Stay Vigilant with Timely Linux Security Advisories

Loading...

security advisorybuffer overflowFedora

Fedora 23: Jasper Security Update - Critical Fixes Address Multiple Issues

This update contains security fix for CVE-2016-8883, CVE-2016-8882, CVE-2016-8881, CVE-2016-8880, CVE-2016-8884, CVE-2016-8885, CVE-2016-8887, CVE-2016-8886. ---- New version of jasper is available (jasper-1.900.13). Security fix for CVE-2016-8690, CVE-2016-8691, CVE-2016-8692, CVE-2016-8693. ---- New version of jasper is available (1.900.3) ---- Security fix for. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2016-6c789ba91d 2016-11-10 13:46:09.606970 -------------------------------------------------------------------------------- Name : jasper Product : Fedora 23 Version : 1.900.13 Release : 1.fc23 URL : https://www.ece.uvic.ca/~frodo/jasper/ Summary : Implementation of the JPEG-2000 standard, Part 1 Description : This package contains an implementation of the image compression standard JPEG-2000, Part 1. It consists of tools for conversion to and from the JP2 and JPC formats. -------------------------------------------------------------------------------- Update Information: This update contains security fix for CVE-2016-8883, CVE-2016-8882, CVE-2016-8881, CVE-2016-8880, CVE-2016-8884, CVE-2016-8885, CVE-2016-8887, CVE-2016-8886. ---- New version of jasper is available (jasper-1.900.13). Security fix for CVE-2016-8690, CVE-2016-8691, CVE-2016-8692, CVE-2016-8693. ---- New version of jasper is available (1.900.3) ---- Security fix for CVE-2016-2089 ---- New version of jasper is available. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1385507 - CVE-2016-8693 jasper: Double free vulnerability in mem_close https://bugzilla.redhat.com/show_bug.cgi?id=1385507 [ 2 ] Bug #1385503 - CVE-2016-8692 jasper: Divide by zero in jpc_dec_process_siz https://bugzilla.redhat.com/show_bug.cgi?id=1385503 [ 3 ] Bug #1385502 - CVE-2016-8691 jasper: Divide by zero in jpc_dec_process_siz https://bugzilla.redhat.com/show_bug.cgi?id=1385502 [ 4 ] Bug #1385499 - CVE-2016-8690 jasper: Null pointer dereference in bmp_getdata triggered by crafted BMP image https://bugzilla.redhat.com/show_bug.cgi?id=1385499 [ 5 ] Bug #1302636 - CVE-2016-2089 jasper: matrix rows_ NULL pointer dereference in jas_matrix_clip() https://bugzilla.redhat.com/show_bug.cgi?id=1302636 [ 6 ] Bug #1388880 - CVE-2016-8886 jasper: memory allocation failure in jas_malloc https://bugzilla.redhat.com/show_bug.cgi?id=1388880 [ 7 ] Bug #1388828 - CVE-2016-8887 jasper: Null pointer dereference in jp2_colr_destroy https://bugzilla.redhat.com/show_bug.cgi?id=1388828 [ 8 ] Bug #1388829 - jasper: Null pointer dereference in jp2_colr_destroy (incomplete fix for CVE-2016-8887) https://bugzilla.redhat.com/show_bug.cgi?id=1388829 [ 9 ] Bug #1388831 - CVE-2016-8884 CVE-2016-8885 jasper: Null pointer dereference in bmp_getdata (incomplete fix for CVE-2016-8690) https://bugzilla.redhat.com/show_bug.cgi?id=1388831 [ 10 ] Bug #1388840 - jasper: Heap-based buffer overflow in jpc_dec_tiledecode https://bugzilla.redhat.com/show_bug.cgi?id=1388840 [ 11 ] Bug #1388863 - CVE-2016-8880 jasper: Heap buffer overflow in jpc_dec_cp_setfromcox() https://bugzilla.redhat.com/show_bug.cgi?id=1388863 [ 12 ] Bug #1388864 - CVE-2016-8881 jasper: Heap buffer overflow in jpc_getuint16() https://bugzilla.redhat.com/show_bug.cgi?id=1388864 [ 13 ] Bug #1388866 - CVE-2016-8882 jasper: Null pointer access in jpc_pi_destroy https://bugzilla.redhat.com/show_bug.cgi?id=1388866 [ 14 ] Bug #1388870 - CVE-2016-8883 jasper: Assert in jpc_dec_tiledecode() https://bugzilla.redhat.com/show_bug.cgi?id=1388870 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade jasper' at the command line. For more information, refer to the dnf documentation availableat https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. . Enhance Jasper on Fedora 23 through various security patches that rectify severe vulnerabilities and elevate overall system reliability.. jasper update, fedora security, image compression fixes, memory management. . Severity: Critical. LinuxSecurity.com Team

