paris. - [315823] Medium-Critical CVE-2013-2931: Various fixes from internal audits, fuzzing and other initiatives. - [258723] Medium CVE-2013-6629: Read of uninitialized memory in libjpeg and libjpeg-turbo. Credit to Michal Zalewski of Google. - [299835] Medium CVE-2013-6630: Read of uninitialized memory in libjpeg-turbo. Credit to Michal Zalewski of Google. - [296804] High CVE-2013-6631: Use after free in libjingle. Credit to Patrik Hoglund of the Chromium project.
    last seen 2019-02-21
    modified 2016-05-27
    plugin id 70865
    published 2013-11-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70865
    title FreeBSD : chromium -- multiple vulnerabilities (3bfc7016-4bcc-11e3-b0cf-00262d5ed8ee)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2014-6870.NASL
    description - Update to 1.3.1 - Fixes CVE-2013-6629 and CVE-2013-6630 (RHBZ #1031740) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-19
    plugin id 74402
    published 2014-06-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74402
    title Fedora 20 : mingw-libjpeg-turbo-1.3.1-1.fc20 (2014-6870)
  • NASL family Windows
    NASL id SEAMONKEY_223.NASL
    description The installed version of SeaMonkey is earlier than 2.23 and is, therefore, potentially affected by the following vulnerabilities : - Memory issues exist in the browser engine that could result in a denial of service or arbitrary code execution. (CVE-2013-5609, CVE-2013-5610) - Cross-site scripting filtering evasion may be possible due to character encodings being inherited from a previously visited website when character set encoding is missing from the current website. (CVE-2013-5612) - Two use-after-free vulnerabilities exist in the functions for synthetic mouse movement handling. (CVE-2013-5613) - Sandbox restrictions may be bypassed because 'iframe sandbox' restrictions are not properly applied to 'object' elements in sandboxed iframes. (CVE-2013-5614) - An issue exists in which 'GetElementIC' typed array stubs can be generated outside observed typesets. This could lead to unpredictable behavior with a potential security impact. (CVE-2013-5615) - A use-after-free vulnerability exists when interacting with event listeners from the mListeners array. This could result in a denial of service or arbitrary code execution. (CVE-2013-5616) - A use-after-free vulnerability exists in the table editing user interface of the editor during garbage collection. This could result in a denial of service or arbitrary code execution. (CVE-2013-5618) - Memory issues exist in the binary search algorithms in the SpiderMonkey JavaScript engine that could result in a denial of service or arbitrary code execution. (CVE-2013-5619) - Issues exist with the JPEG format image processing with Start Of Scan (SOS) and Define Huffman Table (DHT) markers in the 'libjpeg' library. This could allow attackers to read arbitrary memory content as well as cross-domain image theft. (CVE-2013-6629, CVE-2013-6630) - A memory issue exists when inserting an ordered list into a document through a script that could result in a denial of service or arbitrary code execution. (CVE-2013-6671) - Trust settings for built-in root certificates are ignored during extended validation (EV) certificate validation. This removes the ability of users to explicitly untrust root certificates from specific certificate authorities. (CVE-2013-6673) - An intermediate certificate that is used by a man-in- the-middle (MITM) traffic management device exists in Mozilla's root certificate authorities. Reportedly, this certificate has been misused.
    last seen 2019-02-21
    modified 2018-07-27
    plugin id 71349
    published 2013-12-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71349
    title SeaMonkey < 2.23 Multiple Vulnerabilities
  • NASL family Windows
    NASL id MOZILLA_THUNDERBIRD_24_2.NASL
    description The installed version of Thunderbird is earlier than 24.2 and is, therefore, potentially affected the following vulnerabilities: - Memory issues exist in the browser engine that could result in a denial of service or arbitrary code execution. (CVE-2013-5609, CVE-2013-5610) - Two use-after-free vulnerabilities exist in the functions for synthetic mouse movement handling. (CVE-2013-5613) - An issue exists in which 'GetElementIC' typed array stubs can be generated outside observed typesets. This could lead to unpredictable behavior with a potential security impact. (CVE-2013-5615) - A use-after-free vulnerability exists when interacting with event listeners from the mListeners array. This could result in a denial of service or arbitrary code execution. (CVE-2013-5616) - A use-after-free vulnerability exists in the table editing user interface of the editor during garbage collection. This could result in a denial of service or arbitrary code execution. (CVE-2013-5618) - Issues exist with the JPEG format image processing with Start Of Scan (SOS) and Define Huffman Table (DHT) markers in the 'libjpeg' library. This could allow attackers to read arbitrary memory content as well as cross-domain image theft. (CVE-2013-6629, CVE-2013-6630) - A memory issue exists when inserting an ordered list into a document through a script that could result in a denial of service or arbitrary code execution. (CVE-2013-6671) - Trust settings for built-in root certificates are ignored during extended validation (EV) certificate validation. This removes the ability of users to explicitly untrust root certificates from specific certificate authorities. (CVE-2013-6673) - An intermediate certificate that is used by a man-in- the-middle (MITM) traffic management device exists in Mozilla's root certificate authorities. Reportedly, this certificate has been misused.
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 71348
    published 2013-12-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71348
    title Mozilla Thunderbird < 24.2 Multiple Vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2013-995.NASL
    description - update to Firefox 26.0 (bnc#854367, bnc#854370) - rebased patches - requires NSPR 4.10.2 and NSS 3.15.3.1 - MFSA 2013-104/CVE-2013-5609/CVE-2013-5610 Miscellaneous memory safety hazards - MFSA 2013-105/CVE-2013-5611 (bmo#771294) Application Installation doorhanger persists on navigation - MFSA 2013-106/CVE-2013-5612 (bmo#871161) Character encoding cross-origin XSS attack - MFSA 2013-107/CVE-2013-5614 (bmo#886262) Sandbox restrictions not applied to nested object elements - MFSA 2013-108/CVE-2013-5616 (bmo#938341) Use-after-free in event listeners - MFSA 2013-109/CVE-2013-5618 (bmo#926361) Use-after-free during Table Editing - MFSA 2013-110/CVE-2013-5619 (bmo#917841) Potential overflow in JavaScript binary search algorithms - MFSA 2013-111/CVE-2013-6671 (bmo#930281) Segmentation violation when replacing ordered list elements - MFSA 2013-112/CVE-2013-6672 (bmo#894736) Linux clipboard information disclosure though selection paste - MFSA 2013-113/CVE-2013-6673 (bmo#970380) Trust settings for built-in roots ignored during EV certificate validation - MFSA 2013-114/CVE-2013-5613 (bmo#930381, bmo#932449) Use-after-free in synthetic mouse movement - MFSA 2013-115/CVE-2013-5615 (bmo#929261) GetElementIC typed array stubs can be generated outside observed typesets - MFSA 2013-116/CVE-2013-6629/CVE-2013-6630 (bmo#891693) JPEG information leak - MFSA 2013-117 (bmo#946351) Mis-issued ANSSI/DCSSI certificate (fixed via NSS 3.15.3.1) - removed gecko.js preference file as GStreamer is enabled by default now
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 75241
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75241
    title openSUSE Security Update : MozillaFirefox (openSUSE-SU-2013:1918-1)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2053-1.NASL
    description Ben Turner, Bobby Holley, Jesse Ruderman and Christian Holler discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2013-5609) Tyson Smith and Jesse Schwartzentruber discovered a use-after-free in event listeners. If a user had enabled scripting, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2013-5616) A use-after-free was discovered in the table editing interface. An attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2013-5618) Tyson Smith and Jesse Schwartzentruber discovered a crash when inserting an ordered list in to a document using script. If a user had enabled scripting, an attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2013-6671) Sijie Xia discovered that trust settings for built-in EV root certificates were ignored under certain circumstances, removing the ability for a user to manually untrust certificates from specific authorities. (CVE-2013-6673) Tyson Smith, Jesse Schwartzentruber and Atte Kettunen discovered a use-after-free in functions for synthetic mouse movement handling. If a user had enabled scripting, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2013-5613) Eric Faust discovered that GetElementIC typed array stubs can be generated outside observed typesets. If a user had enabled scripting, an attacker could possibly exploit this to cause undefined behaviour with a potential security impact. (CVE-2013-5615) Michal Zalewski discovered several issues with JPEG image handling. An attacker could potentially exploit these to obtain sensitive information. (CVE-2013-6629, CVE-2013-6630). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 71375
    published 2013-12-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71375
    title Ubuntu 12.04 LTS / 12.10 / 13.04 / 13.10 : thunderbird vulnerabilities (USN-2053-1)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2013-903.NASL
    description Security and bugfix update to Chromium 31.0.1650.57 - Update to Chromium 31.0.1650.57 : - Security Fixes : - CVE-2013-6632: Multiple memory corruption issues. - Update to Chromium 31.0.1650.48 Stable Channel update : - Security fixes : - CVE-2013-6621: Use after free related to speech input elements.. - CVE-2013-6622: Use after free related to media elements. - CVE-2013-6623: Out of bounds read in SVG. - CVE-2013-6624: Use after free related to “id” attribute strings. - CVE-2013-6625: Use after free in DOM ranges. - CVE-2013-6626: Address bar spoofing related to interstitial warnings. - CVE-2013-6627: Out of bounds read in HTTP parsing. - CVE-2013-6628: Issue with certificates not being checked during TLS renegotiation. - CVE-2013-2931: Various fixes from internal audits, fuzzing and other initiatives. - CVE-2013-6629: Read of uninitialized memory in libjpeg and libjpeg-turbo. - CVE-2013-6630: Read of uninitialized memory in libjpeg-turbo. - CVE-2013-6631: Use after free in libjingle. - Stable Channel update: fix build for 32bit systems - Update to Chromium 30.0.1599.101 - Security Fixes : + CVE-2013-2925: Use after free in XHR + CVE-2013-2926: Use after free in editing + CVE-2013-2927: Use after free in forms. + CVE-2013-2928: Various fixes from internal audits, fuzzing and other initiatives. - Enable ARM build for Chromium.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 75212
