ID OPENVAS:1361412562310842673 Type openvas Reporter Copyright (C) 2016 Greenbone Networks GmbH Modified 2019-03-13T00:00:00
Description
The remote host is missing an update for the
###############################################################################
# OpenVAS Vulnerability Test
#
# Ubuntu Update for jasper USN-2919-1
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.842673");
script_version("$Revision: 14140 $");
script_tag(name:"last_modification", value:"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $");
script_tag(name:"creation_date", value:"2016-03-08 12:37:57 +0530 (Tue, 08 Mar 2016)");
script_cve_id("CVE-2016-1577", "CVE-2016-2116");
script_tag(name:"cvss_base", value:"6.8");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_tag(name:"qod_type", value:"package");
script_name("Ubuntu Update for jasper USN-2919-1");
script_tag(name:"summary", value:"The remote host is missing an update for the 'jasper'
package(s) announced via the referenced advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"insight", value:"Jacob Baines discovered that JasPer
incorrectly handled ICC color profiles in JPEG-2000 image files. If a user
were tricked into opening a specially crafted JPEG-2000 image file, a remote
attacker could cause JasPer to crash or possibly execute arbitrary code with
user privileges. (CVE-2016-1577)
Tyler Hicks discovered that JasPer incorrectly handled memory when
processing JPEG-2000 image files. If a user were tricked into opening a
specially crafted JPEG-2000 image file, a remote attacker could cause
JasPer to consume memory, resulting in a denial of service.
(CVE-2016-2116)");
script_tag(name:"affected", value:"jasper on Ubuntu 15.10,
Ubuntu 14.04 LTS,
Ubuntu 12.04 LTS");
script_tag(name:"solution", value:"Please Install the Updated Packages.");
script_xref(name:"USN", value:"2919-1");
script_xref(name:"URL", value:"http://www.ubuntu.com/usn/usn-2919-1/");
script_tag(name:"solution_type", value:"VendorFix");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2016 Greenbone Networks GmbH");
script_family("Ubuntu Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/ubuntu_linux", "ssh/login/packages", re:"ssh/login/release=UBUNTU(14\.04 LTS|12\.04 LTS|15\.10)");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-deb.inc");
release = dpkg_get_ssh_release();
if(!release)
exit(0);
res = "";
if(release == "UBUNTU14.04 LTS")
{
if ((res = isdpkgvuln(pkg:"libjasper1:i386", ver:"1.900.1-14ubuntu3.3", rls:"UBUNTU14.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"libjasper1:amd64", ver:"1.900.1-14ubuntu3.3", rls:"UBUNTU14.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99);
exit(0);
}
if(release == "UBUNTU12.04 LTS")
{
if ((res = isdpkgvuln(pkg:"libjasper1:i386", ver:"1.900.1-13ubuntu0.3", rls:"UBUNTU12.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"libjasper1:amd64", ver:"1.900.1-13ubuntu0.3", rls:"UBUNTU12.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99);
exit(0);
}
if(release == "UBUNTU15.10")
{
if ((res = isdpkgvuln(pkg:"libjasper1:i386", ver:"1.900.1-debian1-2.4ubuntu0.15.10.1", rls:"UBUNTU15.10")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"libjasper1:amd64", ver:"1.900.1-debian1-2.4ubuntu0.15.10.1", rls:"UBUNTU15.10")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99);
exit(0);
}
{"id": "OPENVAS:1361412562310842673", "bulletinFamily": "scanner", "title": "Ubuntu Update for jasper USN-2919-1", "description": "The remote host is missing an update for the ", "published": "2016-03-08T00:00:00", "modified": "2019-03-13T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842673", "reporter": "Copyright (C) 2016 Greenbone Networks GmbH", "references": ["2919-1", "http://www.ubuntu.com/usn/usn-2919-1/"], "cvelist": ["CVE-2016-1577", "CVE-2016-2116"], "type": "openvas", "lastseen": "2019-05-29T18:35:48", "history": [{"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2016-1577", "CVE-2016-2116"], "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "Check the version of jasper", "edition": 3, "enchantments": {"score": {"value": 6.8, "vector": "NONE"}}, "hash": "65d80cce60099c60f22cd11f397c83ac1fb9c1458eaad99770235f834bd607b0", "hashmap": [{"hash": "4e69c0d9d914f0d29906b8497287e733", "key": "references"}, {"hash": "a2a8de08c0f602566b16e671eba08732", "key": "href"}, {"hash": "2e88789293965af5fb79b7dc19c87370", "key": "published"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "0164ee8ce2f4d55ad405e4be43cb0866", "key": "title"}, {"hash": "755cfd32db25161983713340e6d2c175", "key": "description"}, {"hash": "4177cfab30bf9f48767b3f5f7a715513", "key": "modified"}, {"hash": "c9b7d00377a789a14c9bb9dab6c7168c", "key": "naslFamily"}, {"hash": "737e2591b537c46d1ca7ce6f0cea5cb9", "key": "cvss"}, {"hash": "ea106ff9c2727a6e906e8959871e7c06", "key": "reporter"}, {"hash": "ed1d170ef3b619e6e3fda0d4e78b3e4d", "key": "sourceData"}, {"hash": "951077b1c9415cbd5f1342d09403bf4d", "key": "cvelist"}, {"hash": "ea3cdea7e1076b8f876dc91e7c3b45db", "key": "pluginID"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842673", "id": "OPENVAS:1361412562310842673", "lastseen": "2017-12-04T11:25:53", "modified": "2017-12-01T00:00:00", "naslFamily": "Ubuntu Local Security Checks", "objectVersion": "1.3", "pluginID": "1361412562310842673", "published": "2016-03-08T00:00:00", "references": ["2919-1", "http://www.ubuntu.com/usn/usn-2919-1/"], "reporter": "Copyright (C) 2016 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for jasper USN-2919-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842673\");\n script_version(\"$Revision: 7955 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 