Nov 10, 2016 •Critical Fedora

security advisorydebianheap overflow

Debian: DSA-3138-1 Critical: JasPer Heap Overflow and Memory Flaws

An off-by-one flaw, leading to a heap-based buffer overflow (CVE-2014-8157), and an unrestricted stack memory use flaw (CVE-2014-8158) were found in JasPer, a library for manipulating JPEG-2000 files. A specially crafted file could cause an application . - ------------------------------------------------------------------------- Debian Security Advisory DSA-3138-1 This email address is being protected from spambots. You need JavaScript enabled to view it. http://www.debian.org/security/ Salvatore Bonaccorso January 25, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : jasper CVE ID : CVE-2014-8157 CVE-2014-8158 Debian Bug : 775970 An off-by-one flaw, leading to a heap-based buffer overflow (CVE-2014-8157), and an unrestricted stack memory use flaw (CVE-2014-8158) were found in JasPer, a library for manipulating JPEG-2000 files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. For the stable distribution (wheezy), these problems have been fixed in version 1.900.1-13+deb7u3. For the upcoming stable distribution (jessie) and the unstable distribution (sid), these problems will be fixed soon. We recommend that you upgrade your jasper packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Debian has released advisory DSA-3145-3, pertaining to a critical buffer overflow and memory corruption in the libpng library, urging users to update immediately.. Heap Overflow, Jasper Security Update, Memory Flaw, Debian Advisory, Software Update. . Severity: Critical. LinuxSecurity.com Team

Jan 25, 2015 •Critical Debian

security advisorybuffer overflowRed Hat Enterprise Linux

Red Hat: RHSA-2015:0074-01 Important: Jasper Buffer Overflow Update

Updated jasper packages that fix two security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Important: jasper security update Advisory ID: RHSA-2015:0074-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2015:0074.html Issue date: 2015-01-22 CVE Names: CVE-2014-8157 CVE-2014-8158 ==================================================================== 1. Summary: Updated jasper packages that fix two security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red HatEnterprise Linux Workstation Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: JasPer is an implementation of Part 1 of the JPEG 2000 image compression standard. An off-by-one flaw, leading to a heap-based buffer overflow, was found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. (CVE-2014-8157) An unrestricted stack memory use flaw was found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. (CVE-2014-8158) Red Hat would like to thank oCERT for reporting these issues. oCERT acknowledges pyddeh as the original reporter. All JasPer users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All applications using the JasPer libraries must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1179282 - CVE-2014-8157 jasper: dec-> numtiles off-by-one check in jpc_dec_process_sot() (oCERT-2015-001) 1179298 - CVE-2014-8158 jasper: unrestricted stack memory use in jpc_qmfb.c (oCERT-2015-001) 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: jasper-1.900.1-16.el6_6.3.src.rpm i386: jasper-1.900.1-16.el6_6.3.i686.rpm jasper-debuginfo-1.900.1-16.el6_6.3.i686.rpm jasper-libs-1.900.1-16.el6_6.3.i686.rpm x86_64: jasper-1.900.1-16.el6_6.3.x86_64.rpm jasper-debuginfo-1.900.1-16.el6_6.3.i686.rpm jasper-debuginfo-1.900.1-16.el6_6.3.x86_64.rpm jasper-libs-1.900.1-16.el6_6.3.i686.rpm jasper-libs-1.900.1-16.el6_6.3.x86_64.rpm Red HatEnterprise Linux Desktop Optional (v. 6): i386: jasper-debuginfo-1.900.1-16.el6_6.3.i686.rpm jasper-devel-1.900.1-16.el6_6.3.i686.rpm jasper-utils-1.900.1-16.el6_6.3.i686.rpm x86_64: jasper-debuginfo-1.900.1-16.el6_6.3.i686.rpm jasper-debuginfo-1.900.1-16.el6_6.3.x86_64.rpm jasper-devel-1.900.1-16.el6_6.3.i686.rpm jasper-devel-1.900.1-16.el6_6.3.x86_64.rpm jasper-utils-1.900.1-16.el6_6.3.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: jasper-1.900.1-16.el6_6.3.src.rpm x86_64: jasper-debuginfo-1.900.1-16.el6_6.3.i686.rpm jasper-debuginfo-1.900.1-16.el6_6.3.x86_64.rpm jasper-libs-1.900.1-16.el6_6.3.i686.rpm jasper-libs-1.900.1-16.el6_6.3.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: jasper-1.900.1-16.el6_6.3.x86_64.rpm jasper-debuginfo-1.900.1-16.el6_6.3.i686.rpm jasper-debuginfo-1.900.1-16.el6_6.3.x86_64.rpm jasper-devel-1.900.1-16.el6_6.3.i686.rpm jasper-devel-1.900.1-16.el6_6.3.x86_64.rpm jasper-utils-1.900.1-16.el6_6.3.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: jasper-1.900.1-16.el6_6.3.src.rpm i386: jasper-1.900.1-16.el6_6.3.i686.rpm jasper-debuginfo-1.900.1-16.el6_6.3.i686.rpm jasper-libs-1.900.1-16.el6_6.3.i686.rpm ppc64: jasper-1.900.1-16.el6_6.3.ppc64.rpm jasper-debuginfo-1.900.1-16.el6_6.3.ppc.rpm jasper-debuginfo-1.900.1-16.el6_6.3.ppc64.rpm jasper-libs-1.900.1-16.el6_6.3.ppc.rpm jasper-libs-1.900.1-16.el6_6.3.ppc64.rpm s390x: jasper-1.900.1-16.el6_6.3.s390x.rpm jasper-debuginfo-1.900.1-16.el6_6.3.s390.rpm jasper-debuginfo-1.900.1-16.el6_6.3.s390x.rpm jasper-libs-1.900.1-16.el6_6.3.s390.rpm jasper-libs-1.900.1-16.el6_6.3.s390x.rpm x86_64: jasper-1.900.1-16.el6_6.3.x86_64.rpm jasper-debuginfo-1.900.1-16.el6_6.3.i686.rpm jasper-debuginfo-1.900.1-16.el6_6.3.x86_64.rpm jasper-libs-1.900.1-16.el6_6.3.i686.rpm jasper-libs-1.900.1-16.el6_6.3.x86_64.rpm Red Hat Enterprise Linux Server Optional (v.6): i386: jasper-debuginfo-1.900.1-16.el6_6.3.i686.rpm jasper-devel-1.900.1-16.el6_6.3.i686.rpm jasper-utils-1.900.1-16.el6_6.3.i686.rpm ppc64: jasper-debuginfo-1.900.1-16.el6_6.3.ppc.rpm jasper-debuginfo-1.900.1-16.el6_6.3.ppc64.rpm jasper-devel-1.900.1-16.el6_6.3.ppc.rpm jasper-devel-1.900.1-16.el6_6.3.ppc64.rpm jasper-utils-1.900.1-16.el6_6.3.ppc64.rpm s390x: jasper-debuginfo-1.900.1-16.el6_6.3.s390.rpm jasper-debuginfo-1.900.1-16.el6_6.3.s390x.rpm jasper-devel-1.900.1-16.el6_6.3.s390.rpm jasper-devel-1.900.1-16.el6_6.3.s390x.rpm jasper-utils-1.900.1-16.el6_6.3.s390x.rpm x86_64: jasper-debuginfo-1.900.1-16.el6_6.3.i686.rpm jasper-debuginfo-1.900.1-16.el6_6.3.x86_64.rpm jasper-devel-1.900.1-16.el6_6.3.i686.rpm jasper-devel-1.900.1-16.el6_6.3.x86_64.rpm jasper-utils-1.900.1-16.el6_6.3.