Mageia 2020-0463: jasper security update
Summary
There's a flaw in jasper's jpc encoder in versions prior to 2.0.23. Crafted
input provided to jasper by an attacker could cause an arbitrary out-of-bounds
write. This could potentially affect data confidentiality, integrity, or
application availability (CVE-2020-27828).
References
- https://bugs.mageia.org/show_bug.cgi?id=27842
- https://github.com/jasper-software/jasper/releases/tag/version-2.0.23
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27828
Resolution
MGASA-2020-0463 - Updated jasper packages fix security vulnerability
SRPMS
- 7/core/jasper-2.0.23-1.mga7