06:40:43 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2016-03-08 12:37:57 +0530 (Tue, 08 Mar 2016)\");\n script_cve_id(\"CVE-2016-1577\", \"CVE-2016-2116\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for jasper USN-2919-1\");\n script_tag(name: \"summary\", value: \"Check the version of jasper\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help\n of detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"Jacob Baines discovered that JasPer\n incorrectly handled ICC color profiles in JPEG-2000 image files. If a user\n were tricked into opening a specially crafted JPEG-2000 image file, a remote\n attacker could cause JasPer to crash or possibly execute arbitrary code with\n user privileges. (CVE-2016-1577)\n\n Tyler Hicks discovered that JasPer incorrectly handled memory when\n processing JPEG-2000 image files. If a user were tricked into opening a\n specially crafted JPEG-2000 image file, a remote attacker could cause\n JasPer to consume memory, resulting in a denial of service.\n (CVE-2016-2116)\");\n script_tag(name: \"affected\", value: \"jasper on Ubuntu 15.10 ,\n Ubuntu 14.04 LTS ,\n Ubuntu 12.04 LTS\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n\n script_xref(name: \"USN\", value: \"2919-1\");\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-2919-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libjasper1:i386\", ver:\"1.900.1-14ubuntu3.3\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libjasper1:amd64\", ver:\"1.900.1-14ubuntu3.3\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libjasper1:i386\", ver:\"1.900.1-13ubuntu0.3\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libjasper1:amd64\", ver:\"1.900.1-13ubuntu0.3\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU15.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libjasper1:i386\", ver:\"1.900.1-debian1-2.4ubuntu0.15.10.1\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libjasper1:amd64\", ver:\"1.900.1-debian1-2.4ubuntu0.15.10.1\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "title": "Ubuntu Update for jasper USN-2919-1", "type": "openvas", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 3, "lastseen": "2017-12-04T11:25:53"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2016-1577", "CVE-2016-2116"], "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "The remote host is missing an update for the ", "edition": 8, "enchantments": {"dependencies": {"modified": "2018-11-19T13:00:43", "references": [{"idList": ["RHSA-2017:1208"], "type": "redhat"}, {"idList": ["ALAS-2017-836"], "type": "amazon"}, {"idList": ["CFOUNDRY:2D5257B7ED095BDE30D255D140E627B8"], "type": "cloudfoundry"}, {"idList": ["USN-2919-1"], "type": "ubuntu"}, {"idList": ["OPENVAS:1361412562310882714", "OPENVAS:1361412562310131254", "OPENVAS:1361412562310809112", "OPENVAS:1361412562310871813", "OPENVAS:1361412562310809278", "OPENVAS:1361412562310882713", "OPENVAS:1361412562310703508", "OPENVAS:703508", "OPENVAS:1361412562310871991"], "type": "openvas"}, {"idList": ["ELSA-2017-1208"], "type": "oraclelinux"}, {"idList": ["ASA-201605-2"], "type": "archlinux"}, {"idList": ["CESA-2017:1208"], "type": "centos"}, {"idList": ["CVE-2016-1577", "CVE-2016-2116"], "type": "cve"}, {"idList": ["FEDORA_2016-7776983633.NASL", "OPENSUSE-2016-1270.NASL", "OPENSUSE-2016-1263.NASL", "FEDORA_2016-9B17661DE5.NASL", "FEDORA_2016-BBECF64AF4.NASL", "DEBIAN_DSA-3508.NASL", "OPENSUSE-2016-1309.NASL", "SUSE_SU-2016-2776-1.NASL", "SUSE_SU-2016-2775-1.NASL", "UBUNTU_USN-2919-1.NASL"], "type": "nessus"}, {"idList": ["DEBIAN:DSA-3508-1:44F45"], "type": "debian"}]}, "score": {"value": 6.8, "vector": "NONE"}}, "hash": "f9d3d58fbbef34ef18ec8b1e60b6c6ee883297e1272c17fd51199969a992e4d5", "hashmap": [{"hash": "4e69c0d9d914f0d29906b8497287e733", "key": "references"}, {"hash": "584e0a442eca5e7c38047794d8208dd5", "key": "sourceData"}, {"hash": "1693b96dcccf4fbcd463bf8baaa2bf3f", "key": "description"}, {"hash": "a2a8de08c0f602566b16e671eba08732", "key": "href"}, {"hash": "2e88789293965af5fb79b7dc19c87370", "key": "published"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "0164ee8ce2f4d55ad405e4be43cb0866", "key": "title"}, {"hash": "c9b7d00377a789a14c9bb9dab6c7168c", "key": "naslFamily"}, {"hash": "737e2591b537c46d1ca7ce6f0cea5cb9", "key": "cvss"}, {"hash": "ea106ff9c2727a6e906e8959871e7c06", "key": "reporter"}, {"hash": "951077b1c9415cbd5f1342d09403bf4d", "key": "cvelist"}, {"hash": "ea3cdea7e1076b8f876dc91e7c3b45db", "key": "pluginID"}, {"hash": "342cc90fff603913e7fb1060eccdf48e", "key": "modified"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842673", "id": "OPENVAS:1361412562310842673", "lastseen": "2018-11-19T13:00:43", "modified": "2018-11-16T00:00:00", "naslFamily": "Ubuntu Local Security Checks", "objectVersion": "1.3", "pluginID": "1361412562310842673", "published": "2016-03-08T00:00:00", "references": ["2919-1", "http://www.ubuntu.com/usn/usn-2919-1/"], "reporter": "Copyright (C) 2016 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for jasper USN-2919-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842673\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-03-08 12:37:57 +0530 (Tue, 08 Mar 2016)\");\n script_cve_id(\"CVE-2016-1577\", \"CVE-2016-2116\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for jasper USN-2919-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'jasper'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Jacob Baines discovered that JasPer\n incorrectly handled ICC color profiles in JPEG-2000 image files. If a user\n were tricked into opening a specially crafted JPEG-2000 image file, a remote\n attacker could cause JasPer to crash or possibly execute arbitrary code with\n user privileges. (CVE-2016-1577)\n\n Tyler Hicks discovered that JasPer incorrectly handled memory when\n processing JPEG-2000 image files. If a user were tricked into opening a\n specially crafted JPEG-2000 image file, a remote attacker could cause\n JasPer to consume memory, resulting in a denial of service.