Synopsis:          Important: jasper security update
Advisory ID:       SLSA-2015:0074-1
Issue Date:        2015-01-22
CVE Numbers:       CVE-2014-8157
                   CVE-2014-8158
--

An off-by-one flaw, leading to a heap-based buffer overflow, was found in
the way JasPer decoded JPEG 2000 image files. A specially crafted file
could cause an application using JasPer to crash or, possibly, execute
arbitrary code. (CVE-2014-8157)

An unrestricted stack memory use flaw was found in the way JasPer decoded
JPEG 2000 image files. A specially crafted file could cause an application
using JasPer to crash or, possibly, execute arbitrary code.
(CVE-2014-8158)

All applications using the JasPer libraries must be restarted for the
update to take effect.
--

SL6
  x86_64
    jasper-1.900.1-16.el6_6.3.x86_64.rpm
    jasper-debuginfo-1.900.1-16.el6_6.3.i686.rpm
    jasper-debuginfo-1.900.1-16.el6_6.3.x86_64.rpm
    jasper-libs-1.900.1-16.el6_6.3.i686.rpm
    jasper-libs-1.900.1-16.el6_6.3.x86_64.rpm
    jasper-devel-1.900.1-16.el6_6.3.i686.rpm
    jasper-devel-1.900.1-16.el6_6.3.x86_64.rpm
    jasper-utils-1.900.1-16.el6_6.3.x86_64.rpm
  i386
    jasper-1.900.1-16.el6_6.3.i686.rpm
    jasper-debuginfo-1.900.1-16.el6_6.3.i686.rpm
    jasper-libs-1.900.1-16.el6_6.3.i686.rpm
    jasper-devel-1.900.1-16.el6_6.3.i686.rpm
    jasper-utils-1.900.1-16.el6_6.3.i686.rpm
SL7
  x86_64
    jasper-debuginfo-1.900.1-26.el7_0.3.i686.rpm
    jasper-debuginfo-1.900.1-26.el7_0.3.x86_64.rpm
    jasper-libs-1.900.1-26.el7_0.3.i686.rpm
    jasper-libs-1.900.1-26.el7_0.3.x86_64.rpm
    jasper-1.900.1-26.el7_0.3.x86_64.rpm
    jasper-devel-1.900.1-26.el7_0.3.i686.rpm
    jasper-devel-1.900.1-26.el7_0.3.x86_64.rpm
    jasper-utils-1.900.1-26.el7_0.3.x86_64.rpm

- Scientific Linux Development Team