Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 531
Alerts This Week
Warning Icon 1 531

Fedora 24: jasper Critical Update #FEDORA-2016-e0f0d48142 DoS

fedora
Calendar Grey November 10, 2016
Scroller Fedora Esm H88
Fedora 24 upgrades the kernel with essential patches that mitigate various vulnerabilities, boosting overall system stability.
This update contains security fix for CVE-2016-8883, CVE-2016-8882, CVE-2016-8881, CVE-2016-8880, CVE-2016-8884, CVE-2016-8885, CVE-2016-8887, CVE-2016-8886

Summary

This package contains an implementation of the image compression

standard JPEG-2000, Part 1. It consists of tools for conversion to and

from the JP2 and JPC formats.

Update Information:

This update contains security fix for CVE-2016-8883, CVE-2016-8882, CVE-2016-8881, CVE-2016-8880, CVE-2016-8884, CVE-2016-8885, CVE-2016-8887, CVE-2016-8886. ---- New version of jasper is available (jasper-1.900.13). Security fix for CVE-2016-8690, CVE-2016-8691, CVE-2016-8692, CVE-2016-8693. ---- New version of jasper is available (1.900.3) ---- Security fix for CVE-2016-2089 ---- New version of jasper is available.

Change Log

References


[ 1 ] Bug #1385507 - CVE-2016-8693 jasper: Double free vulnerability in mem_close https://bugzilla.redhat.com/show_bug.cgi?id=1385507 [ 2 ] Bug #1385503 - CVE-2016-8692 jasper: Divide by zero in jpc_dec_process_siz https://bugzilla.redhat.com/show_bug.cgi?id=1385503 [ 3 ] Bug #1385502 - CVE-2016-8691 jasper: Divide by zero in jpc_dec_process_siz https://bugzilla.redhat.com/show_bug.cgi?id=1385502 [ 4 ] Bug #1385499 - CVE-2016-8690 jasper: Null pointer dereference in bmp_getdata triggered by crafted BMP image https://bugzilla.redhat.com/show_bug.cgi?id=1385499 [ 5 ] Bug #1302636 - CVE-2016-2089 jasper: matrix rows_ NULL pointer dereference in jas_matrix_clip() https://bugzilla.redhat.com/show_bug.cgi?id=1302636 [ 6 ] Bug #1388880 - CVE-2016-8886 jasper: memory allocation failure in jas_malloc https://bugzilla.redhat.com/show_bug.cgi?id=1388880 [ 7 ] Bug #1388828 - CVE-2016-8887 jasper: Null pointer dereference in jp2_colr_...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade jasper' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html

Severity
critical
Lowest
Low
Medium
High
Critical

Name: jasper
Product: Fedora 24
Version: 1.900.13
Release: 1.fc24
Summary: Implementation of the JPEG-2000 standard, Part 1

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.