Описание
Security update for jasper
This update for jasper fixes the following issues:
- CVE-2018-9154: Fixed a potential denial of service in jpc_dec_process_sot() (bsc#1092115).
Список пакетов
SUSE Linux Enterprise Module for Basesystem 15 SP2
libjasper4-2.0.14-3.11.8
SUSE Linux Enterprise Module for Desktop Applications 15 SP2
libjasper-devel-2.0.14-3.11.8
SUSE Linux Enterprise Module for Package Hub 15 SP1
jasper-2.0.14-3.11.8
Ссылки
- Link for SUSE-SU-2020:1420-2
- E-Mail link for SUSE-SU-2020:1420-2
- SUSE Security Ratings
- SUSE Bug 1092115
- SUSE CVE CVE-2018-9154 page
Описание
There is a reachable abort in the function jpc_dec_process_sot in libjasper/jpc/jpc_dec.c of JasPer 2.0.14 that will lead to a remote denial of service attack by triggering an unexpected jas_alloc2 return value, a different vulnerability than CVE-2017-13745.
Затронутые продукты
SUSE Linux Enterprise Module for Basesystem 15 SP2:libjasper4-2.0.14-3.11.8
SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libjasper-devel-2.0.14-3.11.8
SUSE Linux Enterprise Module for Package Hub 15 SP1:jasper-2.0.14-3.11.8
Ссылки
- CVE-2018-9154
- SUSE Bug 1092115
- SUSE Bug 1178702