SUSE-SU-2015:0288-1

Опубликовано: 02 фев. 2015

Источник: suse-cvrf

Описание

Security update for jasper

jasper was updated to fix two security issues.

These security issues were fixed:

CVE-2014-8157: Off-by-one error in the jpc_dec_process_sot function in JasPer 1.900.1 and earlier allowed remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image, which triggers a heap-based buffer overflow (bnc#911837). CVE-2014-8158: Multiple stack-based buffer overflows in jpc_qmfb.c in JasPer 1.900.1 and earlier allowed remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image (bnc#911837).

Список пакетов

SUSE Linux Enterprise Desktop 12

libjasper1-1.900.1-170.1

libjasper1-32bit-1.900.1-170.1

SUSE Linux Enterprise Server 12

libjasper1-1.900.1-170.1

libjasper1-32bit-1.900.1-170.1

SUSE Linux Enterprise Server for SAP Applications 12

libjasper1-1.900.1-170.1

libjasper1-32bit-1.900.1-170.1

SUSE Linux Enterprise Software Development Kit 12

libjasper-devel-1.900.1-170.1

Ссылки

https://www.suse.com/support/update/announcement/2015/suse-su-20150288-1/
Link for SUSE-SU-2015:0288-1
https://lists.suse.com/pipermail/sle-security-updates/2015-February/001223.html
E-Mail link for SUSE-SU-2015:0288-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/911837
SUSE Bug 911837
https://www.suse.com/security/cve/CVE-2014-8157/
SUSE CVE CVE-2014-8157 page
https://www.suse.com/security/cve/CVE-2014-8158/
SUSE CVE CVE-2014-8158 page

Описание

Off-by-one error in the jpc_dec_process_sot function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image, which triggers a heap-based buffer overflow.

Затронутые продукты

SUSE Linux Enterprise Desktop 12:libjasper1-1.900.1-170.1

SUSE Linux Enterprise Desktop 12:libjasper1-32bit-1.900.1-170.1

SUSE Linux Enterprise Server 12:libjasper1-1.900.1-170.1

SUSE Linux Enterprise Server 12:libjasper1-32bit-1.900.1-170.1

Ссылки

https://www.suse.com/security/cve/CVE-2014-8157.html
CVE-2014-8157
https://bugzilla.suse.com/1178702
SUSE Bug 1178702
https://bugzilla.suse.com/911837
SUSE Bug 911837
https://bugzilla.suse.com/969776
SUSE Bug 969776

Описание

Multiple stack-based buffer overflows in jpc_qmfb.c in JasPer 1.900.1 and earlier allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image.

Затронутые продукты

SUSE Linux Enterprise Desktop 12:libjasper1-1.900.1-170.1

SUSE Linux Enterprise Desktop 12:libjasper1-32bit-1.900.1-170.1

SUSE Linux Enterprise Server 12:libjasper1-1.900.1-170.1

SUSE Linux Enterprise Server 12:libjasper1-32bit-1.900.1-170.1

Ссылки

https://www.suse.com/security/cve/CVE-2014-8158.html
CVE-2014-8158
https://bugzilla.suse.com/1178702
SUSE Bug 1178702
https://bugzilla.suse.com/911837
SUSE Bug 911837
https://bugzilla.suse.com/969776
SUSE Bug 969776

SUSE-SU-2015:0288-1

Описание

Список пакетов

SUSE Linux Enterprise Desktop 12

SUSE Linux Enterprise Server 12

SUSE Linux Enterprise Server for SAP Applications 12

SUSE Linux Enterprise Software Development Kit 12

Ссылки

Уязвимость: CVE-2014-8157

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2014-8158

Описание

Затронутые продукты

Ссылки