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: jasper-1.900.1-16.el6_6.3.src.rpm i386: jasper-1.900.1-16.el6_6.3.i686.rpm jasper-debuginfo-1.900.1-16.el6_6.3.i686.rpm jasper-libs-1.900.1-16.el6_6.3.i686.rpm x86_64: jasper-1.900.1-16.el6_6.3.x86_64.rpm jasper-debuginfo-1.900.1-16.el6_6.3.i686.rpm jasper-debuginfo-1.900.1-16.el6_6.3.x86_64.rpm jasper-libs-1.900.1-16.el6_6.3.i686.rpm jasper-libs-1.900.1-16.el6_6.3.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: jasper-debuginfo-1.900.1-16.el6_6.3.i686.rpm jasper-devel-1.900.1-16.el6_6.3.i686.rpm jasper-utils-1.900.1-16.el6_6.3.i686.rpm x86_64: jasper-debuginfo-1.900.1-16.el6_6.3.i686.rpm jasper-debuginfo-1.900.1-16.el6_6.3.x86_64.rpm jasper-devel-1.900.1-16.el6_6.3.i686.rpm jasper-devel-1.900.1-16.el6_6.3.x86_64.rpm jasper-utils-1.900.1-16.el6_6.3.x86_64.rpm Red Hat Enterprise Linux Client (v. 7): Source: jasper-1.900.1-26.el7_0.3.src.rpm x86_64: jasper-debuginfo-1.900.1-26.el7_0.3.i686.rpm jasper-debuginfo-1.900.1-26.el7_0.3.x86_64.rpm jasper-libs-1.900.1-26.el7_0.3.i686.rpm jasper-libs-1.900.1-26.el7_0.3.x86_64.rpm Red Hat Enterprise Linux Client Optional (v.7): x86_64: jasper-1.900.1-26.el7_0.3.x86_64.rpm jasper-debuginfo-1.900.1-26.el7_0.3.i686.rpm jasper-debuginfo-1.900.1-26.el7_0.3.x86_64.rpm jasper-devel-1.900.1-26.el7_0.3.i686.rpm jasper-devel-1.900.1-26.el7_0.3.x86_64.rpm jasper-utils-1.900.1-26.el7_0.3.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: jasper-1.900.1-26.el7_0.3.src.rpm x86_64: jasper-debuginfo-1.900.1-26.el7_0.3.i686.rpm jasper-debuginfo-1.900.1-26.el7_0.3.x86_64.rpm jasper-libs-1.900.1-26.el7_0.3.i686.rpm jasper-libs-1.900.1-26.el7_0.3.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: jasper-1.900.1-26.el7_0.3.x86_64.rpm jasper-debuginfo-1.900.1-26.el7_0.3.i686.rpm jasper-debuginfo-1.900.1-26.el7_0.3.x86_64.rpm jasper-devel-1.900.1-26.el7_0.3.i686.rpm jasper-devel-1.900.1-26.el7_0.3.x86_64.rpm jasper-utils-1.900.1-26.el7_0.3.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: jasper-1.900.1-26.el7_0.3.src.rpm ppc64: jasper-debuginfo-1.900.1-26.el7_0.3.ppc.rpm jasper-debuginfo-1.900.1-26.el7_0.3.ppc64.rpm jasper-libs-1.900.1-26.el7_0.3.ppc.rpm jasper-libs-1.900.1-26.el7_0.3.ppc64.rpm s390x: jasper-debuginfo-1.900.1-26.el7_0.3.s390.rpm jasper-debuginfo-1.900.1-26.el7_0.3.s390x.rpm jasper-libs-1.900.1-26.el7_0.3.s390.rpm jasper-libs-1.900.1-26.el7_0.3.s390x.rpm x86_64: jasper-debuginfo-1.900.1-26.el7_0.3.i686.rpm jasper-debuginfo-1.900.1-26.el7_0.3.x86_64.rpm jasper-libs-1.900.1-26.el7_0.3.i686.rpm jasper-libs-1.900.1-26.el7_0.3.x86_64.rpm Red Hat Enterprise Linux Server Optional (v.7): ppc64: jasper-1.900.1-26.el7_0.3.ppc64.rpm jasper-debuginfo-1.900.1-26.el7_0.3.ppc.rpm jasper-debuginfo-1.900.1-26.el7_0.3.ppc64.rpm jasper-devel-1.900.1-26.el7_0.3.ppc.rpm jasper-devel-1.900.1-26.el7_0.3.ppc64.rpm jasper-utils-1.900.1-26.el7_0.3.ppc64.rpm s390x: jasper-1.900.1-26.el7_0.3.s390x.rpm jasper-debuginfo-1.900.1-26.el7_0.3.s390.rpm jasper-debuginfo-1.900.1-26.el7_0.3.s390x.rpm jasper-devel-1.900.1-26.el7_0.3.s390.rpm jasper-devel-1.900.1-26.el7_0.3.s390x.rpm jasper-utils-1.900.1-26.el7_0.3.s390x.rpm x86_64: jasper-1.900.1-26.el7_0.3.x86_64.rpm jasper-debuginfo-1.900.1-26.el7_0.3.i686.rpm jasper-debuginfo-1.900.1-26.el7_0.3.x86_64.rpm jasper-devel-1.900.1-26.el7_0.3.i686.rpm jasper-devel-1.900.1-26.el7_0.3.x86_64.rpm jasper-utils-1.900.1-26.el7_0.3.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: jasper-1.900.1-26.el7_0.3.src.rpm x86_64: jasper-debuginfo-1.900.1-26.el7_0.3.i686.rpm jasper-debuginfo-1.900.1-26.el7_0.3.x86_64.rpm jasper-libs-1.900.1-26.el7_0.3.i686.rpm jasper-libs-1.900.1-26.el7_0.3.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: jasper-1.900.1-26.el7_0.3.x86_64.rpm jasper-debuginfo-1.900.1-26.el7_0.3.i686.rpm jasper-debuginfo-1.900.1-26.el7_0.3.x86_64.rpm jasper-devel-1.900.1-26.el7_0.3.i686.rpm jasper-devel-1.900.1-26.el7_0.3.x86_64.rpm jasper-utils-1.900.1-26.el7_0.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2014-8157 https://access.redhat.com/security/cve/CVE-2014-8158 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUwXEjXlSAg2UNWIIRArTTAJ9ycpsnuqSa6BKYuq1wupLgmeGz4gCgu01+ Hz2qV+NpUYNco6PpQoJfxZI=zHd5 -----END PGPSIGNATURE----- -- Enterprise-watch-list mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . This bulletin highlights urgent vulnerabilities related to Jasper software affecting both CentOS 6 and 7, accompanied by essential patches.. Red Hat, Jasper, buffer overflow, security update. . Severity: Important. LinuxSecurity.com Team

