Subject: | |
From: | |
Reply To: | |
Date: | Thu, 22 Jan 2015 22:21:47 +0000 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Synopsis: Important: jasper security update
Advisory ID: SLSA-2015:0074-1
Issue Date: 2015-01-22
CVE Numbers: CVE-2014-8157
CVE-2014-8158
--
An off-by-one flaw, leading to a heap-based buffer overflow, was found in
the way JasPer decoded JPEG 2000 image files. A specially crafted file
could cause an application using JasPer to crash or, possibly, execute
arbitrary code. (CVE-2014-8157)
An unrestricted stack memory use flaw was found in the way JasPer decoded
JPEG 2000 image files. A specially crafted file could cause an application
using JasPer to crash or, possibly, execute arbitrary code.
(CVE-2014-8158)
All applications using the JasPer libraries must be restarted for the
update to take effect.
--
SL6
x86_64
jasper-1.900.1-16.el6_6.3.x86_64.rpm
jasper-debuginfo-1.900.1-16.el6_6.3.i686.rpm
jasper-debuginfo-1.900.1-16.el6_6.3.x86_64.rpm
jasper-libs-1.900.1-16.el6_6.3.i686.rpm
jasper-libs-1.900.1-16.el6_6.3.x86_64.rpm
jasper-devel-1.900.1-16.el6_6.3.i686.rpm
jasper-devel-1.900.1-16.el6_6.3.x86_64.rpm
jasper-utils-1.900.1-16.el6_6.3.x86_64.rpm
i386
jasper-1.900.1-16.el6_6.3.i686.rpm
jasper-debuginfo-1.900.1-16.el6_6.3.i686.rpm
jasper-libs-1.900.1-16.el6_6.3.i686.rpm
jasper-devel-1.900.1-16.el6_6.3.i686.rpm
jasper-utils-1.900.1-16.el6_6.3.i686.rpm
SL7
x86_64
jasper-debuginfo-1.900.1-26.el7_0.3.i686.rpm
jasper-debuginfo-1.900.1-26.el7_0.3.x86_64.rpm
jasper-libs-1.900.1-26.el7_0.3.i686.rpm
jasper-libs-1.900.1-26.el7_0.3.x86_64.rpm
jasper-1.900.1-26.el7_0.3.x86_64.rpm
jasper-devel-1.900.1-26.el7_0.3.i686.rpm
jasper-devel-1.900.1-26.el7_0.3.x86_64.rpm
jasper-utils-1.900.1-26.el7_0.3.x86_64.rpm
- Scientific Linux Development Team
|
|
|