Oracle Linux: CVE-2020-17541: ELSA-2021-4288: libjpeg-turbo security and bug fix update (MODERATE) (Multiple Advisories)
Description
Libjpeg-turbo all version have a stack-based buffer overflow in the "transform" component. A remote attacker can send a malformed jpeg file to the service and cause arbitrary code execution or denial of service of the target service. A stack-based buffer overflow flaw was found in libjpeg-turbo library in the tranform component. An attacker may use this flaw to input a malicious image file to an application utilizing this library, leading to arbitrary code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Solution(s)
- oracle-linux-upgrade-libjpeg-turbo
- oracle-linux-upgrade-libjpeg-turbo-devel
- oracle-linux-upgrade-libjpeg-turbo-utils
- oracle-linux-upgrade-turbojpeg
- oracle-linux-upgrade-turbojpeg-devel
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center