Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2020:2690-1

Опубликовано: 21 сент. 2020
Источник: suse-cvrf

Описание

Security update for jasper

This update for jasper fixes the following issues:

  • CVE-2016-9398: Improved patch for already fixed issue (bsc#1010979).
  • CVE-2016-9399: Fix assert in calcstepsizes (bsc#1010980).
  • CVE-2016-9397: Fix assert in jpc_dequantize (bsc#1010786).
  • CVE-2016-9557: Fix signed integer overflow (bsc#1011829).
  • CVE-2017-5499: Validate component depth bit (bsc#1020451).
  • CVE-2017-5503: Check bounds in jas_seq2d_bindsub() (bsc#1020456).
  • CVE-2017-5504: Check bounds in jas_seq2d_bindsub() (bsc#1020458).
  • CVE-2017-5505: Check bounds in jas_seq2d_bindsub() (bsc#1020460).
  • CVE-2017-14132: Fix heap base overflow in by checking components (bsc#1057152).
  • CVE-2018-9154: Fixed a potential denial of service in jpc_dec_process_sot() (bsc#1092115).
  • CVE-2018-9252: Fix reachable assertion in jpc_abstorelstepsize (bsc#1088278).
  • CVE-2018-18873: Fix null pointer deref in ras_putdatastd (bsc#1114498).
  • CVE-2018-19139: Fix mem leaks by registering jpc_unk_destroyparms (bsc#1115637).
  • CVE-2018-19543, bsc#1045450 CVE-2017-9782: Fix numchans mixup (bsc#1117328).
  • CVE-2018-20570: Fix heap based buffer over-read in jp2_encode (bsc#1120807).
  • CVE-2018-20622: Fix memory leak in jas_malloc.c (bsc#1120805).

Список пакетов

Image SLES12-SP4-SAP-Azure
libjasper1-1.900.14-195.22.1
Image SLES12-SP4-SAP-Azure-BYOS
libjasper1-1.900.14-195.22.1
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production
libjasper1-1.900.14-195.22.1
Image SLES12-SP4-SAP-Azure-VLI-BYOS-Production
libjasper1-1.900.14-195.22.1
Image SLES12-SP4-SAP-EC2-HVM
libjasper1-1.900.14-195.22.1
Image SLES12-SP4-SAP-EC2-HVM-BYOS
libjasper1-1.900.14-195.22.1
Image SLES12-SP4-SAP-GCE
libjasper1-1.900.14-195.22.1
Image SLES12-SP4-SAP-GCE-BYOS
libjasper1-1.900.14-195.22.1
Image SLES12-SP4-SAP-OCI-BYOS
libjasper1-1.900.14-195.22.1
Image SLES12-SP5-Azure-SAP-BYOS
libjasper1-1.900.14-195.22.1
Image SLES12-SP5-Azure-SAP-On-Demand
libjasper1-1.900.14-195.22.1
Image SLES12-SP5-EC2-SAP-BYOS
libjasper1-1.900.14-195.22.1
Image SLES12-SP5-EC2-SAP-On-Demand
libjasper1-1.900.14-195.22.1
Image SLES12-SP5-GCE-SAP-BYOS
libjasper1-1.900.14-195.22.1
Image SLES12-SP5-GCE-SAP-On-Demand
libjasper1-1.900.14-195.22.1
Image SLES12-SP5-OCI-BYOS-SAP-BYOS
libjasper1-1.900.14-195.22.1
Image SLES12-SP5-SAP-Azure-LI-BYOS-Production
libjasper1-1.900.14-195.22.1
Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production
libjasper1-1.900.14-195.22.1
SUSE Linux Enterprise Server 12 SP5
libjasper1-1.900.14-195.22.1
libjasper1-32bit-1.900.14-195.22.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
libjasper1-1.900.14-195.22.1
libjasper1-32bit-1.900.14-195.22.1
SUSE Linux Enterprise Software Development Kit 12 SP5
libjasper-devel-1.900.14-195.22.1

Ссылки

Описание

The jpc_dequantize function in jpc_dec.c in JasPer 1.900.13 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.

Затронутые продукты
Image SLES12-SP4-SAP-Azure-BYOS:libjasper1-1.900.14-195.22.1
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:libjasper1-1.900.14-195.22.1
Image SLES12-SP4-SAP-Azure-VLI-BYOS-Production:libjasper1-1.900.14-195.22.1
Image SLES12-SP4-SAP-Azure:libjasper1-1.900.14-195.22.1
Ссылки

Описание

The jpc_floorlog2 function in jpc_math.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.

