MGASA-2020-0463 - Updated jasper packages fix security vulnerability Publication date: 17 Dec 2020 URL: https://advisories.mageia.org/MGASA-2020-0463.html Type: security Affected Mageia releases: 7 CVE: CVE-2020-27828 There's a flaw in jasper's jpc encoder in versions prior to 2.0.23. Crafted input provided to jasper by an attacker could cause an arbitrary out-of-bounds write. This could potentially affect data confidentiality, integrity, or application availability (CVE-2020-27828). References: - https://bugs.mageia.org/show_bug.cgi?id=27842 - https://github.com/jasper-software/jasper/releases/tag/version-2.0.23 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27828 SRPMS: - 7/core/jasper-2.0.23-1.mga7
Mageia 2020-0463: jasper security update
There's a flaw in jasper's jpc encoder in versions prior to 2.0.23
Summary
CVE: CVE-2020-27828
There's a flaw in jasper's jpc encoder in versions prior to 2.0.23. Crafted
input provided to jasper by an attacker could cause an arbitrary out-of-bounds
write. This could potentially affect data confidentiality, integrity, or
application availability (CVE-2020-27828).
Resolution
MGASA-2020-0463 - Updated jasper packages fix security vulnerability
References
- https://bugs.mageia.org/show_bug.cgi?id=27842
- https://github.com/jasper-software/jasper/releases/tag/version-2.0.23
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27828
Severity
Issued Date: 17 Dec 2020
URL: https://advisories.mageia.org/MGASA-2020-0463.html
Type: security
Affected Mageia releases: 7
News
HOWTOs
Features
Secure Linux Hosting for Businesses
What Is Threat Intelligence?
CloudLinux Simplifies & Enhances Linux Security with its TuxCare Unified Enterprise Support Services
LinuxSecurity, Leading Provider of Linux Security News and Information, Unveils its New Website
Biden’s New Executive Cybersecurity Order Highlights the Power of Open-Source Security
About Us
Powered By
