ALAS-2014-337

Amazon Linux 1 (EOL) Security Advisory: ALAS-2014-337
Advisory Released Date: 2014-05-13
Advisory Updated Date: 2014-09-18

Severity: Medium

References: CVE-2013-6369
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

Stack-based buffer overflow in the jbg_dec_in function in libjbig/jbig.c in JBIG-KIT before 2.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted image file.

Affected Packages:

jbigkit

Issue Correction:
Run yum update jbigkit to update your system.

New Packages:

i686:
    jbigkit-debuginfo-2.0-11.4.amzn1.i686
    jbigkit-libs-2.0-11.4.amzn1.i686
    jbigkit-2.0-11.4.amzn1.i686
    jbigkit-devel-2.0-11.4.amzn1.i686

src:
    jbigkit-2.0-11.4.amzn1.src

x86_64:
    jbigkit-2.0-11.4.amzn1.x86_64
    jbigkit-devel-2.0-11.4.amzn1.x86_64
    jbigkit-debuginfo-2.0-11.4.amzn1.x86_64
    jbigkit-libs-2.0-11.4.amzn1.x86_64

Additional References

Red Hat: CVE-2013-6369

Mitre: CVE-2013-6369