Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 529
Alerts This Week
Warning Icon 1 529

Fedora 23: Jasper Security Update - Critical Fixes Address Multiple Issues

fedora
Calendar Grey November 10, 2016
Dist Fedora Esm H88
Enhance Jasper on Fedora 23 through various security patches that rectify severe vulnerabilities and elevate overall system reliability.
This update contains security fix for CVE-2016-8883, CVE-2016-8882, CVE-2016-8881, CVE-2016-8880, CVE-2016-8884, CVE-2016-8885, CVE-2016-8887, CVE-2016-8886

Summary

This package contains an implementation of the image compression

standard JPEG-2000, Part 1. It consists of tools for conversion to and

from the JP2 and JPC formats.

Update Information:

This update contains security fix for CVE-2016-8883, CVE-2016-8882, CVE-2016-8881, CVE-2016-8880, CVE-2016-8884, CVE-2016-8885, CVE-2016-8887, CVE-2016-8886. ---- New version of jasper is available (jasper-1.900.13). Security fix for CVE-2016-8690, CVE-2016-8691, CVE-2016-8692, CVE-2016-8693. ---- New version of jasper is available (1.900.3) ---- Security fix for CVE-2016-2089 ---- New version of jasper is available.

Change Log

References


[ 1 ] Bug #1385507 - CVE-2016-8693 jasper: Double free vulnerability in mem_close https://bugzilla.redhat.com/show_bug.cgi?id=1385507 [ 2 ] Bug #1385503 - CVE-2016-8692 jasper: Divide by zero in jpc_dec_process_siz https://bugzilla.redhat.com/show_bug.cgi?id=1385503 [ 3 ] Bug #1385502 - CVE-2016-8691 jasper: Divide by zero in jpc_dec_process_siz https://bugzilla.redhat.com/show_bug.cgi?id=1385502 [ 4 ] Bug #1385499 - CVE-2016-8690 jasper: Null pointer dereference in bmp_getdata triggered by crafted BMP image https://bugzilla.redhat.com/show_bug.cgi?id=1385499 [ 5 ] Bug #1302636 - CVE-2016-2089 jasper: matrix rows_ NULL pointer dereference in jas_matrix_clip() https://bugzilla.redhat.com/show_bug.cgi?id=1302636 [ 6 ] Bug #1388880 - CVE-2016-8886 jasper: memory allocation failure in jas_malloc https://bugzilla.redhat.com/show_bug.cgi?id=1388880 [ 7 ] Bug #1388828 - CVE-2016-8887 jasper: Null pointer dereference in jp2_colr_...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade jasper' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html

Severity
critical
Lowest
Low
Medium
High
Critical

Name: jasper
Product: Fedora 23
Version: 1.900.13
Release: 1.fc23
Summary: Implementation of the JPEG-2000 standard, Part 1

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.