\n (CVE-2016-2116)\");\n script_tag(name:\"affected\", value:\"jasper on Ubuntu 15.10,\n Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"2919-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2919-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|12\\.04 LTS|15\\.10)\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libjasper1:i386\", ver:\"1.900.1-14ubuntu3.3\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libjasper1:amd64\", ver:\"1.900.1-14ubuntu3.3\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libjasper1:i386\", ver:\"1.900.1-13ubuntu0.3\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libjasper1:amd64\", ver:\"1.900.1-13ubuntu0.3\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU15.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libjasper1:i386\", ver:\"1.900.1-debian1-2.4ubuntu0.15.10.1\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libjasper1:amd64\", ver:\"1.900.1-debian1-2.4ubuntu0.15.10.1\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "title": "Ubuntu Update for jasper USN-2919-1", "type": "openvas", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 8, "lastseen": "2018-11-19T13:00:43"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2016-1577", "CVE-2016-2116"], "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "Check the version of jasper", "edition": 5, "enchantments": {"score": {"value": 6.8, "vector": "NONE"}}, "hash": "2c75e1c281192a6d47c27bed116d1542766a999a767504cbd018c250dd7feff8", "hashmap": [{"hash": "4e69c0d9d914f0d29906b8497287e733", "key": "references"}, {"hash": "a2a8de08c0f602566b16e671eba08732", "key": "href"}, {"hash": "2e88789293965af5fb79b7dc19c87370", "key": "published"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "c5049c2480979cb64528192f93387f2c", "key": "sourceData"}, {"hash": "0164ee8ce2f4d55ad405e4be43cb0866", "key": "title"}, {"hash": "755cfd32db25161983713340e6d2c175", "key": "description"}, {"hash": "c9b7d00377a789a14c9bb9dab6c7168c", "key": "naslFamily"}, {"hash": "737e2591b537c46d1ca7ce6f0cea5cb9", "key": "cvss"}, {"hash": "ea106ff9c2727a6e906e8959871e7c06", "key": "reporter"}, {"hash": "464857d7b87b7b905e79b99c78b7d97a", "key": "modified"}, {"hash": "951077b1c9415cbd5f1342d09403bf4d", "key": "cvelist"}, {"hash": "ea3cdea7e1076b8f876dc91e7c3b45db", "key": "pluginID"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842673", "id": "OPENVAS:1361412562310842673", "lastseen": "2018-08-24T21:25:11", "modified": "2018-08-17T00:00:00", "naslFamily": "Ubuntu Local Security Checks", "objectVersion": "1.3", "pluginID": "1361412562310842673", "published": "2016-03-08T00:00:00", "references": ["2919-1", "http://www.ubuntu.com/usn/usn-2919-1/"], "reporter": "Copyright (C) 2016 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for jasper USN-2919-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842673\");\n script_version(\"$Revision: 11037 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-08-17 13:51:16 +0200 (Fri, 17 Aug 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-03-08 12:37:57 +0530 (Tue, 08 Mar 2016)\");\n script_cve_id(\"CVE-2016-1577\", \"CVE-2016-2116\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for jasper USN-2919-1\");\n script_tag(name:\"summary\", value:\"Check the version of jasper\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Jacob Baines discovered that JasPer\n incorrectly handled ICC color profiles in JPEG-2000 image files. If a user\n were tricked into opening a specially crafted JPEG-2000 image file, a remote\n attacker could cause JasPer to crash or possibly execute arbitrary code with\n user privileges. (CVE-2016-1577)\n\n Tyler Hicks discovered that JasPer incorrectly handled memory when\n processing JPEG-2000 image files. If a user were tricked into opening a\n specially crafted JPEG-2000 image file, a remote attacker could cause\n JasPer to consume memory, resulting in a denial of service.\n (CVE-2016-2116)\");\n script_tag(name:\"affected\", value:\"jasper on Ubuntu 15.10,\n Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"2919-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2919-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|12\\.04 LTS|15\\.10)\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libjasper1:i386\", ver:\"1.900.1-14ubuntu3.3\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libjasper1:amd64\", ver:\"1.900.1-14ubuntu3.3\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libjasper1:i386\", ver:\"1.900.1-13ubuntu0.3\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libjasper1:amd64\", ver:\"1.900.1-13ubuntu0.3\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU15.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libjasper1:i386\", ver:\"1.900.1-debian1-2.4ubuntu0.15.10.1\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libjasper1:amd64\", ver:\"1.900.1-debian1-2.4ubuntu0.15.10.1\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "title": "Ubuntu Update for jasper USN-2919-1", "type": "openvas", "viewCount": 0}, "differentElements": ["cvss"], "edition": 5, "lastseen": "2018-08-24T21:25:11"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2016-1577", "CVE-2016-2116"], "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "The remote host is missing an update for the ", "edition": 9, "enchantments": {"dependencies": {"modified": "2019-03-14T14:25:57", "references": [{"idList": ["RHSA-2017:1208"], "type": "redhat"}, {"idList": ["ALAS-2017-836"], "type": "amazon"}, {"idList": ["CFOUNDRY:2D5257B7ED095BDE30D255D140E627B8"], "type": "cloudfoundry"}, {"idList": ["USN-2919-1"], "type": "ubuntu"}, {"idList": ["OPENVAS:1361412562310882714", "OPENVAS:1361412562310131254", "OPENVAS:1361412562310809112", "OPENVAS:1361412562310871813", "OPENVAS:1361412562310809278", "OPENVAS:1361412562310882713", "OPENVAS:1361412562310703508", "OPENVAS:703508", "OPENVAS:1361412562310871991"], "type": "openvas"}, {"idList": ["ELSA-2017-1208"], "type": "oraclelinux"}, {"idList": ["ASA-201605-2"], "type": "archlinux"}, {"idList": ["CESA-2017:1208"], "type": "centos"}, {"idList": ["CVE-2016-1577", "CVE-2016-2116"], "type": "cve"}, {"idList": ["FEDORA_2016-7776983633.NASL", "OPENSUSE-2016-1270.NASL", "OPENSUSE-2016-1263.NASL", "FEDORA_2016-9B17661DE5.NASL", "FEDORA_2016-BBECF64AF4.NASL", "DEBIAN_DSA-3508.NASL", "OPENSUSE-2016-1309.NASL", "SUSE_SU-2016-2776-1.NASL", "SUSE_SU-2016-2775-1.NASL", "UBUNTU_USN-2919-1.NASL"], "type": "nessus"}, {"idList": ["DEBIAN:DSA-3508-1:44F45"], "type": "debian"}]}, "score": {"value": 6.8, "vector": "NONE"}}, "hash": "f96f6133078a5fc9fe12e02cb1e9365c1b73a56d946719d08d620fbd3ff19e02", "hashmap": [{"hash": "4e69c0d9d914f0d29906b8497287e733", "key": "references"}, {"hash": "1693b96dcccf4fbcd463bf8baaa2bf3f", "key": "description"}, {"hash": "ad4d18ce7879d13ff3fe5003518760c4", "key": "modified"}, {"hash": "a2a8de08c0f602566b16e671eba08732", "key": "href"}, {"hash": "2e88789293965af5fb79b7dc19c87370", "key": "published"}, {"hash": "4fcf337121422d9b089369eb7d237cc8", "key": "sourceData"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "0164ee8ce2f4d55ad405e4be43cb0866", "key": "title"}, {"hash": "c9b7d00377a789a14c9bb9dab6c7168c", "key": "naslFamily"}, {"hash": "737e2591b537c46d1ca7ce6f0cea5cb9", "key": "cvss"}, {"hash": "ea106ff9c2727a6e906e8959871e7c06", "key": "reporter"}, {"hash": "951077b1c9415cbd5f1342d09403bf4d", "key": "cvelist"}, {"hash": "ea3cdea7e1076b8f876dc91e7c3b45db", "key": "pluginID"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842673", "id": "OPENVAS:1361412562310842673", "lastseen": "2019-03-14T14:25:57", "modified": "2019-03-13T00:00:00", "naslFamily": "Ubuntu Local Security Checks", "objectVersion": "1.3", "pluginID": "1361412562310842673", "published": "2016-03-08T00:00:00", "references": ["2919-1", "http://www.ubuntu.com/usn/usn-2919-1/"], "reporter": "Copyright (C) 2016 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for jasper USN-2919-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842673\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-03-08 12:37:57 +0530 (Tue, 08 Mar 2016)\");\n script_cve_id(\"CVE-2016-1577\", \"CVE-2016-2116\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for jasper USN-2919-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'jasper'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Jacob Baines discovered that JasPer\n incorrectly handled ICC color profiles in JPEG-2000 image files. If a user\n were tricked into opening a specially crafted JPEG-2000 image file, a remote\n attacker could cause JasPer to crash or possibly execute arbitrary code with\n user privileges. (CVE-2016-1577)\n\n Tyler Hicks discovered that JasPer incorrectly handled memory when\n processing JPEG-2000 image files. If a user were tricked into opening a\n specially crafted JPEG-2000 image file, a remote attacker could cause\n JasPer to consume memory, resulting in a denial of service.\n (CVE-2016-2116)\");\n script_tag(name:\"affected\", value:\"jasper on Ubuntu 15.10,\n Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"2919-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2919-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|12\\.04 LTS|15\\.10)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libjasper1:i386\", ver:\"1.900.1-14ubuntu3.3\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libjasper1:amd64\", ver:\"1.900.1-14ubuntu3.3\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libjasper1:i386\", ver:\"1.900.1-13ubuntu0.3\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libjasper1:amd64\", ver:\"1.900.1-13ubuntu0.3\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU15.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libjasper1:i386\", ver:\"1.900.1-debian1-2.4ubuntu0.15.10.1\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libjasper1:amd64\", ver:\"1.900.1-debian1-2.4ubuntu0.15.10.1\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "title": "Ubuntu Update for jasper USN-2919-1", "type": "openvas", "viewCount": 0}, "differentElements": ["cvss"], "edition": 9, "lastseen": "2019-03-14T14:25:57"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2016-1577", "CVE-2016-2116"], "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "Check the version of jasper", "edition": 2, "enchantments": {}, "hash": "e57b0adcd22b41fc20037b42f4f5fbd73c52d3842200baab8352098611259b00", "hashmap": [{"hash": "1407aeb3859adc56a876cccfa61d7a98", "key": "references"}, {"hash": "d65f6262fea46998660455409d206afd", "key": "sourceData"}, {"hash": "a2a8de08c0f602566b16e671eba08732", "key": "href"}, {"hash": "2e88789293965af5fb79b7dc19c87370", "key": "published"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "0164ee8ce2f4d55ad405e4be43cb0866", "key": "title"}, {"hash": "755cfd32db25161983713340e6d2c175", "key": "description"}, {"hash": "c9b7d00377a789a14c9bb9dab6c7168c", "key": "naslFamily"}, {"hash": "737e2591b537c46d1ca7ce6f0cea5cb9", "key": "cvss"}, {"hash": "ea106ff9c2727a6e906e8959871e7c06", "key": "reporter"}, {"hash": "0d134bf170d66438eb1e01173ee0187f", "key": "modified"}, {"hash": "951077b1c9415cbd5f1342d09403bf4d", "key": "cvelist"}, {"hash": "ea3cdea7e1076b8f876dc91e7c3b45db", "key": "pluginID"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842673", "id": "OPENVAS:1361412562310842673", "lastseen": "2017-07-25T10:54:50", "modified": "2017-07-10T00:00:00", "naslFamily": "Ubuntu