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75212
    title openSUSE Security Update : chromium (openSUSE-SU-2013:1776-1)
  • NASL family Windows
    NASL id GOOGLE_CHROME_31_0_1650_48.NASL
    description The version of Google Chrome installed on the remote host is a version prior to 31.0.1650.48. It is, therefore, affected by multiple vulnerabilities : - Various, unspecified errors exist. (CVE-2013-2931) - Use-after-free errors exist related to speech input elements, media elements, 'id' attribute strings, DOM ranges, and libjingle. (CVE-2013-6621, CVE-2013-6622, CVE-2013-6624, CVE-2013-6625, CVE-2013-6631) - Out-of-bounds read errors exist in SVG and HTTP parsing. (CVE-2013-6623, CVE-2013-6627) - An address bar URI-spoofing vulnerability exists that is related to interstitial warnings. (CVE-2013-6626) - A certificate validation security bypass issue exists during TLS renegotiation. (CVE-2013-6628) - A memory corruption error exists in the libjpeg and libjpeg-turbo libraries when memory is uninitialized when decoding images with missing SOS data. (CVE-2013-6629) - A memory corruption error exists in the 'jdmarker.c' source file in the libjpeg-turbo library when processing Huffman tables. (CVE-2013-6630)
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 70916
    published 2013-11-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70916
    title Google Chrome < 31.0.1650.48 Multiple Vulnerabilities
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2013-23291.NASL
    description Update to latest upstream - 24.2.0 See release notes here: http://www.mozilla.org/en-US/firefox/17.0.9/releasenotes/ See http://www.mozilla.org/en/thunderbird/24.0/releasenotes/ for full list of changes. See http://www.mozilla.org/en/thunderbird/24.0/releasenotes/ for full list of changes. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-24
    plugin id 71785
    published 2014-01-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71785
    title Fedora 18 : thunderbird-24.2.0-2.fc18 (2013-23291)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2013-1023.NASL
    description - update to Thunderbird 24.2.0 (bnc#854370) - requires NSS 3.15.3.1 or higher - MFSA 2013-104/CVE-2013-5609/CVE-2013-5610 Miscellaneous memory safety hazards - MFSA 2013-108/CVE-2013-5616 (bmo#938341) Use-after-free in event listeners - MFSA 2013-109/CVE-2013-5618 (bmo#926361) Use-after-free during Table Editing - MFSA 2013-111/CVE-2013-6671 (bmo#930281) Segmentation violation when replacing ordered list elements - MFSA 2013-113/CVE-2013-6673 (bmo#970380) Trust settings for built-in roots ignored during EV certificate validation - MFSA 2013-114/CVE-2013-5613 (bmo#930381, bmo#932449) Use-after-free in synthetic mouse movement - MFSA 2013-115/CVE-2013-5615 (bmo#929261) GetElementIC typed array stubs can be generated outside observed typesets - MFSA 2013-116/CVE-2013-6629/CVE-2013-6630 (bmo#891693) JPEG information leak - MFSA 2013-117 (bmo#946351) Mis-issued ANSSI/DCSSI certificate (fixed via NSS 3.15.3.1) - update to Thunderbird 24.1.1 - requires NSPR 4.10.2 and NSS 3.15.3 for security reasons - fix binary compatibility issues for patch level updates (bmo#927073)
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 74867
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74867
    title openSUSE Security Update : MozillaThunderbird (openSUSE-SU-2013:1959-1)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2013-23519.NASL
    description New upstream. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-19
    plugin id 71505
    published 2013-12-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71505
    title Fedora 20 : firefox-26.0-3.fc20 / thunderbird-24.2.0-3.fc20 / xulrunner-26.0-2.fc20 (2013-23519)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_FIREFOX_24_2_ESR.NASL
    description The installed version of Firefox ESR 24.x is earlier than 24.2 and is, therefore, potentially affected by the following vulnerabilities : - Memory issues exist in the browser engine that could result in a denial of service or arbitrary code execution. (CVE-2013-5609, CVE-2013-5610) - Two use-after-free vulnerabilities exist in the functions for synthetic mouse movement handling. (CVE-2013-5613) - An issue exists in which 'GetElementIC' typed array stubs can be generated outside observed typesets. This could lead to unpredictable behavior with a potential security impact. (CVE-2013-5615) - A use-after-free vulnerability exists when interacting with event listeners from the mListeners array. This could result in a denial of service or arbitrary code execution. (CVE-2013-5616) - A use-after-free vulnerability exists in the table editing user interface of the editor during garbage collection. This could result in a denial of service or arbitrary code execution. (CVE-2013-5618) - Issues exist with the JPEG format image processing with Start Of Scan (SOS) and Define Huffman Table (DHT) markers in the 'libjpeg' library. This could allow attackers to read arbitrary memory content as well as cross-domain image theft. (CVE-2013-6629, CVE-2013-6630) - A memory issue exists when inserting an ordered list into a document through a script that could result in a denial of service or arbitrary code execution. (CVE-2013-6671) - Trust settings for built-in root certificates are ignored during extended validation (EV) certificate validation. This removes the ability of users to explicitly untrust root certificates from specific certificate authorities. (CVE-2013-6673) - An intermediate certificate that is used by a man-in- the-middle (MITM) traffic management device exists in Mozilla's root certificate authorities. Reportedly, this certificate has been misused.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 71343
    published 2013-12-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71343
    title Firefox ESR 24.x < 24.2 Multiple Vulnerabilities (Mac OS X)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_THUNDERBIRD_24_2.NASL
    description The installed version of Thunderbird is earlier than 24.2 and is, therefore, potentially affected by the following vulnerabilities : - Memory issues exist in the browser engine that could result in a denial of service or arbitrary code execution. (CVE-2013-5609, CVE-2013-5610) - Two use-after-free vulnerabilities exist in the functions for synthetic mouse movement handling. (CVE-2013-5613) - An issue exists in which 'GetElementIC' typed array stubs can be generated outside observed typesets. This could lead to unpredictable behavior with a potential security impact. (CVE-2013-5615) - A use-after-free vulnerability exists when interacting with event listeners from the mListeners array. This could result in a denial of service or arbitrary code execution. (CVE-2013-5616) - A use-after-free vulnerability exists in the table editing user interface of the editor during garbage collection. This could result in a denial of service or arbitrary code execution. (CVE-2013-5618) - Issues exist with the JPEG format image processing with Start Of Scan (SOS) and Define Huffman Table (DHT) markers in the 'libjpeg' library. This could allow attackers to read arbitrary memory content as well as cross-domain image theft. (CVE-2013-6629, CVE-2013-6630) - A memory issue exists when inserting an ordered list into a document through a script that could result in a denial of service or arbitrary code execution. (CVE-2013-6671) - Trust settings for built-in root certificates are ignored during extended validation (EV) certificate validation. This removes the ability of users to explicitly untrust root certificates from specific certificate authorities. (CVE-2013-6673) - An intermediate certificate that is used by a man-in- the-middle (MITM) traffic management device exists in Mozilla's root certificate authorities. Reportedly, this certificate has been misused.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 71345
    published 2013-12-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71345
    title Thunderbird < 24.2 Multiple Vulnerabilities (Mac OS X)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2013-993.NASL
    description - update to Firefox 26.0 (bnc#854367, bnc#854370) - rebased patches - requires NSPR 4.10.2 and NSS 3.15.3.1 - MFSA 2013-104/CVE-2013-5609/CVE-2013-5610 Miscellaneous memory safety hazards - MFSA 2013-105/CVE-2013-5611 (bmo#771294) Application Installation doorhanger persists on navigation - MFSA 2013-106/CVE-2013-5612 (bmo#871161) Character encoding cross-origin XSS attack - MFSA 2013-107/CVE-2013-5614 (bmo#886262) Sandbox restrictions not applied to nested object elements - MFSA 2013-108/CVE-2013-5616 (bmo#938341) Use-after-free in event listeners - MFSA 2013-109/CVE-2013-5618 (bmo#926361) Use-after-free during Table Editing - MFSA 2013-110/CVE-2013-5619 (bmo#917841) Potential overflow in JavaScript binary search algorithms - MFSA 2013-111/CVE-2013-6671 (bmo#930281) Segmentation violation when replacing ordered list elements - MFSA 2013-112/CVE-2013-6672 (bmo#894736) Linux clipboard information disclosure though selection paste - MFSA 2013-113/CVE-2013-6673 (bmo#970380) Trust settings for built-in roots ignored during EV certificate validation - MFSA 2013-114/CVE-2013-5613 (bmo#930381, bmo#932449) Use-after-free in synthetic mouse movement - MFSA 2013-115/CVE-2013-5615 (bmo#929261) GetElementIC typed array stubs can be generated outside observed typesets - MFSA 2013-116/CVE-2013-6629/CVE-2013-6630 (bmo#891693) JPEG information leak - MFSA 2013-117 (bmo#946351) Mis-issued ANSSI/DCSSI certificate (fixed via NSS 3.15.3.1) - removed gecko.js preference file as GStreamer is enabled by default now
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 75239
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75239
    title openSUSE Security Update : MozillaFirefox (openSUSE-SU-2013:1916-1)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2013-23749.NASL
    description Apply fixes CVE-2013-6629, CVE-2013-6630 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-19
    plugin id 71627
    published 2013-12-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71627
    title Fedora 20 : libjpeg-turbo-1.3.0-2.fc20 (2013-23749)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2013-1022.NASL
    description - update to Thunderbird 24.2.0 (bnc#854370) - requires NSS 3.15.3.1 or higher - MFSA 2013-104/CVE-2013-5609/CVE-2013-5610 Miscellaneous memory safety hazards - MFSA 2013-108/CVE-2013-5616 (bmo#938341) Use-after-free in event listeners - MFSA 2013-109/CVE-2013-5618 (bmo#926361) Use-after-free during Table Editing - MFSA 2013-111/CVE-2013-6671 (bmo#930281) Segmentation violation when replacing ordered list elements - MFSA 2013-113/CVE-2013-6673 (bmo#970380) Trust settings for built-in roots ignored during EV certificate validation - MFSA 2013-114/CVE-2013-5613 (bmo#930381, bmo#932449) Use-after-free in synthetic mouse movement - MFSA 2013-115/CVE-2013-5615 (bmo#929261) GetElementIC typed array stubs can be generated outside observed typesets - MFSA 2013-116/CVE-2013-6629/CVE-2013-6630 (bmo#891693) JPEG information leak - MFSA 2013-117 (bmo#946351) Mis-issued ANSSI/DCSSI certificate (fixed via NSS 3.15.3.1) - update to Thunderbird 24.1.1 - requires NSPR 4.10.2 and NSS 3.15.3 for security reasons - fix binary compatibility issues for patch level updates (bmo#927073)
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 74866
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74866
    title openSUSE Security Update : MozillaThunderbird (openSUSE-SU-2013:1958-1)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2013-23295.NASL
    description Update to latest upstream - 24.2.0 See release notes here: http://www.mozilla.org/en-US/firefox/17.0.9/releasenotes/ See http://www.mozilla.org/en/thunderbird/24.0/releasenotes/ for full list of changes. See http://www.mozilla.org/en/thunderbird/24.0/releasenotes/ for full list of changes. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-24
    plugin id 71448
    published 2013-12-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71448
    title Fedora 19 : thunderbird-24.2.0-2.fc19 (2013-23295)
  • NASL family Windows
    NASL id MOZILLA_FIREFOX_24_2_ESR.NASL
    description The installed version of Firefox ESR 24.x is earlier than 24.2, and is, therefore, potentially affected by the following vulnerabilities : - Memory issues exist in the browser engine that could result in a denial of service or arbitrary code execution. (CVE-2013-5609, CVE-2013-5610) - Two use-after-free vulnerabilities exist in the functions for synthetic mouse movement handling. (CVE-2013-5613) - An issue exists in which 'GetElementIC' typed array stubs can be generated outside observed typesets. This could lead to unpredictable behavior with a potential security impact. (CVE-2013-5615) - A use-after-free vulnerability exists when interacting with event listeners from the mListeners array. This could result in a denial of service or arbitrary code execution. (CVE-2013-5616) - A use-after-free vulnerability exists in the table editing user interface of the editor during garbage collection. This could result in a denial of service or arbitrary code execution. (CVE-2013-5618) - Issues exist with the JPEG format image processing with Start Of Scan (SOS) and Define Huffman Table (DHT) markers in the 'libjpeg' library. This could allow attackers to read arbitrary memory content as well as cross-domain image theft. (CVE-2013-6629, CVE-2013-6630) - A memory issue exists when inserting an ordered list into a document through a script that could result in a denial of service or arbitrary code execution. (CVE-2013-6671) - Trust settings for built-in root certificates are ignored during extended validation (EV) certificate validation. This removes the ability of users to explicitly untrust root certificates from specific certificate authorities. (CVE-2013-6673) - An intermediate certificate that is used by a man-in- the-middle (MITM) traffic management device exists in Mozilla's root certificate authorities. Reportedly, this certificate has been misused.
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 71346
    published 2013-12-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71346
    title Firefox ESR 24.x < 24.2 Multiple Vulnerabilities
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2013-23127.NASL
    description Update to Firefox 26. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-19
    plugin id 71365
    published 2013-12-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71365
    title Fedora 19 : firefox-26.0-2.fc19 / xulrunner-26.0-1.fc19 (2013-23127)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20131210_LIBJPEG_TURBO_ON_SL6_X.NASL
    description An uninitialized memory read issue was found in the way libjpeg-turbo decoded images with missing Start Of Scan (SOS) JPEG markers or Define Huffman Table (DHT) JPEG markers. A remote attacker could create a specially crafted JPEG image that, when decoded, could possibly lead to a disclosure of potentially sensitive information. (CVE-2013-6629, CVE-2013-6630)
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 71339
    published 2013-12-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71339
    title Scientific Linux Security Update : libjpeg-turbo on SL6.x i386/x86_64
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_GOOGLE_CHROME_31_0_1650_48.NASL
    description The version of Google Chrome installed on the remote Mac OS X host is a version prior to 31.0.1650.48. It is, therefore, affected by multiple vulnerabilities : - Various, unspecified errors exist. (CVE-2013-2931) - Use-after-free errors exist related to speech input elements, media elements, 'id' attribute strings, DOM ranges, and libjingle. (CVE-2013-6621, CVE-2013-6622, CVE-2013-6624, CVE-2013-6625, CVE-2013-6631) - Out-of-bounds read errors exist in SVG and HTTP parsing. (CVE-2013-6623, CVE-2013-6627) - An address bar URI-spoofing vulnerability exists that is related to interstitial warnings. (CVE-2013-6626) - A certificate validation security bypass issue exists during TLS renegotiation. (CVE-2013-6628) - A memory corruption error exists in the libjpeg and libjpeg-turbo libraries when memory is uninitialized when decoding images with missing SOS data. (CVE-2013-6629) - A memory corruption error exists in the 'jdmarker.c' source file in the libjpeg-turbo library when processing Huffman tables. (CVE-2013-6630)
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 70917
    published 2013-11-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70917
    title Google Chrome < 31.0.1650.48 Multiple Vulnerabilities (Mac OS X)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2014-2.NASL
    description This update fixes the following security issues with SeaMonkey : - update to SeaMonkey 2.23 (bnc#854370)) - requires NSPR 4.10.2 and NSS 3.15.3.1 - MFSA 2013-104/CVE-2013-5609/CVE-2013-5610 Miscellaneous memory safety hazards - MFSA 2013-105/CVE-2013-5611 (bmo#771294) Application Installation doorhanger persists on navigation - MFSA 2013-106/CVE-2013-5612 (bmo#871161) Character encoding cross-origin XSS attack - MFSA 2013-107/CVE-2013-5614 (bmo#886262) Sandbox restrictions not applied to nested object elements - MFSA 2013-108/CVE-2013-5616 (bmo#938341) Use-after-free in event listeners - MFSA 2013-109/CVE-2013-5618 (bmo#926361) Use-after-free during Table Editing - MFSA 2013-110/CVE-2013-5619 (bmo#917841) Potential overflow in JavaScript binary search algorithms - MFSA 2013-111/CVE-2013-6671 (bmo#930281) Segmentation violation when replacing ordered list elements - MFSA 2013-112/CVE-2013-6672 (bmo#894736) Linux clipboard information disclosure though selection paste - MFSA 2013-113/CVE-2013-6673 (bmo#970380) Trust settings for built-in roots ignored during EV certificate validation - MFSA 2013-114/CVE-2013-5613 (bmo#930381, bmo#932449) Use-after-free in synthetic mouse movement - MFSA 2013-115/CVE-2013-5615 (bmo#929261) GetElementIC typed array stubs can be generated outside observed typesets - MFSA 2013-116/CVE-2013-6629/CVE-2013-6630 (bmo#891693) JPEG information leak - MFSA 2013-117 (bmo#946351) Mis-issued ANSSI/DCSSI certificate (fixed via NSS 3.15.3.1) - rebased patches : - mozilla-nongnome-proxies.patch - mozilla-shared-nss-db.patch
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 75327
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75327
    title openSUSE Security Update : seamonkey (openSUSE-SU-2014:0008-1)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2013-1024.NASL
    description - update to Thunderbird 24.2.0 (bnc#854370) - requires NSS 3.15.3.1 or higher - MFSA 2013-104/CVE-2013-5609/CVE-2013-5610 Miscellaneous memory safety hazards - MFSA 2013-108/CVE-2013-5616 (bmo#938341) Use-after-free in event listeners - MFSA 2013-109/CVE-2013-5618 (bmo#926361) Use-after-free during Table Editing - MFSA 2013-111/CVE-2013-6671 (bmo#930281) Segmentation violation when replacing ordered list elements - MFSA 2013-113/CVE-2013-6673 (bmo#970380) Trust settings for built-in roots ignored during EV certificate validation - MFSA 2013-114/CVE-2013-5613 (bmo#930381, bmo#932449) Use-after-free in synthetic mouse movement - MFSA 2013-115/CVE-2013-5615 (bmo#929261) GetElementIC typed array stubs can be generated outside observed typesets - MFSA 2013-116/CVE-2013-6629/CVE-2013-6630 (bmo#891693) JPEG information leak - MFSA 2013-117 (bmo#946351) Mis-issued ANSSI/DCSSI certificate (fixed via NSS 3.15.3.1) - update to Thunderbird 24.1.1 - requires NSPR 4.10.2 and NSS 3.15.3 for security reasons - fix binary compatibility issues for patch level updates (bmo#927073)
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 74868
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74868
    title openSUSE Security Update : MozillaThunderbird (openSUSE-SU-2013:1957-1)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_DD116B1964B311E3868F0025905A4771.NASL
    description The Mozilla Project reports : MFSA 2013-116 JPEG information leak MFSA 2013-105 Application Installation doorhanger persists on navigation MFSA 2013-106 Character encoding cross-origin XSS attack MFSA 2013-107 Sandbox restrictions not applied to nested object elements MFSA 2013-108 Use-after-free in event listeners MFSA 2013-109 Use-after-free during Table Editing MFSA 2013-110 Potential overflow in JavaScript binary search algorithms MFSA 2013-111 Segmentation violation when replacing ordered list elements MFSA 2013-112 Linux clipboard information disclosure though selection paste MFSA 2013-113 Trust settings for built-in roots ignored during EV certificate validation MFSA 2013-114 Use-after-free in synthetic mouse movement MFSA 2013-115 GetElementIC typed array stubs can be generated outside observed typesets MFSA 2013-116 JPEG information leak MFSA 2013-117 Mis-issued ANSSI/DCSSI certificate
    last seen 2019-02-21
    modified 2018-11-23
    plugin id 71452
    published 2013-12-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71452
    title FreeBSD : mozilla -- multiple vulnerabilities (dd116b19-64b3-11e3-868f-0025905a4771)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2013-994.NASL
    description - update to Firefox 26.0 (bnc#854367, bnc#854370) - rebased patches - requires NSPR 4.10.2 and NSS 3.15.3.1 - MFSA 2013-104/CVE-2013-5609/CVE-2013-5610 Miscellaneous memory safety hazards - MFSA 2013-105/CVE-2013-5611 (bmo#771294) Application Installation doorhanger persists on navigation - MFSA 2013-106/CVE-2013-5612 (bmo#871161) Character encoding cross-origin XSS attack - MFSA 2013-107/CVE-2013-5614 (bmo#886262) Sandbox restrictions not applied to nested object elements - MFSA 2013-108/CVE-2013-5616 (bmo#938341) Use-after-free in event listeners - MFSA 2013-109/CVE-2013-5618 (bmo#926361) Use-after-free during Table Editing - MFSA 2013-110/CVE-2013-5619 (bmo#917841) Potential overflow in JavaScript binary search algorithms - MFSA 2013-111/CVE-2013-6671 (bmo#930281) Segmentation violation when replacing ordered list elements - MFSA 2013-112/CVE-2013-6672 (bmo#894736) Linux clipboard information disclosure though selection paste - MFSA 2013-113/CVE-2013-6673 (bmo#970380) Trust settings for built-in roots ignored during EV certificate validation - MFSA 2013-114/CVE-2013-5613 (bmo#930381, bmo#932449) Use-after-free in synthetic mouse movement - MFSA 2013-115/CVE-2013-5615 (bmo#929261) GetElementIC typed array stubs can be generated outside observed typesets - MFSA 2013-116/CVE-2013-6629/CVE-2013-6630 (bmo#891693) JPEG information leak - MFSA 2013-117 (bmo#946351) Mis-issued ANSSI/DCSSI certificate (fixed via NSS 3.15.3.1) - removed gecko.js preference file as GStreamer is enabled by default now
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 75240
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75240
    title openSUSE Security Update : MozillaFirefox (openSUSE-SU-2013:1917-1)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2013-1803.NASL
    description From Red Hat Security Advisory 2013:1803 : Updated libjpeg-turbo packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The libjpeg-turbo package contains a library of functions for manipulating JPEG images. It also contains simple client programs for accessing the libjpeg functions. An uninitialized memory read issue was found in the way libjpeg-turbo decoded images with missing Start Of Scan (SOS) JPEG markers or Define Huffman Table (DHT) JPEG markers. A remote attacker could create a specially crafted JPEG image that, when decoded, could possibly lead to a disclosure of potentially sensitive information. (CVE-2013-6629, CVE-2013-6630) All libjpeg-turbo users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 71287
    published 2013-12-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71287
    title Oracle Linux 6 : libjpeg-turbo (ELSA-2013-1803)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2060-1.NASL
    description Michal Zalewski discovered that libjpeg and libjpeg-turbo incorrectly handled certain memory operations. An attacker could use this issue with a specially crafted JPEG file to possibly expose sensitive information. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 71563
    published 2013-12-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71563
    title Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.04 / 13.10 : libjpeg-turbo, libjpeg6b vulnerabilities (USN-2060-1)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2052-1.NASL
    description Ben Turner, Bobby Holley, Jesse Ruderman, Christian Holler and Christoph Diehl discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2013-5609, CVE-2013-5610) Myk Melez discovered that the doorhanger notification for web app installation could persist between page navigations. An attacker could potentially exploit this to conduct clickjacking attacks. (CVE-2013-5611) Masato Kinugawa discovered that pages with missing character set encoding information can inherit character encodings across navigations from another domain. An attacker could potentially exploit this to conduct cross-site scripting attacks. (CVE-2013-5612) Daniel Veditz discovered that a sandboxed iframe could use an object element to bypass its own restrictions. (CVE-2013-5614) Tyson Smith and Jesse Schwartzentruber discovered a use-after-free in event listeners. An attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2013-5616) A use-after-free was discovered in the table editing interface. An attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2013-5618) Dan Gohman discovered that binary search algorithms in Spidermonkey used arithmetic prone to overflow in several places. However, this is issue not believed to be exploitable. (CVE-2013-5619) Tyson Smith and Jesse Schwartzentruber discovered a crash when inserting an ordered list in to a document using script. An attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2013-6671) Vincent Lefevre discovered that web content could access clipboard data under certain circumstances, resulting in information disclosure. (CVE-2013-6672) Sijie Xia discovered that trust settings for built-in EV root certificates were ignored under certain circumstances, removing the ability for a user to manually untrust certificates from specific authorities. (CVE-2013-6673) Tyson Smith, Jesse Schwartzentruber and Atte Kettunen discovered a use-after-free in functions for synthetic mouse movement handling. An attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2013-5613) Eric Faust discovered that GetElementIC typed array stubs can be generated outside observed typesets. An attacker could possibly exploit this to cause undefined behaviour with a potential security impact. (CVE-2013-5615) Michal Zalewski discovered several issues with JPEG image handling. An attacker could potentially exploit these to obtain sensitive information. (CVE-2013-6629, CVE-2013-6630). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 71374
