|
|
Subscribe / Log in / New account

Mageia alert MGASA-2014-0539 (jasper)



From:
    	      Mageia Updates <buildsystem-daemon@mageia.org> 


To:
    	      updates-announce@ml.mageia.org 


Subject:
    	      [updates-announce] MGASA-2014-0539: Updated jasper packages fix security vulnerabilities 


Date:
    	      Fri, 19 Dec 2014 16:07:04 +0100


Message-ID:
    	      <20141219150704.676C141B18@valstar.mageia.org>


MGASA-2014-0539 - Updated jasper packages fix security vulnerabilities

Publication date: 19 Dec 2014
URL: http://advisories.mageia.org/MGASA-2014-0539.html
Type: security
Affected Mageia releases: 4
CVE: CVE-2014-8137,
     CVE-2014-8138

Description:
Updated jasper packages fix security vulnerabilities:

A double free flaw was found in the way JasPer parsed ICC color profiles in
JPEG 2000 image files. A specially crafted file could cause an application
using JasPer to crash or, possibly, execute arbitrary code (CVE-2014-8137).

A heap-based buffer overflow flaw was found in the way JasPer decoded JPEG
2000 image files. A specially crafted file could cause an application using
JasPer to crash or, possibly, execute arbitrary code (CVE-2014-8138).

References:
- https://bugs.mageia.org/show_bug.cgi?id=14845
- http://www.ocert.org/advisories/ocert-2014-012.html
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8137
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8138

SRPMS:
- 4/core/jasper-1.900.1-15.2.mga4
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds