Debians sikkerhedsbulletin
DSA-2036-1 jasper -- programmeringsfejl
- Rapporteret den:
- 17. apr 2010
- Berørte pakker:
- jasper
- Sårbar:
- Ja
- Referencer i sikkerhedsdatabaser:
- I Debians fejlsporingssystem: Fejl 528543.
I Mitres CVE-ordbog: CVE-2007-2721. - Yderligere oplysninger:
-
Man opdagede at runtimebiblioteket JasPer JPEG-2000 gjorde det muligt for en angriber at oprette en fabrikeret inddatafil, som kunne føre til lammelsesangreb (denial of service) og heapkorruption.
Ud over at løse sårbarheden, indeholder opdateringen også rettelse af en regression, som opstod i forbindelse med sikkerhedsrettelsen til CVE-2008-3521, som blev taget i brug for frigivelsen af lenny, og som kunne give fejl ved læsning af nogle JPEG-inddatafiler.
I den stabile distribution (lenny), er dette problem rettet i version 1.900.1-5.1+lenny1.
I den ustabile distribution (sid), er dette problem rettet i version 1.900.1-6.
Vi anbefaler at du opgraderer din jasper-pakke.
- Rettet i:
-
Debian GNU/Linux 5.0 (lenny)
- Kildekode:
- http://security.debian.org/pool/updates/main/j/jasper/jasper_1.900.1.orig.tar.gz
- http://security.debian.org/pool/updates/main/j/jasper/jasper_1.900.1-5.1+lenny1.dsc
- http://security.debian.org/pool/updates/main/j/jasper/jasper_1.900.1-5.1+lenny1.diff.gz
- http://security.debian.org/pool/updates/main/j/jasper/jasper_1.900.1-5.1+lenny1.dsc
- Alpha:
- http://security.debian.org/pool/updates/main/j/jasper/libjasper-runtime_1.900.1-5.1+lenny1_alpha.deb
- http://security.debian.org/pool/updates/main/j/jasper/libjasper1_1.900.1-5.1+lenny1_alpha.deb
- http://security.debian.org/pool/updates/main/j/jasper/libjasper-dev_1.900.1-5.1+lenny1_alpha.deb
- http://security.debian.org/pool/updates/main/j/jasper/libjasper1_1.900.1-5.1+lenny1_alpha.deb
- AMD64:
- http://security.debian.org/pool/updates/main/j/jasper/libjasper1_1.900.1-5.1+lenny1_amd64.deb
- http://security.debian.org/pool/updates/main/j/jasper/libjasper-runtime_1.900.1-5.1+lenny1_amd64.deb
- http://security.debian.org/pool/updates/main/j/jasper/libjasper-dev_1.900.1-5.1+lenny1_amd64.deb
- http://security.debian.org/pool/updates/main/j/jasper/libjasper-runtime_1.900.1-5.1+lenny1_amd64.deb
- ARM:
- http://security.debian.org/pool/updates/main/j/jasper/libjasper-runtime_1.900.1-5.1+lenny1_arm.deb
- http://security.debian.org/pool/updates/main/j/jasper/libjasper1_1.900.1-5.1+lenny1_arm.deb
- http://security.debian.org/pool/updates/main/j/jasper/libjasper-dev_1.900.1-5.1+lenny1_arm.deb
- http://security.debian.org/pool/updates/main/j/jasper/libjasper1_1.900.1-5.1+lenny1_arm.deb
- ARM EABI:
- http://security.debian.org/pool/updates/main/j/jasper/libjasper1_1.900.1-5.1+lenny1_armel.deb
- http://security.debian.org/pool/updates/main/j/jasper/libjasper-runtime_1.900.1-5.1+lenny1_armel.deb
- http://security.debian.org/pool/updates/main/j/jasper/libjasper-dev_1.900.1-5.1+lenny1_armel.deb
- http://security.debian.org/pool/updates/main/j/jasper/libjasper-runtime_1.900.1-5.1+lenny1_armel.deb
- HP Precision:
- http://security.debian.org/pool/updates/main/j/jasper/libjasper-runtime_1.900.1-5.1+lenny1_hppa.deb
- http://security.debian.org/pool/updates/main/j/jasper/libjasper1_1.900.1-5.1+lenny1_hppa.deb
- http://security.debian.org/pool/updates/main/j/jasper/libjasper-dev_1.900.1-5.1+lenny1_hppa.deb
- http://security.debian.org/pool/updates/main/j/jasper/libjasper1_1.900.1-5.1+lenny1_hppa.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/j/jasper/libjasper-dev_1.900.1-5.1+lenny1_i386.deb
- http://security.debian.org/pool/updates/main/j/jasper/libjasper-runtime_1.900.1-5.1+lenny1_i386.deb
- http://security.debian.org/pool/updates/main/j/jasper/libjasper1_1.900.1-5.1+lenny1_i386.deb
- http://security.debian.org/pool/updates/main/j/jasper/libjasper-runtime_1.900.1-5.1+lenny1_i386.deb
- Big-endian MIPS:
- http://security.debian.org/pool/updates/main/j/jasper/libjasper1_1.900.1-5.1+lenny1_mips.deb
- http://security.debian.org/pool/updates/main/j/jasper/libjasper-runtime_1.900.1-5.1+lenny1_mips.deb
- http://security.debian.org/pool/updates/main/j/jasper/libjasper-dev_1.900.1-5.1+lenny1_mips.deb
- http://security.debian.org/pool/updates/main/j/jasper/libjasper-runtime_1.900.1-5.1+lenny1_mips.deb
- Little-endian MIPS:
- http://security.debian.org/pool/updates/main/j/jasper/libjasper1_1.900.1-5.1+lenny1_mipsel.deb
- http://security.debian.org/pool/updates/main/j/jasper/libjasper-dev_1.900.1-5.1+lenny1_mipsel.deb
- http://security.debian.org/pool/updates/main/j/jasper/libjasper-runtime_1.900.1-5.1+lenny1_mipsel.deb
- http://security.debian.org/pool/updates/main/j/jasper/libjasper-dev_1.900.1-5.1+lenny1_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/j/jasper/libjasper1_1.900.1-5.1+lenny1_powerpc.deb
- http://security.debian.org/pool/updates/main/j/jasper/libjasper-runtime_1.900.1-5.1+lenny1_powerpc.deb
- http://security.debian.org/pool/updates/main/j/jasper/libjasper-dev_1.900.1-5.1+lenny1_powerpc.deb
- http://security.debian.org/pool/updates/main/j/jasper/libjasper-runtime_1.900.1-5.1+lenny1_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/j/jasper/libjasper-runtime_1.900.1-5.1+lenny1_s390.deb
- http://security.debian.org/pool/updates/main/j/jasper/libjasper1_1.900.1-5.1+lenny1_s390.deb
- http://security.debian.org/pool/updates/main/j/jasper/libjasper-dev_1.900.1-5.1+lenny1_s390.deb
- http://security.debian.org/pool/updates/main/j/jasper/libjasper1_1.900.1-5.1+lenny1_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/j/jasper/libjasper1_1.900.1-5.1+lenny1_sparc.deb
- http://security.debian.org/pool/updates/main/j/jasper/libjasper-dev_1.900.1-5.1+lenny1_sparc.deb
- http://security.debian.org/pool/updates/main/j/jasper/libjasper-runtime_1.900.1-5.1+lenny1_sparc.deb
- http://security.debian.org/pool/updates/main/j/jasper/libjasper-dev_1.900.1-5.1+lenny1_sparc.deb
MD5-kontrolsummer for de listede filer findes i den originale sikkerhedsbulletin.