Затронутые продукты
Image SLES12-SP4-SAP-Azure-BYOS:libjasper1-1.900.14-195.22.1
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:libjasper1-1.900.14-195.22.1
Image SLES12-SP4-SAP-Azure-VLI-BYOS-Production:libjasper1-1.900.14-195.22.1
Image SLES12-SP4-SAP-Azure:libjasper1-1.900.14-195.22.1
Ссылки

Описание

The calcstepsizes function in jpc_dec.c in JasPer 1.900.22 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.

Затронутые продукты
Image SLES12-SP4-SAP-Azure-BYOS:libjasper1-1.900.14-195.22.1
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:libjasper1-1.900.14-195.22.1
Image SLES12-SP4-SAP-Azure-VLI-BYOS-Production:libjasper1-1.900.14-195.22.1
Image SLES12-SP4-SAP-Azure:libjasper1-1.900.14-195.22.1
Ссылки

Описание

Integer overflow in jas_image.c in JasPer before 1.900.25 allows remote attackers to cause a denial of service (application crash) via a crafted file.

Затронутые продукты
Image SLES12-SP4-SAP-Azure-BYOS:libjasper1-1.900.14-195.22.1
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:libjasper1-1.900.14-195.22.1
Image SLES12-SP4-SAP-Azure-VLI-BYOS-Production:libjasper1-1.900.14-195.22.1
Image SLES12-SP4-SAP-Azure:libjasper1-1.900.14-195.22.1
Ссылки

Описание

JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900.20, 1.900.21, 1.900.22, 1.900.23, 1.900.24, 1.900.25, 1.900.26, 1.900.27, 1.900.28, 1.900.29, 1.900.30, 1.900.31, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.0.11, 2.0.12, 2.0.13, 2.0.14, 2.0.15, 2.0.16 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted image, related to the jas_image_ishomosamp function in libjasper/base/jas_image.c.

Затронутые продукты
Image SLES12-SP4-SAP-Azure-BYOS:libjasper1-1.900.14-195.22.1
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:libjasper1-1.900.14-195.22.1
Image SLES12-SP4-SAP-Azure-VLI-BYOS-Production:libjasper1-1.900.14-195.22.1
Image SLES12-SP4-SAP-Azure:libjasper1-1.900.14-195.22.1
Ссылки

Описание

Integer overflow in libjasper/jpc/jpc_dec.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted file.

Затронутые продукты
Image SLES12-SP4-SAP-Azure-BYOS:libjasper1-1.900.14-195.22.1
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:libjasper1-1.900.14-195.22.1
Image SLES12-SP4-SAP-Azure-VLI-BYOS-Production:libjasper1-1.900.14-195.22.1
Image SLES12-SP4-SAP-Azure:libjasper1-1.900.14-195.22.1
Ссылки

Описание

The dec_clnpass function in libjasper/jpc/jpc_t1dec.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (invalid memory write and crash) or possibly have unspecified other impact via a crafted image.

Затронутые продукты
Image SLES12-SP4-SAP-Azure-BYOS:libjasper1-1.900.14-195.22.1
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:libjasper1-1.900.14-195.22.1
Image SLES12-SP4-SAP-Azure-VLI-BYOS-Production:libjasper1-1.900.14-195.22.1
Image SLES12-SP4-SAP-Azure:libjasper1-1.900.14-195.22.1
Ссылки

Описание

The jpc_undo_roi function in libjasper/jpc/jpc_dec.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted image.

Затронутые продукты
Image SLES12-SP4-SAP-Azure-BYOS:libjasper1-1.900.14-195.22.1
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:libjasper1-1.900.14-195.22.1
Image SLES12-SP4-SAP-Azure-VLI-BYOS-Production:libjasper1-1.900.14-195.22.1
Image SLES12-SP4-SAP-Azure:libjasper1-1.900.14-195.22.1
Ссылки

Описание

The jas_matrix_asl function in jas_seq.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted image.

Затронутые продукты
Image SLES12-SP4-SAP-Azure-BYOS:libjasper1-1.900.14-195.22.1
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:libjasper1-1.900.14-195.22.1
Image SLES12-SP4-SAP-Azure-VLI-BYOS-Production:libjasper1-1.900.14-195.22.1
Image SLES12-SP4-SAP-Azure:libjasper1-1.900.14-195.22.1
Ссылки

Описание

JasPer 2.0.12 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted image, related to the jp2_decode function in libjasper/jp2/jp2_dec.c.

