[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1MVsYi-0001MI-Qs@titan.mandriva.com>
Date: Tue, 28 Jul 2009 21:42:00 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2009:164 ] jasper
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2009:164
http://www.mandriva.com/security/
_______________________________________________________________________
Package : jasper
Date : July 28, 2009
Affected: Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
Multiple security vulnerabilities has been identified and fixed
in jasper:
The jpc_qcx_getcompparms function in jpc/jpc_cs.c for the JasPer
JPEG-2000 library (libjasper) before 1.900 allows remote user-assisted
attackers to cause a denial of service (crash) and possibly corrupt
the heap via malformed image files, as originally demonstrated using
imagemagick convert (CVE-2007-2721).
Multiple integer overflows in JasPer 1.900.1 might allow
context-dependent attackers to have an unknown impact via a crafted
image file, related to integer multiplication for memory allocation
(CVE-2008-3520).
The jas_stream_tmpfile function in libjasper/base/jas_stream.c in
JasPer 1.900.1 allows local users to overwrite arbitrary files via
a symlink attack on a tmp.XXXXXXXXXX temporary file (CVE-2008-3521).
Buffer overflow in the jas_stream_printf function in
libjasper/base/jas_stream.c in JasPer 1.900.1 might allow
context-dependent attackers to have an unknown impact via
vectors related to the mif_hdr_put function and use of vsprintf
(CVE-2008-3522).
The updated packages have been patched to prevent this.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2721
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3520
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3521
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3522
_______________________________________________________________________
Updated Packages:
Mandriva Enterprise Server 5:
65be0f80702a82e764c61805d327b498 mes5/i586/jasper-1.900.1-4.2mdvmes2009.0.i586.rpm
dad6f9fe7a3e34d58408068b2203df97 mes5/i586/libjasper1-1.900.1-4.2mdvmes2009.0.i586.rpm
f628a7ae56773d45ef2bf6f1965e6915 mes5/i586/libjasper1-devel-1.900.1-4.2mdvmes2009.0.i586.rpm
cdd85d00b6236fa78ba29a741080c780 mes5/i586/libjasper1-static-devel-1.900.1-4.2mdvmes2009.0.i586.rpm
c27ccae2e89a1c0b7e785c475e6c8741 mes5/SRPMS/jasper-1.900.1-4.2mdvmes2009.0.src.rpm
Mandriva Enterprise Server 5/X86_64:
91583c2f79ffb59d66eb9d7d8361a91a mes5/x86_64/jasper-1.900.1-4.2mdvmes2009.0.x86_64.rpm
3af36a7c96312a184f548a3c929b9e7b mes5/x86_64/lib64jasper1-1.900.1-4.2mdvmes2009.0.x86_64.rpm
3b4a398cc3713fc70e67c78fcc28642d mes5/x86_64/lib64jasper1-devel-1.900.1-4.2mdvmes2009.0.x86_64.rpm
980c64c57ce98446a5e8c283bb19e94b mes5/x86_64/lib64jasper1-static-devel-1.900.1-4.2mdvmes2009.0.x86_64.rpm
c27ccae2e89a1c0b7e785c475e6c8741 mes5/SRPMS/jasper-1.900.1-4.2mdvmes2009.0.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFKbyqAmqjQ0CJFipgRApxwAKDD1rSkAxz2hSzo8MD/hs7NUN6+AgCcDgZT
36G+ZngpJJoKC4y6gmnm23E=
=DZMY
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists