Log - Arch Linux

Log - Arch Linux

CVE-2019-2201 edited at 11 Nov 2019 16:23:15

References

	https://android.googlesource.com/platform/external/libjpeg-turbo/+/d3db2a2634c422286f75c4b38af98837f3d2f0ff
+	https://github.com/libjpeg-turbo/libjpeg-turbo/commit/2a9e3bd7430cfda1bc812d139e0609c6aca0b884

CVE-2019-2201 edited at 11 Nov 2019 16:09:58

Description

+	Several integer overflow issues and subsequent segfaults occur in libjpeg-turbo when attempting to compress or decompress gigapixel images.

AVG-1067 edited at 11 Nov 2019 16:06:38

Severity

-	Unknown
+	High

CVE-2019-2201 edited at 11 Nov 2019 16:06:38

Severity

-	Unknown
+	High

Remote

-	Unknown
+	Remote

Type

-	Unknown
+	Arbitrary code execution

Description

References

+	https://android.googlesource.com/platform/external/libjpeg-turbo/+/d3db2a2634c422286f75c4b38af98837f3d2f0ff

Notes

AVG-1067 edited at 11 Nov 2019 16:03:49

Advisory qualified

-	Yes
+	No

AVG-1067 created at 11 Nov 2019 16:03:46

Packages

+	libjpeg-turbo

Issues

+	CVE-2019-2201

Status

+

Fixed

Severity

+

Unknown

Affected

+

2.0.2-1

Fixed

+

2.0.3-1

Ticket

Advisory qualified

+

Yes

References

Notes

CVE-2019-2201 created at 11 Nov 2019 16:03:46

AVG-1064 edited at 11 Nov 2019 08:44:57

Status

-	Testing
+	Fixed

AVG-1065 edited at 11 Nov 2019 08:44:57

Status

-	Testing
+	Fixed

AVG-1066 edited at 11 Nov 2019 08:44:57

Status

-	Testing
+	Fixed

ASA-201911-9 edited at 07 Nov 2019 17:56:12

ASA-201911-8 edited at 07 Nov 2019 11:39:31

Workaround

	- CVE-2019-12526

	Deny urn: protocol URI being proxied to all clients:

	acl URN proto URN
	http_access deny URN

	- CVE-2019-18678

	There are no workarounds for this vulnerability.

	- CVE-2019-18679

-	Digest authentication can be disabled by removing all 'auth_param digest ...' configuration settings from squid.conf.
+	Digest authentication can be disabled by removing all 'auth_param
+	digest ...' configuration settings from squid.conf.