Описание
Security update for jasper
This update for jasper fixes the following issues:
- CVE-2024-31744: Fixed denial of service through assertion failure in jpc_streamlist_remove() (bsc#1223155).
Список пакетов
SUSE Enterprise Storage 7.1
libjasper-devel-2.0.14-150000.3.34.1
libjasper4-2.0.14-150000.3.34.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
libjasper-devel-2.0.14-150000.3.34.1
libjasper4-2.0.14-150000.3.34.1
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
libjasper-devel-2.0.14-150000.3.34.1
libjasper4-2.0.14-150000.3.34.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS
libjasper-devel-2.0.14-150000.3.34.1
libjasper4-2.0.14-150000.3.34.1
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS
libjasper-devel-2.0.14-150000.3.34.1
libjasper4-2.0.14-150000.3.34.1
SUSE Linux Enterprise Module for Basesystem 15 SP5
libjasper4-2.0.14-150000.3.34.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP5
libjasper-devel-2.0.14-150000.3.34.1
SUSE Linux Enterprise Server 15 SP2-LTSS
libjasper-devel-2.0.14-150000.3.34.1
libjasper4-2.0.14-150000.3.34.1
SUSE Linux Enterprise Server 15 SP3-LTSS
libjasper-devel-2.0.14-150000.3.34.1
libjasper4-2.0.14-150000.3.34.1
SUSE Linux Enterprise Server 15 SP4-LTSS
libjasper-devel-2.0.14-150000.3.34.1
libjasper4-2.0.14-150000.3.34.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2
libjasper-devel-2.0.14-150000.3.34.1
libjasper4-2.0.14-150000.3.34.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3
libjasper-devel-2.0.14-150000.3.34.1
libjasper4-2.0.14-150000.3.34.1
SUSE Linux Enterprise Server for SAP Applications 15 SP4
libjasper-devel-2.0.14-150000.3.34.1
libjasper4-2.0.14-150000.3.34.1
SUSE Manager Proxy 4.3
libjasper4-2.0.14-150000.3.34.1
SUSE Manager Server 4.3
libjasper4-2.0.14-150000.3.34.1
openSUSE Leap 15.5
jasper-2.0.14-150000.3.34.1
libjasper-devel-2.0.14-150000.3.34.1
libjasper4-2.0.14-150000.3.34.1
libjasper4-32bit-2.0.14-150000.3.34.1
Ссылки
- Link for SUSE-SU-2024:1464-1
- E-Mail link for SUSE-SU-2024:1464-1
- SUSE Security Ratings
- SUSE Bug 1223155
- SUSE CVE CVE-2024-31744 page
Описание
In Jasper 4.2.2, the jpc_streamlist_remove function in src/libjasper/jpc/jpc_dec.c:2407 has an assertion failure vulnerability, allowing attackers to cause a denial of service attack through a specific image file.
Затронутые продукты
SUSE Enterprise Storage 7.1:libjasper-devel-2.0.14-150000.3.34.1
SUSE Enterprise Storage 7.1:libjasper4-2.0.14-150000.3.34.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libjasper-devel-2.0.14-150000.3.34.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libjasper4-2.0.14-150000.3.34.1
Ссылки
- CVE-2024-31744
- SUSE Bug 1223155