Local Security Checks", "objectVersion": "1.3", "pluginID": "1361412562310842673", "published": "2016-03-08T00:00:00", "references": ["https://lists.ubuntu.com/archives/ubuntu-security-announce/2016-March/003335.html", "2919-1"], "reporter": "Copyright (C) 2016 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for jasper USN-2919-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842673\");\n script_version(\"$Revision: 6647 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:04:05 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2016-03-08 12:37:57 +0530 (Tue, 08 Mar 2016)\");\n script_cve_id(\"CVE-2016-1577\", \"CVE-2016-2116\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for jasper USN-2919-1\");\n script_tag(name: \"summary\", value: \"Check the version of jasper\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help\n of detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"Jacob Baines discovered that JasPer\n incorrectly handled ICC color profiles in JPEG-2000 image files. If a user\n were tricked into opening a specially crafted JPEG-2000 image file, a remote\n attacker could cause JasPer to crash or possibly execute arbitrary code with\n user privileges. (CVE-2016-1577)\n\n Tyler Hicks discovered that JasPer incorrectly handled memory when\n processing JPEG-2000 image files. If a user were tricked into opening a\n specially crafted JPEG-2000 image file, a remote attacker could cause\n JasPer to consume memory, resulting in a denial of service.\n (CVE-2016-2116)\");\n script_tag(name: \"affected\", value: \"jasper on Ubuntu 15.10 ,\n Ubuntu 14.04 LTS ,\n Ubuntu 12.04 LTS\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n\n script_xref(name: \"USN\", value: \"2919-1\");\n script_xref(name: \"URL\" , value: \"https://lists.ubuntu.com/archives/ubuntu-security-announce/2016-March/003335.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libjasper1:i386\", ver:\"1.900.1-14ubuntu3.3\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libjasper1:amd64\", ver:\"1.900.1-14ubuntu3.3\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libjasper1:i386\", ver:\"1.900.1-13ubuntu0.3\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libjasper1:amd64\", ver:\"1.900.1-13ubuntu0.3\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU15.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libjasper1:i386\", ver:\"1.900.1-debian1-2.4ubuntu0.15.10.1\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libjasper1:amd64\", ver:\"1.900.1-debian1-2.4ubuntu0.15.10.1\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "title": "Ubuntu Update for jasper USN-2919-1", "type": "openvas", "viewCount": 0}, "differentElements": ["references", "modified", "sourceData"], "edition": 2, "lastseen": "2017-07-25T10:54:50"}], "edition": 10, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cvelist", "hash": "951077b1c9415cbd5f1342d09403bf4d"}, {"key": "cvss", "hash": "4cac367be6dd8242802053610be9dee6"}, {"key": "description", "hash": "1693b96dcccf4fbcd463bf8baaa2bf3f"}, {"key": "href", "hash": "a2a8de08c0f602566b16e671eba08732"}, {"key": "modified", "hash": "ad4d18ce7879d13ff3fe5003518760c4"}, {"key": "naslFamily", "hash": "c9b7d00377a789a14c9bb9dab6c7168c"}, {"key": "pluginID", "hash": "ea3cdea7e1076b8f876dc91e7c3b45db"}, {"key": "published", "hash": "2e88789293965af5fb79b7dc19c87370"}, {"key": "references", "hash": "4e69c0d9d914f0d29906b8497287e733"}, {"key": "reporter", "hash": "ea106ff9c2727a6e906e8959871e7c06"}, {"key": "sourceData", "hash": "4fcf337121422d9b089369eb7d237cc8"}, {"key": "title", "hash": "0164ee8ce2f4d55ad405e4be43cb0866"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}], "hash": "9b4c14c5356b5633dd566fdb113f735aef5f4bdeeb1f79e9934b42d0577f437d", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2016-2116", "CVE-2016-1577"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:2D5257B7ED095BDE30D255D140E627B8"]}, {"type": "ubuntu", "idList": ["USN-2919-1"]}, {"type": "nessus", "idList": ["UBUNTU_USN-2919-1.NASL", "DEBIAN_DSA-3508.NASL", "FEDORA_2016-BBECF64AF4.NASL", "FEDORA_2016-7776983633.NASL", "FEDORA_2016-9B17661DE5.NASL", "SUSE_SU-2016-2776-1.NASL", "OPENSUSE-2016-1309.NASL", "OPENSUSE-2016-1263.NASL", "SUSE_SU-2016-2775-1.NASL", "OPENSUSE-2016-1270.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:703508", "OPENVAS:1361412562310703508", "OPENVAS:1361412562310131254", "OPENVAS:1361412562310871991", "OPENVAS:1361412562310809278", "OPENVAS:1361412562310809112", "OPENVAS:1361412562310882714", "OPENVAS:1361412562310882713", "OPENVAS:1361412562310871813"]}, {"type": "archlinux", "idList": ["ASA-201605-2"]}, {"type": "debian", "idList": ["DEBIAN:DSA-3508-1:44F45"]}, {"type": "redhat", "idList": ["RHSA-2017:1208"]}, {"type": "oraclelinux", "idList": ["ELSA-2017-1208"]}, {"type": "centos", "idList": ["CESA-2017:1208"]}, {"type": "amazon", "idList": ["ALAS-2017-836"]}], "modified": "2019-05-29T18:35:48"}, "score": {"value": 7.4, "vector": "NONE", "modified": "2019-05-29T18:35:48"}, "vulnersScore": 7.4}, "objectVersion": "1.3", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for jasper