[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 739-1] jasper security updat



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : jasper
Version        : 1.900.1-13+deb7u5
CVE ID         : CVE-2016-8654 CVE-2016-8691 CVE-2016-8692 CVE-2016-8693
                 CVE-2016-8882 CVE-2016-8883 CVE-2016-8887 CVE-2016-9560
                 TEMP-CVE


CVE-2016-8691
     FPE on unknown address ... jpc_dec_process_siz ... jpc_dec.c

CVE-2016-8692
     FPE on unknown address ... jpc_dec_process_siz ... jpc_dec.c

CVE-2016-8693
     attempting double-free ... mem_close ... jas_stream.c

CVE-2016-8882
     segfault / null pointer access in jpc_pi_destroy

CVE-2016-9560
     stack-based buffer overflow in jpc_tsfb_getbands2 (jpc_tsfb.c)

CVE-2016-8887 part 1 + 2
     NULL pointer dereference in jp2_colr_destroy (jp2_cod.c)

CVE-2016-8654
     Heap-based buffer overflow in QMFB code in JPC codec

CVE-2016-8883
     assert in jpc_dec_tiledecode()

TEMP-CVE
     heap-based buffer overflow in jpc_dec_tiledecode (jpc_dec.c)


For Debian 7 "Wheezy", these problems have been fixed in version
1.900.1-13+deb7u5.

We recommend that you upgrade your jasper packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQJ8BAEBCgBmBQJYTDiNXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHBqkQAI8Npfpzr+9iQ4EAthd41sm2
VFePWaaxrICN3ZJItxeuH0LDhk0lPZtaa+61qk5rfoAMUDzKQ+izJ9L4Ly2uCpf4
0JXo10A+6gG1vfxYWuEoY3CHIQaLC1zqnNjjQXjHHOdT+SMyM2xst/phDGpawwd+
XZOvnQGb84k0+xe8jXNr3hprQqjc9oSrzXNZ5+Mf9hGaRXxSzoXuUG+k63VUJb/C
r0sfpnNyThPSHtmnPwBtDPf0tcVpyR/fX7M71eFpRKeLIyUAXT2QYROPHKi8pUS2
xT8mziB/svtR6tbCP4nlYC0zQ03iRM202CP77uUN42h8y+th7KgDPlIlCMyO60X8
nE+eJX6Mkjc699e+umCyp+N1BKLDTm+8ImvtmnEL4DN0U1Qs3IZUwQvT0PQMjEni
BjTEwrmF/KE+6BWu4FgCMMR5vk76bGPC3FtNGN2utRJpYHlun3J8koP7EburtDas
buz1/rTChIiWR6XmkocUF98ks+cskeOB6O2kDFBa1ZEKyqT/QP7PaG9Kq1phH82B
jUSWWiVOliXbthTojHzwUcTHx10k6keuW0Vg6USAPDKEzG37Gg3nUk6aX6y4dbAs
jOgOQC9ZeZoU/HBdqxjbA12clhp6OZ0hisl/N+SIk1kB1F7DDQrnLyAWiX371CHK
zMrnJGbdBD2RVuweL/K+
=7N7K
-----END PGP SIGNATURE-----


Reply to: