Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

SUSE: 2020:2690-1 Low Severity: jasper Denial of Service and Memory Leak

suse
Calendar Grey September 21, 2020
Dist Suse Esm H88
SUSE Security Update: Security update for jasper ___________________________________________________
An update that fixes 17 vulnerabilities is now available

Summary

This update for jasper fixes the following issues: - CVE-2016-9398: Improved patch for already fixed issue (bsc#1010979). - CVE-2016-9399: Fix assert in calcstepsizes (bsc#1010980). - CVE-2016-9397: Fix assert in jpc_dequantize (bsc#1010786). - CVE-2016-9557: Fix signed integer overflow (bsc#1011829). - CVE-2017-5499: Validate component depth bit (bsc#1020451). - CVE-2017-5503: Check bounds in jas_seq2d_bindsub() (bsc#1020456). - CVE-2017-5504: Check bounds in jas_seq2d_bindsub() (bsc#1020458). - CVE-2017-5505: Check bounds in jas_seq2d_bindsub() (bsc#1020460). - CVE-2017-14132: Fix heap base overflow in by checking components (bsc#1057152). - CVE-2018-9154: Fixed a potential denial of service in jpc_dec_process_sot() (bsc#1092115).

References

#1010786 #1010979 #1010980 #1011829 #1020451

#1020456 #1020458 #1020460 #1045450 #1057152

#1088278 #1092115 #1114498 #1115637 #1117328

#1120805 #1120807

Cross- CVE-2016-9397 CVE-2016-9398 CVE-2016-9399

CVE-2016-9557 CVE-2017-14132 CVE-2017-5499

CVE-2017-5503 CVE-2017-5504 CVE-2017-5505

CVE-2017-9782 CVE-2018-18873 CVE-2018-19139

CVE-2018-19543 CVE-2018-20570 CVE-2018-20622

CVE-2018-9154 CVE-2018-9252

Affected Products:

SUSE Linux Enterprise Software Development Kit 12-SP5

SUSE Linux Enterprise Server 12-SP5

https://www.suse.com/security/cve/CVE-2016-9397.html

https://www.suse.com/security/cve/CVE-2016-9398.html

https://www.suse.com/security/cve/CVE-2016-9399.html

https://www.suse.com/security/cve/CVE-2016-9557.html

Severity
low
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2020:2690-1
Rating: low

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here