Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2017:0953-1

Опубликовано: 06 апр. 2017
Источник: suse-cvrf

Описание

Security update for jasper

This update for jasper fixes the following issues:

Security issues fixed:

  • CVE-2016-9600: Null Pointer Dereference due to missing check for UNKNOWN color space in JP2 encoder (bsc#1018088)
  • CVE-2016-10251: Use of uninitialized value in jpc_pi_nextcprl (jpc_t2cod.c) (bsc#1029497)
  • CVE-2017-5498: left-shift undefined behaviour (bsc#1020353)
  • CVE-2017-6850: NULL pointer dereference in jp2_cdef_destroy (jp2_cod.c) (bsc#1021868)
  • CVE-2016-9583: Out of bounds heap read in jpc_pi_nextpcrl() (bsc#1015400)

Список пакетов

SUSE Linux Enterprise Desktop 12 SP1
libjasper1-1.900.14-194.1
libjasper1-32bit-1.900.14-194.1
SUSE Linux Enterprise Desktop 12 SP2
libjasper1-1.900.14-194.1
libjasper1-32bit-1.900.14-194.1
SUSE Linux Enterprise Server 12 SP1
libjasper1-1.900.14-194.1
libjasper1-32bit-1.900.14-194.1
SUSE Linux Enterprise Server 12 SP2
libjasper1-1.900.14-194.1
libjasper1-32bit-1.900.14-194.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
libjasper1-1.900.14-194.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1
libjasper1-1.900.14-194.1
libjasper1-32bit-1.900.14-194.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
libjasper1-1.900.14-194.1
libjasper1-32bit-1.900.14-194.1
SUSE Linux Enterprise Software Development Kit 12 SP1
libjasper-devel-1.900.14-194.1
SUSE Linux Enterprise Software Development Kit 12 SP2
libjasper-devel-1.900.14-194.1

Ссылки

Описание

Integer overflow in the jpc_pi_nextcprl function in jpc_t2cod.c in JasPer before 1.900.20 allows remote attackers to have unspecified impact via a crafted file, which triggers use of an uninitialized value.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:libjasper1-1.900.14-194.1
SUSE Linux Enterprise Desktop 12 SP1:libjasper1-32bit-1.900.14-194.1
SUSE Linux Enterprise Desktop 12 SP2:libjasper1-1.900.14-194.1
SUSE Linux Enterprise Desktop 12 SP2:libjasper1-32bit-1.900.14-194.1
Ссылки

Описание

An out-of-bounds heap read vulnerability was found in the jpc_pi_nextpcrl() function of jasper before 2.0.6 when processing crafted input.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:libjasper1-1.900.14-194.1
SUSE Linux Enterprise Desktop 12 SP1:libjasper1-32bit-1.900.14-194.1
SUSE Linux Enterprise Desktop 12 SP2:libjasper1-1.900.14-194.1
SUSE Linux Enterprise Desktop 12 SP2:libjasper1-32bit-1.900.14-194.1
Ссылки

Описание

JasPer before version 2.0.10 is vulnerable to a null pointer dereference was found in the decoded creation of JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:libjasper1-1.900.14-194.1
SUSE Linux Enterprise Desktop 12 SP1:libjasper1-32bit-1.900.14-194.1
SUSE Linux Enterprise Desktop 12 SP2:libjasper1-1.900.14-194.1
SUSE Linux Enterprise Desktop 12 SP2:libjasper1-32bit-1.900.14-194.1
Ссылки

Описание

libjasper/include/jasper/jas_math.h in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:libjasper1-1.900.14-194.1
SUSE Linux Enterprise Desktop 12 SP1:libjasper1-32bit-1.900.14-194.1
SUSE Linux Enterprise Desktop 12 SP2:libjasper1-1.900.14-194.1
SUSE Linux Enterprise Desktop 12 SP2:libjasper1-32bit-1.900.14-194.1
Ссылки

Описание

The jp2_cdef_destroy function in jp2_cod.c in JasPer before 2.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted image.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:libjasper1-1.900.14-194.1
SUSE Linux Enterprise Desktop 12 SP1:libjasper1-32bit-1.900.14-194.1
SUSE Linux Enterprise Desktop 12 SP2:libjasper1-1.900.14-194.1
SUSE Linux Enterprise Desktop 12 SP2:libjasper1-32bit-1.900.14-194.1
Ссылки
Уязвимость SUSE-SU-2017:0953-1