SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-200606-11 (JPEG library: Denial of Service)
Tavis Ormandy of the Gentoo Linux Auditing Team discovered that the vulnerable JPEG library ebuilds compile JPEG without the --maxmem feature which is not recommended.
By enticing a user to load a specially crafted JPEG image file an attacker could cause a Denial of Service, due to memory exhaustion.
There is no known workaround at this time.
SolutionJPEG users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=media-libs/jpeg-6b-r7'