USN-2919-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842673\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-03-08 12:37:57 +0530 (Tue, 08 Mar 2016)\");\n script_cve_id(\"CVE-2016-1577\", \"CVE-2016-2116\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for jasper USN-2919-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'jasper'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Jacob Baines discovered that JasPer\n incorrectly handled ICC color profiles in JPEG-2000 image files. If a user\n were tricked into opening a specially crafted JPEG-2000 image file, a remote\n attacker could cause JasPer to crash or possibly execute arbitrary code with\n user privileges. (CVE-2016-1577)\n\n Tyler Hicks discovered that JasPer incorrectly handled memory when\n processing JPEG-2000 image files. If a user were tricked into opening a\n specially crafted JPEG-2000 image file, a remote attacker could cause\n JasPer to consume memory, resulting in a denial of service.\n (CVE-2016-2116)\");\n script_tag(name:\"affected\", value:\"jasper on Ubuntu 15.10,\n Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"2919-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2919-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|12\\.04 LTS|15\\.10)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libjasper1:i386\", ver:\"1.900.1-14ubuntu3.3\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libjasper1:amd64\", ver:\"1.900.1-14ubuntu3.3\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libjasper1:i386\", ver:\"1.900.1-13ubuntu0.3\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libjasper1:amd64\", ver:\"1.900.1-13ubuntu0.3\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU15.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libjasper1:i386\", ver:\"1.900.1-debian1-2.4ubuntu0.15.10.1\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libjasper1:amd64\", ver:\"1.900.1-debian1-2.4ubuntu0.15.10.1\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "naslFamily": "Ubuntu Local Security Checks", "pluginID": "1361412562310842673", "scheme": null}
{"cve": [{"lastseen": "2019-05-29T18:15:35", "bulletinFamily": "NVD", "description": "Memory leak in the jas_iccprof_createfrombuf function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (memory consumption) via a crafted ICC color profile in a JPEG 2000 image file.", "modified": "2018-01-05T02:30:00", "id": "CVE-2016-2116", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2116", "published": "2016-04-13T14:59:00", "title": "CVE-2016-2116", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:15:34", "bulletinFamily": "NVD", "description": "Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file, a different vulnerability than CVE-2014-8137.\n<a href=\"http://cwe.mitre.org/data/definitions/415.html\">CWE-415: Double Free</a>", "modified": "2018-01-05T02:30:00", "id": "CVE-2016-1577", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1577", "published": "2016-04-13T14:59:00", "title": "CVE-2016-1577", "type": "cve", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2019-05-29T19:21:25", "bulletinFamily": "unix", "description": "Jacob Baines discovered that JasPer incorrectly handled ICC color profiles in JPEG-2000 image files. If a user were tricked into opening a specially crafted JPEG-2000 image file, a remote attacker could cause JasPer to crash or possibly execute arbitrary code with user privileges. (CVE-2016-1577)\n\nTyler Hicks discovered that JasPer incorrectly handled memory when processing JPEG-2000 image files. If a user were tricked into opening a specially crafted JPEG-2000 image file, a remote attacker could cause JasPer to consume memory, resulting in a denial of service. (CVE-2016-2116)", "modified": "2016-03-03T00:00:00", "published": "2016-03-03T00:00:00", "id": "USN-2919-1", "href": "https://usn.ubuntu.com/2919-1/", "title": "JasPer vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "cloudfoundry": [{"lastseen": "2019-05-29T18:32:52", "bulletinFamily": "software", "description": "USN-2919-1 JasPer vulnerabilities\n\n# \n\nMedium\n\n# Vendor\n\nUbuntu, JasPer\n\n# Versions Affected\n\n * Ubuntu 14.04 LTS \n\n# Description\n\nJacob Baines discovered that JasPer incorrectly handled ICC color profiles in JPEG-2000 image files. If a user were tricked into opening a specially crafted JPEG-2000 image file, a remote attacker could cause JasPer to crash or possibly execute arbitrary code with user privileges. ([CVE-2016-1577](<http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-1577.html>))\n\nTyler Hicks discovered that JasPer incorrectly handled memory when processing JPEG-2000 image files. If a user were tricked into opening a specially crafted JPEG-2000 image file, a remote attacker could cause JasPer to consume memory, resulting in a denial of service. ([CVE-2016-2116](<http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-2116.html>))\n\n# Affected Products and Versions\n\n_Severity is medium unless otherwise noted. \n_\n\n * All versions of Cloud Foundry rootfs prior to 1.41.0 \n\n# Mitigation\n\nUsers of affected versions should apply the following mitigation:\n\n * The Cloud Foundry project recommends that Cloud Foundry deployments run with rootfs version 1.41.0 and higher \n\n# Credit\n\nJacob Baines, Tyler Hicks\n\n# References\n\n * <http://www.ubuntu.com/usn/usn-2919-1/>\n * <http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-1577.html>\n * <http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-2116.html>\n", "modified": "2016-03-24T00:00:00", "published": "2016-03-24T00:00:00", "id": "CFOUNDRY:2D5257B7ED095BDE30D255D140E627B8", "href": "https://www.cloudfoundry.org/blog/usn-2919-1/", "title": "USN-2919-1 JasPer vulnerabilities | Cloud Foundry", "type": "cloudfoundry", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2019-11-03T12:31:02", "bulletinFamily": "scanner", "description": "Jacob Baines discovered that JasPer incorrectly handled ICC color\nprofiles in JPEG-2000 image files. If a user were tricked into opening\na specially crafted JPEG-2000 image file, a remote attacker could\ncause JasPer to crash or possibly execute arbitrary code with user\nprivileges. (CVE-2016-1577)\n\nTyler Hicks discovered that JasPer incorrectly handled memory when\nprocessing JPEG-2000 image files. If a user were tricked into opening\na specially crafted JPEG-2000 image file, a remote attacker could\ncause JasPer to consume memory, resulting in a denial of service.