Jan 22, 2015 •Important Red Hat

security advisorysecurity issuered hat

Red Hat: RHSA-2014:2021-01 Important: Jasper Code Execution Risks

Updated jasper packages that fix three security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security [More...]. ==================================================================== Red Hat Security Advisory Synopsis: Important: jasper security update Advisory ID: RHSA-2014:2021-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2014:2021.html Issue date: 2014-12-18 CVE Names: CVE-2014-8137 CVE-2014-8138 CVE-2014-9029 ==================================================================== 1. Summary: Updated jasper packages that fix three security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux WorkstationOptional (v. 7) - x86_64 3. Description: JasPer is an implementation of Part 1 of the JPEG 2000 image compression standard. Multiple off-by-one flaws, leading to heap-based buffer overflows, were found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. (CVE-2014-9029) A heap-based buffer overflow flaw was found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. (CVE-2014-8138) A double free flaw was found in the way JasPer parsed ICC color profiles in JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. (CVE-2014-8137) Red Hat would like to thank oCERT for reporting these issues. oCERT acknowledges Jose Duart of the Google Security Team as the original reporter. All JasPer users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All applications using the JasPer libraries must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1167537 - CVE-2014-9029 jasper: incorrect component number check in COC, RGN and QCC marker segment decoders (oCERT-2014-009) 1173157 - CVE-2014-8137 jasper: double-free in in jas_iccattrval_destroy() (oCERT-2014-012) 1173162 - CVE-2014-8138 jasper: heap overflow in jp2_decode() (oCERT-2014-012) 6. Package List: Red Hat Enterprise Linux Desktop (v.6): Source: jasper-1.900.1-16.el6_6.2.src.rpm i386: jasper-1.900.1-16.el6_6.2.i686.rpm jasper-debuginfo-1.900.1-16.el6_6.2.i686.rpm jasper-libs-1.900.1-16.el6_6.2.i686.rpm x86_64: jasper-1.900.1-16.el6_6.2.x86_64.rpm jasper-debuginfo-1.900.1-16.el6_6.2.i686.rpm jasper-debuginfo-1.900.1-16.el6_6.2.x86_64.rpm jasper-libs-1.900.1-16.el6_6.2.i686.rpm jasper-libs-1.900.1-16.el6_6.2.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: jasper-debuginfo-1.900.1-16.el6_6.2.i686.rpm jasper-devel-1.900.1-16.el6_6.2.i686.rpm jasper-utils-1.900.1-16.el6_6.2.i686.rpm x86_64: jasper-debuginfo-1.900.1-16.el6_6.2.i686.rpm jasper-debuginfo-1.900.1-16.el6_6.2.x86_64.rpm jasper-devel-1.900.1-16.el6_6.2.i686.rpm jasper-devel-1.900.1-16.el6_6.2.x86_64.rpm jasper-utils-1.900.1-16.el6_6.2.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: jasper-1.900.1-16.el6_6.2.src.rpm x86_64: jasper-debuginfo-1.900.1-16.el6_6.2.i686.rpm jasper-debuginfo-1.900.1-16.el6_6.2.x86_64.rpm jasper-libs-1.900.1-16.el6_6.2.i686.rpm jasper-libs-1.900.1-16.el6_6.2.