SUSE: 2017:0946-1 Important: Jasper Heap Overflow Critical Update

suse

April 5, 2017

An update that fixes 10 vulnerabilities is now available

Summary

This update for jasper fixes the following issues: Security issues fixed: - CVE-2016-8654: Heap-based buffer overflow in QMFB code in JPC codec (bsc#1012530) - CVE-2016-9395: Missing sanity checks on the data in a SIZ marker segment (bsc#1010977). - CVE-2016-9398: jpc_math.c:94: int jpc_floorlog2(int): Assertion 'x > 0' failed. (bsc#1010979) - CVE-2016-9560: stack-based buffer overflow in jpc_tsfb_getbands2 (jpc_tsfb.c) (bsc#1011830) - CVE-2016-9583: Out of bounds heap read in jpc_pi_nextpcrl() (bsc#1015400) - CVE-2016-9591: Use-after-free on heap in jas_matrix_destroy (bsc#1015993) - CVE-2016-9600: Null Pointer Dereference due to missing check for UNKNOWN color space in JP2 encoder (bsc#1018088) - CVE-2016-10251: Use of uninitialized value in jpc_pi_nextcprl (jpc_t2cod.c) (bsc#1029497)

Topics Covered

security advisory buffer overflow DoS important heap overflow SUSE Linux jasper

References

#1010977 #1010979 #1011830 #1012530 #1015400

#1015993 #1018088 #1020353 #1021868 #1029497

Cross- CVE-2016-10251 CVE-2016-8654 CVE-2016-9395

CVE-2016-9398 CVE-2016-9560 CVE-2016-9583

CVE-2016-9591 CVE-2016-9600 CVE-2017-5498

CVE-2017-6850

Affected Products:

SUSE Linux Enterprise Software Development Kit 11-SP4

SUSE Linux Enterprise Server 11-SP4

SUSE Linux Enterprise Debuginfo 11-SP4

https://www.suse.com/security/cve/CVE-2016-10251.html

https://www.suse.com/security/cve/CVE-2016-8654.html

https://www.suse.com/security/cve/CVE-2016-9395.html

https://www.suse.com/security/cve/CVE-2016-9398.html

https://www.suse.com/security/cve/CVE-2016-9560.html

https://www.suse.com/security/cve/CVE-2016-9583.html

Severity

important

Lowest

Low

Medium

High

Critical

Announcement ID: SUSE-SU-2017:0946-1

Rating: important

Topics Covered

security advisory buffer overflow DoS important heap overflow SUSE Linux jasper

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2017:0946-1 Important: Jasper Heap Overflow Critical Update

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2017:0946-1 Important: Jasper Heap Overflow Critical Update

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!