\n(CVE-2016-2116).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-11-02T00:00:00", "id": "UBUNTU_USN-2919-1.NASL", "href": "https://www.tenable.com/plugins/nessus/89660", "published": "2016-03-04T00:00:00", "title": "Ubuntu 12.04 LTS / 14.04 LTS / 15.10 : jasper vulnerabilities (USN-2919-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2919-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(89660);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2019/09/18 12:31:45\");\n\n script_cve_id(\"CVE-2016-1577\", \"CVE-2016-2116\");\n script_xref(name:\"USN\", value:\"2919-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 14.04 LTS / 15.10 : jasper vulnerabilities (USN-2919-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Jacob Baines discovered that JasPer incorrectly handled ICC color\nprofiles in JPEG-2000 image files. If a user were tricked into opening\na specially crafted JPEG-2000 image file, a remote attacker could\ncause JasPer to crash or possibly execute arbitrary code with user\nprivileges. (CVE-2016-1577)\n\nTyler Hicks discovered that JasPer incorrectly handled memory when\nprocessing JPEG-2000 image files. If a user were tricked into opening\na specially crafted JPEG-2000 image file, a remote attacker could\ncause JasPer to consume memory, resulting in a denial of service.\n(CVE-2016-2116).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2919-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libjasper1 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libjasper1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:15.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04|14\\.04|15\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04 / 15.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libjasper1\", pkgver:\"1.900.1-13ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libjasper1\", pkgver:\"1.900.1-14ubuntu3.3\")) flag++;\nif (ubuntu_check(osver:\"15.10\", pkgname:\"libjasper1\", pkgver:\"1.900.1-debian1-2.4ubuntu0.15.10.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libjasper1\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-01T02:21:24", "bulletinFamily": "scanner", "description": "Several vulnerabilities were discovered in JasPer, a library for\nmanipulating JPEG-2000 files. The Common Vulnerabilities and Exposures\nproject identifies the following problems :\n\n - CVE-2016-1577\n Jacob Baines discovered a double-free flaw in the\n jas_iccattrval_destroy function. A remote attacker could\n exploit this flaw to cause an application using the\n JasPer library to crash, or potentially, to execute\n arbitrary code with the privileges of the user running\n the application.\n\n - CVE-2016-2089\n The Qihoo 360 Codesafe Team discovered a NULL pointer\n dereference flaw within the jas_matrix_clip function. A\n remote attacker could exploit this flaw to cause an\n application using the JasPer library to crash, resulting\n in a denial-of-service.\n\n - CVE-2016-2116\n Tyler Hicks discovered a memory leak flaw in the\n jas_iccprof_createfrombuf function. A remote attacker\n could exploit this flaw to cause the JasPer library to\n consume memory, resulting in a denial-of-service.", "modified": "2019-11-02T00:00:00", "id": "DEBIAN_DSA-3508.NASL", "href": "https://www.tenable.com/plugins/nessus/89698", "published": "2016-03-07T00:00:00", "title": "Debian DSA-3508-1 : jasper - security update", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3508. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(89698);\n script_version(\"2.4\");\n script_cvs_date(\"Date: 2018/11/10 11:49:37\");\n\n script_cve_id(\"CVE-2016-1577\", \"CVE-2016-2089\", \"CVE-2016-2116\");\n script_xref(name:\"DSA\", value:\"3508\");\n\n script_name(english:\"Debian DSA-3508-1 : jasper - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities were discovered in JasPer, a library for\nmanipulating JPEG-2000 files. The Common Vulnerabilities and Exposures\nproject identifies the following problems :\n\n - CVE-2016-1577\n Jacob Baines discovered a double-free flaw in the\n jas_iccattrval_destroy function. A remote attacker could\n exploit this flaw to cause an application using the\n JasPer library to crash, or potentially, to execute\n arbitrary code with the privileges of the user running\n the application.\n\n - CVE-2016-2089\n The Qihoo 360 Codesafe Team discovered a NULL pointer\n dereference flaw within the jas_matrix_clip function. A\n remote attacker could exploit this flaw to cause an\n application using the JasPer library to crash, resulting\n in a denial-of-service.\n\n - CVE-2016-2116\n Tyler Hicks discovered a memory leak flaw in the\n jas_iccprof_createfrombuf function. A remote attacker\n could exploit this flaw to cause the JasPer library to\n consume memory, resulting in a denial-of-service.