    published 2013-12-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71374
    title Ubuntu 12.04 LTS / 12.10 / 13.04 / 13.10 : firefox vulnerabilities (USN-2052-1)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2013-1803.NASL
    description Updated libjpeg-turbo packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The libjpeg-turbo package contains a library of functions for manipulating JPEG images. It also contains simple client programs for accessing the libjpeg functions. An uninitialized memory read issue was found in the way libjpeg-turbo decoded images with missing Start Of Scan (SOS) JPEG markers or Define Huffman Table (DHT) JPEG markers. A remote attacker could create a specially crafted JPEG image that, when decoded, could possibly lead to a disclosure of potentially sensitive information. (CVE-2013-6629, CVE-2013-6630) All libjpeg-turbo users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 71271
    published 2013-12-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71271
    title CentOS 6 : libjpeg-turbo (CESA-2013:1803)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201606-03.NASL
    description The remote host is affected by the vulnerability described in GLSA-201606-03 (libjpeg-turbo: Multiple vulnerabilities) libjpeg-turbo does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers. Impact : Remote attackers could obtain sensitive information from uninitialized memory locations via a crafted JPEG images. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2016-06-06
    plugin id 91480
    published 2016-06-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91480
    title GLSA-201606-03 : libjpeg-turbo: Multiple vulnerabilities
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2013-267.NASL
    description An uninitialized memory read issue was found in the way libjpeg-turbo decoded images with missing Start Of Scan (SOS) JPEG markers or Define Huffman Table (DHT) JPEG markers. A remote attacker could create a specially crafted JPEG image that, when decoded, could possibly lead to a disclosure of potentially sensitive information. (CVE-2013-6629 , CVE-2013-6630)
    last seen 2019-02-21
    modified 2018-04-18
    plugin id 71579
    published 2013-12-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71579
    title Amazon Linux AMI : libjpeg-turbo (ALAS-2013-267)
redhat via4
advisories
bugzilla
id 1031749
title CVE-2013-6630 libjpeg: information leak (read of uninitialized memory)
oval
AND
  • OR
    • comment Red Hat Enterprise Linux 6 Client is installed
      oval oval:com.redhat.rhba:tst:20111656001
    • comment Red Hat Enterprise Linux 6 Server is installed
      oval oval:com.redhat.rhba:tst:20111656002
    • comment Red Hat Enterprise Linux 6 Workstation is installed
      oval oval:com.redhat.rhba:tst:20111656003
    • comment Red Hat Enterprise Linux 6 ComputeNode is installed
      oval oval:com.redhat.rhba:tst:20111656004
  • OR
    • AND
      • comment libjpeg-turbo is earlier than 0:1.2.1-3.el6_5
        oval oval:com.redhat.rhsa:tst:20131803005
      • comment libjpeg-turbo is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20131803006
    • AND
      • comment libjpeg-turbo-devel is earlier than 0:1.2.1-3.el6_5
        oval oval:com.redhat.rhsa:tst:20131803009
      • comment libjpeg-turbo-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20131803010
    • AND
      • comment libjpeg-turbo-static is earlier than 0:1.2.1-3.el6_5
        oval oval:com.redhat.rhsa:tst:20131803007
      • comment libjpeg-turbo-static is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20131803008
rhsa
id RHSA-2013:1803
released 2013-12-09
severity Moderate
title RHSA-2013:1803: libjpeg-turbo security update (Moderate)
rpms
  • libjpeg-turbo-0:1.2.1-3.el6_5
  • libjpeg-turbo-devel-0:1.2.1-3.el6_5
  • libjpeg-turbo-static-0:1.2.1-3.el6_5
refmap via4
confirm
debian DSA-2799
fedora
  • FEDORA-2013-23127
  • FEDORA-2013-23291
  • FEDORA-2013-23295
  • FEDORA-2013-23519
fulldisc 20131112 bugs in IJG jpeg6b & libjpeg-turbo
gentoo GLSA-201606-03
mandriva MDVSA-2013:273
sectrack
  • 1029470
  • 1029476
secunia 56175
suse
  • openSUSE-SU-2013:1776
  • openSUSE-SU-2013:1777
  • openSUSE-SU-2013:1861
  • openSUSE-SU-2013:1916
  • openSUSE-SU-2013:1917
  • openSUSE-SU-2013:1918
  • openSUSE-SU-2013:1957
  • openSUSE-SU-2013:1958
  • openSUSE-SU-2013:1959
  • openSUSE-SU-2014:0008
  • openSUSE-SU-2014:0065
ubuntu
  • USN-2052-1
  • USN-2053-1
  • USN-2060-1
Last major update 03-10-2016 - 21:59
Published 18-11-2013 - 23:50
Back to Top