SciLinux: CVE-2014-9029 Important: jasper SL6.x, SL7.x i386/x86_64
Summary
Important: jasper security update
Date: Thu, 18 Dec 2014 20:03:40 +0000 Reply-To: scientific-linux-users@listserv.fnal.gov Sender: Security Errata for Scientific LinuxFrom: Pat Riehecky Subject: Security ERRATA Important: jasper on SL6.x, SL7.x i386/x86_64 MIME-Version: 1.0 Synopsis: Important: jasper security update Advisory ID: SLSA-2014:2021-1 Issue Date: 2014-12-18 CVE Numbers: CVE-2014-9029 CVE-2014-8137 CVE-2014-8138 -- Multiple off-by-one flaws, leading to heap-based buffer overflows, were found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. (CVE-2014-9029) A heap-based buffer overflow flaw was found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. (CVE-2014-8138) A double free flaw was found in the way JasPer parsed ICC color profiles in JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. (CVE-2014-8137) All applications using the JasPer libraries must be restarted for the update to take effect. -- SL6 x86_64 jasper-1.900.1-16.el6_6.2.x86_64.rpm jasper-debuginfo-1.900.1-16.el6_6.2.i686.rpm jasper-debuginfo-1.900.1-16.el6_6.2.x86_64.rpm jasper-libs-1.900.1-16.el6_6.2.i686.rpm jasper-libs-1.900.1-16.el6_6.2.x86_64.rpm jasper-devel-1.900.1-16.el6_6.2.i686.rpm jasper-devel-1.900.1-16.el6_6.2.x86_64.rpm jasper-utils-1.900.1-16.el6_6.2.x86_64.rpm i386 jasper-1.900.1-16.el6_6.2.i686.rpm jasper-debuginfo-1.900.1-16.el6_6.2.i686.rpm jasper-libs-1.900.1-16.el6_6.2.i686.rpm jasper-devel-1.900.1-16.el6_6.2.i686.rpm jasper-utils-1.900.1-16.el6_6.2.i686.rpm SL7 x86_64 jasper-debuginfo-1.900.1-26.el7_0.2.i686.rpm jasper-debuginfo-1.900.1-26.el7_0.2.x86_64.rpm jasper-libs-1.900.1-26.el7_0.2.i686.rpm jasper-libs-1.900.1-26.el7_0.2.x86_64.rpm jasper-1.900.1-26.el7_0.2.x86_64.rpm jasper-devel-1.900.1-26.el7_0.2.i686.rpm jasper-devel-1.900.1-26.el7_0.2.x86_64.rpm jasper-utils-1.900.1-26.el7_0.2.x86_64.rpm - Scientific Linux Development Team
Important: jasper security update