Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Scientific Linux: SLSA-2014:2021-1 Important: jasper Buffer Overflow

Calendar Dec 18, 2014 User Avatar LinuxSecurity Advisories
2 - 3 min read
Scientific Large Esm H500
Topics%20covered

Topics Covered

security advisory heap overflow important update jasper Scientific Linux
Important: jasper security update 
Date: Thu, 18 Dec 2014 20:03:40 +0000
Reply-To: scientific-linux-users@
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: Security ERRATA Important: jasper on SL6.x, SL7.x i386/x86_64
MIME-Version: 1.0

Synopsis: Important: jasper security update
Advisory ID: SLSA-2014:2021-1
Issue Date: 2014-12-18
CVE Numbers: CVE-2014-9029
 CVE-2014-8137
 CVE-2014-8138
--

Multiple off-by-one flaws, leading to heap-based buffer overflows, were
found in the way JasPer decoded JPEG 2000 image files. A specially crafted
file could cause an application using JasPer to crash or, possibly,
execute arbitrary code. (CVE-2014-9029)

A heap-based buffer overflow flaw was found in the way JasPer decoded JPEG
2000 image files. A specially crafted file could cause an application
using JasPer to crash or, possibly, execute arbitrary code.
(CVE-2014-8138)

A double free flaw was found in the way JasPer parsed ICC color profiles
in JPEG 2000 image files. A specially crafted file could cause an
application using JasPer to crash or, possibly, execute arbitrary code.
(CVE-2014-8137)

All applications using the JasPer libraries must be restarted for the
update to take effect.
--

SL6
 x86_64
 jasper-1.900.1-16.el6_6.2.x86_64.rpm
 jasper-debuginfo-1.900.1-16.el6_6.2.i686.rpm
 jasper-debuginfo-1.900.1-16.el6_6.2.x86_64.rpm
 jasper-libs-1.900.1-16.el6_6.2.i686.rpm
 jasper-libs-1.900.1-16.el6_6.2.x86_64.rpm
 jasper-devel-1.900.1-16.el6_6.2.i686.rpm
 jasper-devel-1.900.1-16.el6_6.2.x86_64.rpm
 jasper-utils-1.900.1-16.el6_6.2.x86_64.rpm
 i386
 jasper-1.900.1-16.el6_6.2.i686.rpm
 jasper-debuginfo-1.900.1-16.el6_6.2.i686.rpm
 jasper-libs-1.900.1-16.el6_6.2.i686.rpm
 jasper-devel-1.900.1-16.el6_6.2.i686.rpm
 jasper-utils-1.900.1-16.el6_6.2.i686.rpm
SL7
 x86_64
 jasper-debuginfo-1.900.1-26.el7_0.2.i686.rpm
 jasper-debuginfo-1.900.1-26.el7_0.2.x86_64.rpm
 jasper-libs-1.900.1-26.el7_0.2.i686.rpm
 jasper-libs-1.900.1-26.el7_0.2.x86_64.rpm
 jasper-1.900.1-26.el7_0.2.x86_64.rpm
 jasper-devel-1.900.1-26.el7_0.2.i686.rpm
 jasper-devel-1.900.1-26.el7_0.2.x86_64.rpm
 jasper-utils-1.900.1-26.el7_0.2.x86_64.rpm

- Scientific Linux Development Team
Your message here