Synopsis: Important: jasper security update
Advisory ID: SLSA-2014:2021-1
Issue Date: 2014-12-18
CVE Numbers: CVE-2014-9029
CVE-2014-8137
CVE-2014-8138
--
Multiple off-by-one flaws, leading to heap-based buffer overflows, were
found in the way JasPer decoded JPEG 2000 image files. A specially crafted
file could cause an application using JasPer to crash or, possibly,
execute arbitrary code. (CVE-2014-9029)
A heap-based buffer overflow flaw was found in the way JasPer decoded JPEG
2000 image files. A specially crafted file could cause an application
using JasPer to crash or, possibly, execute arbitrary code.
(CVE-2014-8138)
A double free flaw was found in the way JasPer parsed ICC color profiles
in JPEG 2000 image files. A specially crafted file could cause an
application using JasPer to crash or, possibly, execute arbitrary code.
(CVE-2014-8137)
All applications using the JasPer libraries must be restarted for the
update to take effect.
--
SL6
x86_64
jasper-1.900.1-16.el6_6.2.x86_64.rpm
jasper-debuginfo-1.900.1-16.el6_6.2.i686.rpm
jasper-debuginfo-1.900.1-16.el6_6.2.x86_64.rpm
jasper-libs-1.900.1-16.el6_6.2.i686.rpm
jasper-libs-1.900.1-16.el6_6.2.x86_64.rpm
jasper-devel-1.900.1-16.el6_6.2.i686.rpm
jasper-devel-1.900.1-16.el6_6.2.x86_64.rpm
jasper-utils-1.900.1-16.el6_6.2.x86_64.rpm
i386
jasper-1.900.1-16.el6_6.2.i686.rpm
jasper-debuginfo-1.900.1-16.el6_6.2.i686.rpm
jasper-libs-1.900.1-16.el6_6.2.i686.rpm
jasper-devel-1.900.1-16.el6_6.2.i686.rpm
jasper-utils-1.900.1-16.el6_6.2.i686.rpm
SL7
x86_64
jasper-debuginfo-1.900.1-26.el7_0.2.i686.rpm
jasper-debuginfo-1.900.1-26.el7_0.2.x86_64.rpm
jasper-libs-1.900.1-26.el7_0.2.i686.rpm
jasper-libs-1.900.1-26.el7_0.2.x86_64.rpm
jasper-1.900.1-26.el7_0.2.x86_64.rpm
jasper-devel-1.900.1-26.el7_0.2.i686.rpm
jasper-devel-1.900.1-26.el7_0.2.x86_64.rpm
jasper-utils-1.900.1-26.el7_0.2.x86_64.rpm
- Scientific Linux Development Team