|
|
Subscribe / Log in / New account

Mageia alert MGASA-2015-0038 (jasper)



From:
    	      Mageia Updates <buildsystem-daemon@mageia.org> 


To:
    	      updates-announce@ml.mageia.org 


Subject:
    	      [updates-announce] MGASA-2015-0038: Updated jasper packages fix security vulnerabilities 


Date:
    	      Sat, 24 Jan 2015 15:32:30 +0100


Message-ID:
    	      <20150124143230.C033842A96@valstar.mageia.org>


MGASA-2015-0038 - Updated jasper packages fix security vulnerabilities

Publication date: 24 Jan 2015
URL: http://advisories.mageia.org/MGASA-2015-0038.html
Type: security
Affected Mageia releases: 4
CVE: CVE-2014-8157,
     CVE-2014-8158

Description:
Updated jasper packages fix security vulnerabilities:

An off-by-one flaw, leading to a heap-based buffer overflow, was found in
the way JasPer decoded JPEG 2000 image files. A specially crafted file
could cause an application using JasPer to crash or, possibly, execute
arbitrary code (CVE-2014-8157).

An unrestricted stack memory use flaw was found in the way JasPer decoded
JPEG 2000 image files. A specially crafted file could cause an application
using JasPer to crash or, possibly, execute arbitrary code (CVE-2014-8158).

References:
- https://bugs.mageia.org/show_bug.cgi?id=15122
- http://www.ocert.org/advisories/ocert-2015-001.html
- https://rhn.redhat.com/errata/RHSA-2015-0074.html
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8157
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8158

SRPMS:
- 4/core/jasper-1.900.1-15.3.mga4
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds