Mandriva Linux Security Advisory : jbigkit (MDVSA-2015:101)
Medium Nessus Plugin ID 82354
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionUpdated jbigkit packages fix security vulnerability :
Florian Weimer found a stack-based buffer overflow flaw in the libjbig library (part of jbigkit). A specially crafted image file read by libjbig could be used to cause a program linked to libjbig to crash or, potentially, to execute arbitrary code (CVE-2013-6369).
The jbigkit package has been updated to version 2.1, which fixes this issue, as well as a few other bugs, including the ability of corrupted input data to force the jbig85 decoder into an end-less loop.
SolutionUpdate the affected jbigkit, lib64jbig-devel and / or lib64jbig1 packages.