Synopsis: Important: jasper security update Advisory ID: SLSA-2015:0074-1 Issue Date: 2015-01-22 CVE Numbers: CVE-2014-8157 CVE-2014-8158 -- An off-by-one flaw, leading to a heap-based buffer overflow, was found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. (CVE-2014-8157) An unrestricted stack memory use flaw was found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. (CVE-2014-8158) All applications using the JasPer libraries must be restarted for the update to take effect. -- SL6 x86_64 jasper-1.900.1-16.el6_6.3.x86_64.rpm jasper-debuginfo-1.900.1-16.el6_6.3.i686.rpm jasper-debuginfo-1.900.1-16.el6_6.3.x86_64.rpm jasper-libs-1.900.1-16.el6_6.3.i686.rpm jasper-libs-1.900.1-16.el6_6.3.x86_64.rpm jasper-devel-1.900.1-16.el6_6.3.i686.rpm jasper-devel-1.900.1-16.el6_6.3.x86_64.rpm jasper-utils-1.900.1-16.el6_6.3.x86_64.rpm i386 jasper-1.900.1-16.el6_6.3.i686.rpm jasper-debuginfo-1.900.1-16.el6_6.3.i686.rpm jasper-libs-1.900.1-16.el6_6.3.i686.rpm jasper-devel-1.900.1-16.el6_6.3.i686.rpm jasper-utils-1.900.1-16.el6_6.3.i686.rpm SL7 x86_64 jasper-debuginfo-1.900.1-26.el7_0.3.i686.rpm jasper-debuginfo-1.900.1-26.el7_0.3.x86_64.rpm jasper-libs-1.900.1-26.el7_0.3.i686.rpm jasper-libs-1.900.1-26.el7_0.3.x86_64.rpm jasper-1.900.1-26.el7_0.3.x86_64.rpm jasper-devel-1.900.1-26.el7_0.3.i686.rpm jasper-devel-1.900.1-26.el7_0.3.x86_64.rpm jasper-utils-1.900.1-26.el7_0.3.x86_64.rpm - Scientific Linux Development Team