Описание
Security update for jasper
This update for jasper fixes the following issues:
- bsc#1179748 CVE-2020-27828: Fix heap overflow by checking maxrlvls
- bsc#1181483 CVE-2021-3272: Fix buffer over-read in jp2_decode
Список пакетов
HPE Helion OpenStack 8
libjasper1-1.900.14-195.25.1
libjasper1-32bit-1.900.14-195.25.1
Image SLES12-SP4-SAP-Azure
libjasper1-1.900.14-195.25.1
Image SLES12-SP4-SAP-Azure-BYOS
libjasper1-1.900.14-195.25.1
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production
libjasper1-1.900.14-195.25.1
Image SLES12-SP4-SAP-Azure-VLI-BYOS-Production
libjasper1-1.900.14-195.25.1
Image SLES12-SP4-SAP-EC2-HVM
libjasper1-1.900.14-195.25.1
Image SLES12-SP4-SAP-EC2-HVM-BYOS
libjasper1-1.900.14-195.25.1
Image SLES12-SP4-SAP-GCE
libjasper1-1.900.14-195.25.1
Image SLES12-SP4-SAP-GCE-BYOS
libjasper1-1.900.14-195.25.1
Image SLES12-SP4-SAP-OCI-BYOS
libjasper1-1.900.14-195.25.1
Image SLES12-SP5-Azure-SAP-BYOS
libjasper1-1.900.14-195.25.1
Image SLES12-SP5-Azure-SAP-On-Demand
libjasper1-1.900.14-195.25.1
Image SLES12-SP5-EC2-SAP-BYOS
libjasper1-1.900.14-195.25.1
Image SLES12-SP5-EC2-SAP-On-Demand
libjasper1-1.900.14-195.25.1
Image SLES12-SP5-GCE-SAP-BYOS
libjasper1-1.900.14-195.25.1
Image SLES12-SP5-GCE-SAP-On-Demand
libjasper1-1.900.14-195.25.1
Image SLES12-SP5-OCI-BYOS-SAP-BYOS
libjasper1-1.900.14-195.25.1
Image SLES12-SP5-SAP-Azure-LI-BYOS-Production
libjasper1-1.900.14-195.25.1
Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production
libjasper1-1.900.14-195.25.1
SUSE Linux Enterprise Server 12 SP2-BCL
libjasper1-1.900.14-195.25.1
libjasper1-32bit-1.900.14-195.25.1
SUSE Linux Enterprise Server 12 SP2-LTSS
libjasper1-1.900.14-195.25.1
libjasper1-32bit-1.900.14-195.25.1
SUSE Linux Enterprise Server 12 SP3-BCL
libjasper1-1.900.14-195.25.1
libjasper1-32bit-1.900.14-195.25.1
SUSE Linux Enterprise Server 12 SP3-LTSS
libjasper1-1.900.14-195.25.1
libjasper1-32bit-1.900.14-195.25.1
SUSE Linux Enterprise Server 12 SP4-LTSS
libjasper1-1.900.14-195.25.1
libjasper1-32bit-1.900.14-195.25.1
SUSE Linux Enterprise Server 12 SP5
libjasper1-1.900.14-195.25.1
libjasper1-32bit-1.900.14-195.25.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
libjasper1-1.900.14-195.25.1
libjasper1-32bit-1.900.14-195.25.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3
libjasper1-1.900.14-195.25.1
libjasper1-32bit-1.900.14-195.25.1
SUSE Linux Enterprise Server for SAP Applications 12 SP4
libjasper1-1.900.14-195.25.1
libjasper1-32bit-1.900.14-195.25.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
libjasper1-1.900.14-195.25.1
libjasper1-32bit-1.900.14-195.25.1
SUSE Linux Enterprise Software Development Kit 12 SP5
libjasper-devel-1.900.14-195.25.1
SUSE OpenStack Cloud 7
libjasper1-1.900.14-195.25.1
libjasper1-32bit-1.900.14-195.25.1
SUSE OpenStack Cloud 8
libjasper1-1.900.14-195.25.1
libjasper1-32bit-1.900.14-195.25.1
SUSE OpenStack Cloud 9
libjasper1-1.900.14-195.25.1
libjasper1-32bit-1.900.14-195.25.1
SUSE OpenStack Cloud Crowbar 8
libjasper1-1.900.14-195.25.1
libjasper1-32bit-1.900.14-195.25.1
SUSE OpenStack Cloud Crowbar 9
libjasper1-1.900.14-195.25.1
libjasper1-32bit-1.900.14-195.25.1
Ссылки
- Link for SUSE-SU-2021:0489-1
- E-Mail link for SUSE-SU-2021:0489-1
- SUSE Security Ratings
- SUSE Bug 1179748
- SUSE Bug 1181483
- SUSE CVE CVE-2020-27828 page
- SUSE CVE CVE-2021-3272 page
Описание
There's a flaw in jasper's jpc encoder in versions prior to 2.0.23. Crafted input provided to jasper by an attacker could cause an arbitrary out-of-bounds write. This could potentially affect data confidentiality, integrity, or application availability.
Затронутые продукты
HPE Helion OpenStack 8:libjasper1-1.900.14-195.25.1
HPE Helion OpenStack 8:libjasper1-32bit-1.900.14-195.25.1
Image SLES12-SP4-SAP-Azure-BYOS:libjasper1-1.900.14-195.25.1
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:libjasper1-1.900.14-195.25.1
Ссылки
- CVE-2020-27828
- SUSE Bug 1179748
Описание
jp2_decode in jp2/jp2_dec.c in libjasper in JasPer 2.0.24 has a heap-based buffer over-read when there is an invalid relationship between the number of channels and the number of image components.
Затронутые продукты
HPE Helion OpenStack 8:libjasper1-1.900.14-195.25.1
HPE Helion OpenStack 8:libjasper1-32bit-1.900.14-195.25.1
Image SLES12-SP4-SAP-Azure-BYOS:libjasper1-1.900.14-195.25.1
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:libjasper1-1.900.14-195.25.1
Ссылки
- CVE-2021-3272
- SUSE Bug 1181483