[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1YJg3x-00080a-2w@titan.mandriva.com>
Date: Fri, 06 Feb 2015 11:23:01 +0100
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDVSA-2015:034 ] jasper
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2015:034
http://www.mandriva.com/en/support/security/
_______________________________________________________________________
Package : jasper
Date : February 6, 2015
Affected: Business Server 1.0
_______________________________________________________________________
Problem Description:
Updated jasper packages fix security vulnerabilities:
An off-by-one flaw, leading to a heap-based buffer overflow, was found
in the way JasPer decoded JPEG 2000 image files. A specially crafted
file could cause an application using JasPer to crash or, possibly,
execute arbitrary code (CVE-2014-8157).
An unrestricted stack memory use flaw was found in the way JasPer
decoded JPEG 2000 image files. A specially crafted file could cause
an application using JasPer to crash or, possibly, execute arbitrary
code (CVE-2014-8158).
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8157
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8158
http://advisories.mageia.org/MGASA-2015-0038.html
_______________________________________________________________________
Updated Packages:
Mandriva Business Server 1/X86_64:
073aa6d28b369d5b24502044a461ac9d mbs1/x86_64/jasper-1.900.1-14.3.mbs1.x86_64.rpm
763531005b8a9a40c18805d8abbb439a mbs1/x86_64/lib64jasper1-1.900.1-14.3.mbs1.x86_64.rpm
d1314e0425ebf78ed4083d57351f67f1 mbs1/x86_64/lib64jasper-devel-1.900.1-14.3.mbs1.x86_64.rpm
a1030ae32d7e3e7735749cbd3335650c mbs1/x86_64/lib64jasper-static-devel-1.900.1-14.3.mbs1.x86_64.rpm
d912dd8f4ddf008098d9d666ec7e14e7 mbs1/SRPMS/jasper-1.900.1-14.3.mbs1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFU1If9mqjQ0CJFipgRAjuTAKDGFekty4m/ibVUq7TOyu6IYGQxBwCgzO+c
3eg09Q5NQ+Gz/HZOLcnANvU=
=Nfko
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists