Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2017:0084-1

Опубликовано: 08 янв. 2017
Источник: suse-cvrf

Описание

Security update for jasper

This update for jasper fixes the following issues:

  • CVE-2016-8654: Heap-based buffer overflow in QMFB code in JPC codec. (bsc#1012530)
  • CVE-2016-9395: Invalid jasper files could lead to abort of the library caused by attacker provided image. (bsc#1010977)
  • CVE-2016-9398: Invalid jasper files could lead to abort of the library caused by attacker provided image. (bsc#1010979)
  • CVE-2016-9560: Stack-based buffer overflow in jpc_tsfb_getbands2. (bsc#1011830)
  • CVE-2016-9591: Use-after-free on heap in jas_matrix_destroy. (bsc#1015993)

Список пакетов

SUSE Linux Enterprise Desktop 12 SP1
libjasper1-1.900.14-184.1
libjasper1-32bit-1.900.14-184.1
SUSE Linux Enterprise Desktop 12 SP2
libjasper1-1.900.14-184.1
libjasper1-32bit-1.900.14-184.1
SUSE Linux Enterprise Server 12 SP1
libjasper1-1.900.14-184.1
libjasper1-32bit-1.900.14-184.1
SUSE Linux Enterprise Server 12 SP2
libjasper1-1.900.14-184.1
libjasper1-32bit-1.900.14-184.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
libjasper1-1.900.14-184.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1
libjasper1-1.900.14-184.1
libjasper1-32bit-1.900.14-184.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
libjasper1-1.900.14-184.1
libjasper1-32bit-1.900.14-184.1
SUSE Linux Enterprise Software Development Kit 12 SP1
libjasper-devel-1.900.14-184.1
SUSE Linux Enterprise Software Development Kit 12 SP2
libjasper-devel-1.900.14-184.1

Ссылки

Описание

A heap-buffer overflow vulnerability was found in QMFB code in JPC codec caused by buffer being allocated with too small size. jasper versions before 2.0.0 are affected.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:libjasper1-1.900.14-184.1
SUSE Linux Enterprise Desktop 12 SP1:libjasper1-32bit-1.900.14-184.1
SUSE Linux Enterprise Desktop 12 SP2:libjasper1-1.900.14-184.1
SUSE Linux Enterprise Desktop 12 SP2:libjasper1-32bit-1.900.14-184.1
Ссылки

Описание

The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.25 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:libjasper1-1.900.14-184.1
SUSE Linux Enterprise Desktop 12 SP1:libjasper1-32bit-1.900.14-184.1
SUSE Linux Enterprise Desktop 12 SP2:libjasper1-1.900.14-184.1
SUSE Linux Enterprise Desktop 12 SP2:libjasper1-32bit-1.900.14-184.1
Ссылки

Описание

The jpc_floorlog2 function in jpc_math.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:libjasper1-1.900.14-184.1
SUSE Linux Enterprise Desktop 12 SP1:libjasper1-32bit-1.900.14-184.1
SUSE Linux Enterprise Desktop 12 SP2:libjasper1-1.900.14-184.1
SUSE Linux Enterprise Desktop 12 SP2:libjasper1-32bit-1.900.14-184.1
Ссылки

Описание

Stack-based buffer overflow in the jpc_tsfb_getbands2 function in jpc_tsfb.c in JasPer before 1.900.30 allows remote attackers to have unspecified impact via a crafted image.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:libjasper1-1.900.14-184.1
SUSE Linux Enterprise Desktop 12 SP1:libjasper1-32bit-1.900.14-184.1
SUSE Linux Enterprise Desktop 12 SP2:libjasper1-1.900.14-184.1
SUSE Linux Enterprise Desktop 12 SP2:libjasper1-32bit-1.900.14-184.1
Ссылки

Описание

JasPer before version 2.0.12 is vulnerable to a use-after-free in the way it decodes certain JPEG 2000 image files resulting in a crash on the application using JasPer.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:libjasper1-1.900.14-184.1
SUSE Linux Enterprise Desktop 12 SP1:libjasper1-32bit-1.900.14-184.1
SUSE Linux Enterprise Desktop 12 SP2:libjasper1-1.900.14-184.1
SUSE Linux Enterprise Desktop 12 SP2:libjasper1-32bit-1.900.14-184.1
Ссылки
Уязвимость SUSE-SU-2017:0084-1