Затронутые продукты
Image SLES12-SP4-SAP-Azure-BYOS:libjasper1-1.900.14-195.22.1
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:libjasper1-1.900.14-195.22.1
Image SLES12-SP4-SAP-Azure-VLI-BYOS-Production:libjasper1-1.900.14-195.22.1
Image SLES12-SP4-SAP-Azure:libjasper1-1.900.14-195.22.1
Ссылки

Описание

An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function ras_putdatastd in ras/ras_enc.c.

Затронутые продукты
Image SLES12-SP4-SAP-Azure-BYOS:libjasper1-1.900.14-195.22.1
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:libjasper1-1.900.14-195.22.1
Image SLES12-SP4-SAP-Azure-VLI-BYOS-Production:libjasper1-1.900.14-195.22.1
Image SLES12-SP4-SAP-Azure:libjasper1-1.900.14-195.22.1
Ссылки

Описание

An issue has been found in JasPer 2.0.14. There is a memory leak in jas_malloc.c when called from jpc_unk_getparms in jpc_cs.c.

Затронутые продукты
Image SLES12-SP4-SAP-Azure-BYOS:libjasper1-1.900.14-195.22.1
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:libjasper1-1.900.14-195.22.1
Image SLES12-SP4-SAP-Azure-VLI-BYOS-Production:libjasper1-1.900.14-195.22.1
Image SLES12-SP4-SAP-Azure:libjasper1-1.900.14-195.22.1
Ссылки

Описание

An issue was discovered in JasPer 2.0.14. There is a heap-based buffer over-read of size 8 in the function jp2_decode in libjasper/jp2/jp2_dec.c.

Затронутые продукты
Image SLES12-SP4-SAP-Azure-BYOS:libjasper1-1.900.14-195.22.1
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:libjasper1-1.900.14-195.22.1
Image SLES12-SP4-SAP-Azure-VLI-BYOS-Production:libjasper1-1.900.14-195.22.1
Image SLES12-SP4-SAP-Azure:libjasper1-1.900.14-195.22.1
Ссылки

Описание

jp2_encode in jp2/jp2_enc.c in JasPer 2.0.14 has a heap-based buffer over-read.

Затронутые продукты
Image SLES12-SP4-SAP-Azure-BYOS:libjasper1-1.900.14-195.22.1
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:libjasper1-1.900.14-195.22.1
Image SLES12-SP4-SAP-Azure-VLI-BYOS-Production:libjasper1-1.900.14-195.22.1
Image SLES12-SP4-SAP-Azure:libjasper1-1.900.14-195.22.1
Ссылки

Описание

JasPer 2.0.14 has a memory leak in base/jas_malloc.c in libjasper.a when "--output-format jp2" is used.

Затронутые продукты
Image SLES12-SP4-SAP-Azure-BYOS:libjasper1-1.900.14-195.22.1
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:libjasper1-1.900.14-195.22.1
Image SLES12-SP4-SAP-Azure-VLI-BYOS-Production:libjasper1-1.900.14-195.22.1
Image SLES12-SP4-SAP-Azure:libjasper1-1.900.14-195.22.1
Ссылки

Описание

There is a reachable abort in the function jpc_dec_process_sot in libjasper/jpc/jpc_dec.c of JasPer 2.0.14 that will lead to a remote denial of service attack by triggering an unexpected jas_alloc2 return value, a different vulnerability than CVE-2017-13745.

Затронутые продукты
Image SLES12-SP4-SAP-Azure-BYOS:libjasper1-1.900.14-195.22.1
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:libjasper1-1.900.14-195.22.1
Image SLES12-SP4-SAP-Azure-VLI-BYOS-Production:libjasper1-1.900.14-195.22.1
Image SLES12-SP4-SAP-Azure:libjasper1-1.900.14-195.22.1
Ссылки

Описание

JasPer 2.0.14 allows denial of service via a reachable assertion in the function jpc_abstorelstepsize in libjasper/jpc/jpc_enc.c.

Затронутые продукты
Image SLES12-SP4-SAP-Azure-BYOS:libjasper1-1.900.14-195.22.1
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:libjasper1-1.900.14-195.22.1
Image SLES12-SP4-SAP-Azure-VLI-BYOS-Production:libjasper1-1.900.14-195.22.1
Image SLES12-SP4-SAP-Azure:libjasper1-1.900.14-195.22.1
Ссылки
Уязвимость SUSE-SU-2020:2690-1