SCIENTIFIC-LINUX-ERRATA Archives

May 2017

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Security ERRATA Important: jasper on SL6.x, SL7.x i386/x86_64
From:
Pat Riehecky <[log in to unmask]>
Reply To:
[log in to unmask]
Date:
Wed, 10 May 2017 13:53:42 -0000
Content-Type:
text/plain
Parts/Attachments:
text/plain (81 lines) 
Synopsis:          Important: jasper security update
Advisory ID:       SLSA-2017:1208-1
Issue Date:        2017-05-09
CVE Numbers:       CVE-2015-5203
                   CVE-2015-5221
                   CVE-2016-1867
                   CVE-2016-2089
                   CVE-2016-1577
                   CVE-2016-2116
                   CVE-2016-8690
                   CVE-2016-8884
                   CVE-2016-8885
                   CVE-2016-8691
                   CVE-2016-8692
                   CVE-2016-8693
                   CVE-2016-10249
                   CVE-2016-8883
                   CVE-2016-9262
                   CVE-2016-9387
                   CVE-2016-9388
                   CVE-2016-9389
                   CVE-2016-9390
                   CVE-2016-9391
                   CVE-2016-9392
                   CVE-2016-9393
                   CVE-2016-9394
                   CVE-2016-9560
                   CVE-2016-8654
                   CVE-2016-9583
                   CVE-2016-9591
                   CVE-2016-9600
                   CVE-2016-10248
                   CVE-2016-10251
--

Security Fix(es):

Multiple flaws were found in the way JasPer decoded JPEG 2000 image files.
A specially crafted file could cause an application using JasPer to crash
or, possibly, execute arbitrary code. (CVE-2016-8654, CVE-2016-9560,
CVE-2016-10249, CVE-2015-5203, CVE-2015-5221, CVE-2016-1577,
CVE-2016-8690, CVE-2016-8693, CVE-2016-8884, CVE-2016-8885, CVE-2016-9262,
CVE-2016-9591)

Multiple flaws were found in the way JasPer decoded JPEG 2000 image files.
A specially crafted file could cause an application using JasPer to crash.
(CVE-2016-1867, CVE-2016-2089, CVE-2016-2116, CVE-2016-8691,
CVE-2016-8692, CVE-2016-8883, CVE-2016-9387, CVE-2016-9388, CVE-2016-9389,
CVE-2016-9390, CVE-2016-9391, CVE-2016-9392, CVE-2016-9393, CVE-2016-9394,
CVE-2016-9583, CVE-2016-9600, CVE-2016-10248, CVE-2016-10251)
--

SL6
  x86_64
    jasper-1.900.1-21.el6_9.x86_64.rpm
    jasper-debuginfo-1.900.1-21.el6_9.i686.rpm
    jasper-debuginfo-1.900.1-21.el6_9.x86_64.rpm
    jasper-libs-1.900.1-21.el6_9.i686.rpm
    jasper-libs-1.900.1-21.el6_9.x86_64.rpm
    jasper-devel-1.900.1-21.el6_9.i686.rpm
    jasper-devel-1.900.1-21.el6_9.x86_64.rpm
    jasper-utils-1.900.1-21.el6_9.x86_64.rpm
  i386
    jasper-1.900.1-21.el6_9.i686.rpm
    jasper-debuginfo-1.900.1-21.el6_9.i686.rpm
    jasper-libs-1.900.1-21.el6_9.i686.rpm
    jasper-devel-1.900.1-21.el6_9.i686.rpm
    jasper-utils-1.900.1-21.el6_9.i686.rpm
SL7
  x86_64
    jasper-debuginfo-1.900.1-30.el7_3.i686.rpm
    jasper-debuginfo-1.900.1-30.el7_3.x86_64.rpm
    jasper-libs-1.900.1-30.el7_3.i686.rpm
    jasper-libs-1.900.1-30.el7_3.x86_64.rpm
    jasper-1.900.1-30.el7_3.x86_64.rpm
    jasper-devel-1.900.1-30.el7_3.i686.rpm
    jasper-devel-1.900.1-30.el7_3.x86_64.rpm
    jasper-utils-1.900.1-30.el7_3.x86_64.rpm

- Scientific Linux Development Team

ATOM RSS1 RSS2