Important: jasper

2015-02-11T19:37:00
ID ALAS-2015-479
Type amazon
Reporter Amazon
Modified 2015-02-11T19:49:00

Description

Issue Overview:

An off-by-one flaw, leading to a heap-based buffer overflow, was found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. (CVE-2014-8157 __)

An unrestricted stack memory use flaw was found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. (CVE-2014-8158 __)

Affected Packages:

jasper

Issue Correction:
Run yum update jasper to update your system.

New Packages:

i686:  
    jasper-libs-1.900.1-16.9.amzn1.i686  
    jasper-debuginfo-1.900.1-16.9.amzn1.i686  
    jasper-utils-1.900.1-16.9.amzn1.i686  
    jasper-devel-1.900.1-16.9.amzn1.i686  
    jasper-1.900.1-16.9.amzn1.i686

src:  
    jasper-1.900.1-16.9.amzn1.src

x86_64:  
    jasper-1.900.1-16.9.amzn1.x86_64  
    jasper-debuginfo-1.900.1-16.9.amzn1.x86_64  
    jasper-devel-1.900.1-16.9.amzn1.x86_64  
    jasper-utils-1.900.1-16.9.amzn1.x86_64  
    jasper-libs-1.900.1-16.9.amzn1.x86_64