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: jasper-1.900.1-16.el6_6.2.x86_64.rpm jasper-debuginfo-1.900.1-16.el6_6.2.i686.rpm jasper-debuginfo-1.900.1-16.el6_6.2.x86_64.rpm jasper-devel-1.900.1-16.el6_6.2.i686.rpm jasper-devel-1.900.1-16.el6_6.2.x86_64.rpm jasper-utils-1.900.1-16.el6_6.2.x86_64.rpm Red Hat Enterprise Linux Server (v.6): Source: jasper-1.900.1-16.el6_6.2.src.rpm i386: jasper-1.900.1-16.el6_6.2.i686.rpm jasper-debuginfo-1.900.1-16.el6_6.2.i686.rpm jasper-libs-1.900.1-16.el6_6.2.i686.rpm ppc64: jasper-1.900.1-16.el6_6.2.ppc64.rpm jasper-debuginfo-1.900.1-16.el6_6.2.ppc.rpm jasper-debuginfo-1.900.1-16.el6_6.2.ppc64.rpm jasper-libs-1.900.1-16.el6_6.2.ppc.rpm jasper-libs-1.900.1-16.el6_6.2.ppc64.rpm s390x: jasper-1.900.1-16.el6_6.2.s390x.rpm jasper-debuginfo-1.900.1-16.el6_6.2.s390.rpm jasper-debuginfo-1.900.1-16.el6_6.2.s390x.rpm jasper-libs-1.900.1-16.el6_6.2.s390.rpm jasper-libs-1.900.1-16.el6_6.2.s390x.rpm x86_64: jasper-1.900.1-16.el6_6.2.x86_64.rpm jasper-debuginfo-1.900.1-16.el6_6.2.i686.rpm jasper-debuginfo-1.900.1-16.el6_6.2.x86_64.rpm jasper-libs-1.900.1-16.el6_6.2.i686.rpm jasper-libs-1.900.1-16.el6_6.2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: jasper-debuginfo-1.900.1-16.el6_6.2.i686.rpm jasper-devel-1.900.1-16.el6_6.2.i686.rpm jasper-utils-1.900.1-16.el6_6.2.i686.rpm ppc64: jasper-debuginfo-1.900.1-16.el6_6.2.ppc.rpm jasper-debuginfo-1.900.1-16.el6_6.2.ppc64.rpm jasper-devel-1.900.1-16.el6_6.2.ppc.rpm jasper-devel-1.900.1-16.el6_6.2.ppc64.rpm jasper-utils-1.900.1-16.el6_6.2.ppc64.rpm s390x: jasper-debuginfo-1.900.1-16.el6_6.2.s390.rpm jasper-debuginfo-1.900.1-16.el6_6.2.s390x.rpm jasper-devel-1.900.1-16.el6_6.2.s390.rpm jasper-devel-1.900.1-16.el6_6.2.s390x.rpm jasper-utils-1.900.1-16.el6_6.2.s390x.rpm x86_64: jasper-debuginfo-1.900.1-16.el6_6.2.i686.rpm jasper-debuginfo-1.900.1-16.el6_6.2.x86_64.rpm jasper-devel-1.900.1-16.el6_6.2.i686.rpm jasper-devel-1.900.1-16.el6_6.2.x86_64.rpm jasper-utils-1.900.1-16.el6_6.2.x86_64.rpm Red Hat Enterprise Linux Workstation (v.6): Source: jasper-1.900.1-16.el6_6.2.src.rpm i386: jasper-1.900.1-16.el6_6.2.i686.rpm jasper-debuginfo-1.900.1-16.el6_6.2.i686.rpm jasper-libs-1.900.1-16.el6_6.2.i686.rpm x86_64: jasper-1.900.1-16.el6_6.2.x86_64.rpm jasper-debuginfo-1.900.1-16.el6_6.2.i686.rpm jasper-debuginfo-1.900.1-16.el6_6.2.x86_64.rpm jasper-libs-1.900.1-16.el6_6.2.i686.rpm jasper-libs-1.900.1-16.el6_6.2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: jasper-debuginfo-1.900.1-16.el6_6.2.i686.rpm jasper-devel-1.900.1-16.el6_6.2.i686.rpm jasper-utils-1.900.1-16.el6_6.2.i686.rpm x86_64: jasper-debuginfo-1.900.1-16.el6_6.2.i686.rpm jasper-debuginfo-1.900.1-16.el6_6.2.x86_64.rpm jasper-devel-1.900.1-16.el6_6.2.i686.rpm jasper-devel-1.900.1-16.el6_6.2.x86_64.rpm jasper-utils-1.900.1-16.el6_6.2.x86_64.rpm Red Hat Enterprise Linux Client (v. 7): Source: jasper-1.900.1-26.el7_0.2.src.rpm x86_64: jasper-debuginfo-1.900.1-26.el7_0.2.i686.rpm jasper-debuginfo-1.900.1-26.el7_0.2.x86_64.rpm jasper-libs-1.900.1-26.el7_0.2.i686.rpm jasper-libs-1.900.1-26.el7_0.2.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: jasper-1.900.1-26.el7_0.2.x86_64.rpm jasper-debuginfo-1.900.1-26.el7_0.2.i686.rpm jasper-debuginfo-1.900.1-26.el7_0.2.x86_64.rpm jasper-devel-1.900.1-26.el7_0.2.i686.rpm jasper-devel-1.900.1-26.el7_0.2.x86_64.rpm jasper-utils-1.900.1-26.el7_0.2.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: jasper-1.900.1-26.el7_0.2.src.rpm x86_64: jasper-debuginfo-1.900.1-26.el7_0.2.i686.rpm jasper-debuginfo-1.900.1-26.el7_0.2.x86_64.rpm jasper-libs-1.900.1-26.el7_0.2.i686.rpm jasper-libs-1.900.1-26.el7_0.2.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: jasper-1.900.1-26.el7_0.2.x86_64.rpm jasper-debuginfo-1.900.1-26.el7_0.2.i686.rpm jasper-debuginfo-1.900.1-26.el7_0.2.x86_64.rpm jasper-devel-1.900.1-26.el7_0.2.i686.rpm jasper-devel-1.900.1-26.el7_0.2.x86_64.rpm jasper-utils-1.900.1-26.el7_0.2.x86_64.rpm Red Hat Enterprise Linux Server (v.7): Source: jasper-1.900.1-26.el7_0.2.src.rpm ppc64: jasper-debuginfo-1.900.1-26.el7_0.2.ppc.rpm jasper-debuginfo-1.900.1-26.el7_0.2.ppc64.rpm jasper-libs-1.900.1-26.el7_0.2.ppc.rpm jasper-libs-1.900.1-26.el7_0.2.ppc64.rpm s390x: jasper-debuginfo-1.900.1-26.el7_0.2.s390.rpm jasper-debuginfo-1.900.1-26.el7_0.2.s390x.rpm jasper-libs-1.900.1-26.el7_0.2.s390.rpm jasper-libs-1.900.1-26.el7_0.2.s390x.rpm x86_64: jasper-debuginfo-1.900.1-26.el7_0.2.i686.rpm jasper-debuginfo-1.900.1-26.el7_0.2.x86_64.rpm jasper-libs-1.900.1-26.el7_0.2.i686.rpm jasper-libs-1.900.1-26.el7_0.2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: jasper-1.900.1-26.el7_0.2.ppc64.rpm jasper-debuginfo-1.900.1-26.el7_0.2.ppc.rpm jasper-debuginfo-1.900.1-26.el7_0.2.ppc64.rpm jasper-devel-1.900.1-26.el7_0.2.ppc.rpm jasper-devel-1.900.1-26.el7_0.2.ppc64.rpm jasper-utils-1.900.1-26.el7_0.2.ppc64.rpm s390x: jasper-1.900.1-26.el7_0.2.s390x.rpm jasper-debuginfo-1.900.1-26.el7_0.2.s390.rpm jasper-debuginfo-1.900.1-26.el7_0.2.s390x.rpm jasper-devel-1.900.1-26.el7_0.2.s390.rpm jasper-devel-1.900.1-26.el7_0.2.s390x.rpm jasper-utils-1.900.1-26.el7_0.2.s390x.rpm x86_64: jasper-1.900.1-26.el7_0.2.x86_64.rpm jasper-debuginfo-1.900.1-26.el7_0.2.i686.rpm jasper-debuginfo-1.900.1-26.el7_0.2.x86_64.rpm jasper-devel-1.900.1-26.el7_0.2.i686.rpm jasper-devel-1.900.1-26.el7_0.2.x86_64.rpm jasper-utils-1.900.1-26.el7_0.2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: jasper-1.900.1-26.el7_0.2.src.rpm x86_64: jasper-debuginfo-1.900.1-26.el7_0.2.i686.rpm jasper-debuginfo-1.900.1-26.el7_0.2.x86_64.rpm jasper-libs-1.900.1-26.el7_0.2.i686.rpm jasper-libs-1.900.1-26.el7_0.2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: jasper-1.900.1-26.el7_0.2.x86_64.rpm jasper-debuginfo-1.900.1-26.el7_0.2.i686.rpm jasper-debuginfo-1.900.1-26.el7_0.2.x86_64.rpm jasper-devel-1.900.1-26.el7_0.2.i686.rpm jasper-devel-1.900.1-26.el7_0.2.x86_64.rpm jasper-utils-1.900.1-26.el7_0.2.x86_64.rpm These packages are GPG signed byRed Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2014-8137 https://access.redhat.com/security/cve/CVE-2014-8138 https://access.redhat.com/security/cve/CVE-2014-9029 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2014 Red Hat, Inc. . A recent patch addresses critical vulnerabilities in Jasper for Red Hat. Ensure your systems are updated to enhance security and reduce exposure.. Red Hat Security,Jasper Update,Code Execution Risks,Heap Overflow Issues,Security Issues. . Severity: Important. LinuxSecurity.com Team

Dec 18, 2014 •Important Red Hat

Stay Secure with the Latest Linux Advisories

Fedora 43 hplip Major Update Addressing Possible Arbitrary Code Execution

Oracle Linux 8 Important Kernel Security Advisory ELSA-2026-21706

Oracle Linux 8 httpd Important Denial of Service Vuln ELSA-2026-22140

Oracle Linux 8 ELSA-2026-22315 compat-openssl10 Moderate DoS Fix

Oracle Linux 8 gnutls Important Buffer Overflow Auth Bypass ELSA-2026-20611

Ubuntu 20.04 LTS nginx Security Advisory for Critical DoS Vulnerabilities

Ubuntu 20.04 LTS MySQL Important Security Issues USN-8363-2

Ubuntu 20.04 LTS GStreamer Base Significant DoS Attack Vulnerability Alert

Ubuntu 26.04 LTS python-pip Moderate DoS Regression Fix USN-8344-3

Refine advisories

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Ubuntu 25.10 kmod Critical Algif_aead Privilege Escalation USN-8226-1

Ubuntu 26.04 LTS nginx Critical Denial of Service 2026-42945

Ubuntu 26.04 Docker Critical Security Threats USN-8230-1 CVE-2026-33747

Debian OpenSSH Critical DSA-6204-1 CVE-2026-3497 Remote DoS Execution

Explore Latest Linux Security advisories

Fedora 23: Jasper Security Update - Critical Fixes Address Multiple Issues

Debian: DSA-3138-1 Critical: JasPer Heap Overflow and Memory Flaws

Red Hat: RHSA-2015:0074-01 Important: Jasper Buffer Overflow Update

Red Hat: RHSA-2014:2021-01 Important: Jasper Code Execution Risks

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Ubuntu 25.10 kmod Critical Algif_aead Privilege Escalation USN-8226-1

Ubuntu 26.04 LTS nginx Critical Denial of Service 2026-42945

Ubuntu 26.04 Docker Critical Security Threats USN-8230-1 CVE-2026-33747

Debian OpenSSH Critical DSA-6204-1 CVE-2026-3497 Remote DoS Execution

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Stay Secure with the Latest Linux Advisories

Fedora 43 hplip Major Update Addressing Possible Arbitrary Code Execution

Oracle Linux 8 Important Kernel Security Advisory ELSA-2026-21706

Oracle Linux 8 httpd Important Denial of Service Vuln ELSA-2026-22140

Oracle Linux 8 ELSA-2026-22315 compat-openssl10 Moderate DoS Fix

Oracle Linux 8 gnutls Important Buffer Overflow Auth Bypass ELSA-2026-20611

Ubuntu 20.04 LTS nginx Security Advisory for Critical DoS Vulnerabilities

Ubuntu 20.04 LTS MySQL Important Security Issues USN-8363-2

Ubuntu 20.04 LTS GStreamer Base Significant DoS Attack Vulnerability Alert

Ubuntu 26.04 LTS python-pip Moderate DoS Regression Fix USN-8344-3

Refine advisories

severity

Topics

Distro

Published Date

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Explore Latest Linux Security advisories

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Search Topics

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!