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=812978\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816625\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816626\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-1577\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-2089\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-2116\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/jasper\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/jasper\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2016/dsa-3508\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the jasper packages.\n\nFor the oldstable distribution (wheezy), these problems have been\nfixed in version 1.900.1-13+deb7u4.\n\nFor the stable distribution (jessie), these problems have been fixed\nin version 1.900.1-debian1-2.4+deb8u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:jasper\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libjasper-dev\", reference:\"1.900.1-13+deb7u4\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libjasper-runtime\", reference:\"1.900.1-13+deb7u4\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libjasper1\", reference:\"1.900.1-13+deb7u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libjasper-dev\", reference:\"1.900.1-debian1-2.4+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libjasper-runtime\", reference:\"1.900.1-debian1-2.4+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libjasper1\", reference:\"1.900.1-debian1-2.4+deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-01T02:27:33", "bulletinFamily": "scanner", "description": "Fix broken ABI\n\n----\n\nSecurity fix for CVE-2015-5203, CVE-2015-5221, CVE-2016-1867,\nCVE-2016-1577 and CVE-2016-2116.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "modified": "2019-11-02T00:00:00", "id": "FEDORA_2016-BBECF64AF4.NASL", "href": "https://www.tenable.com/plugins/nessus/93635", "published": "2016-09-22T00:00:00", "title": "Fedora 23 : jasper (2016-bbecf64af4)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-bbecf64af4.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(93635);\n script_version(\"2.3\");\n script_cvs_date(\"Date: 2019/09/25 17:12:09\");\n\n script_cve_id(\"CVE-2015-5203\", \"CVE-2015-5221\", \"CVE-2016-1577\", \"CVE-2016-1867\", \"CVE-2016-2116\");\n script_xref(name:\"FEDORA\", value:\"2016-bbecf64af4\");\n\n script_name(english:\"Fedora 23 : jasper (2016-bbecf64af4)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix broken ABI\n\n----\n\nSecurity fix for CVE-2015-5203, CVE-2015-5221, CVE-2016-1867,\nCVE-2016-1577 and CVE-2016-2116.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-bbecf64af4\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected jasper package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:jasper\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:23\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/01/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^23([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 23\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC23\", reference:\"jasper-1.900.1-34.fc23\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"jasper\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-01T02:27:30", "bulletinFamily": "scanner", "description": "Security fix for CVE-2015-5203, CVE-2015-5221, CVE-2016-1867,\nCVE-2016-1577 and CVE-2016-2116.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "modified": "2019-11-02T00:00:00", "id": "FEDORA_2016-7776983633.NASL", "href": "https://www.tenable.com/plugins/nessus/92972", "published": "2016-08-16T00:00:00", "title": "Fedora 24 : jasper (2016-7776983633)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-7776983633.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(92972);\n script_version(\"2.3\");\n script_cvs_date(\"Date: 2019/09/25 17:12:08\");\n\n script_cve_id(\"CVE-2015-5203\", \"CVE-2015-5221\", \"CVE-2016-1577\", \"CVE-2016-1867\", \"CVE-2016-2116\");\n script_xref(name:\"FEDORA\", value:\"2016-7776983633\");\n\n script_name(english:\"Fedora 24 : jasper (2016-7776983633)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2015-5203, CVE-2015-5221, CVE-2016-1867,\nCVE-2016-1577 and CVE-2016-2116.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-7776983633\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected jasper package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:jasper\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:24\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/01/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/08/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^24([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 24\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC24\", reference:\"jasper-1.900.1-33.fc24\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"jasper\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-01T02:27:31", "bulletinFamily": "scanner", "description": "Security fix for CVE-2015-5203, CVE-2015-5221, CVE-2016-1867,\nCVE-2016-1577 and CVE-2016-2116.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "modified": "2019-11-02T00:00:00", "id": "FEDORA_2016-9B17661DE5.NASL", "href": "https://www.tenable.com/plugins/nessus/94840", "published": "2016-11-15T00:00:00", "title": "Fedora 25 : jasper (2016-9b17661de5)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-9b17661de5.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(94840);\n script_version(\"2.2\");\n script_cvs_date(\"Date: 2019/09/25 17:12:09\");\n\n script_cve_id(\"CVE-2015-5203\", \"CVE-2015-5221\", \"CVE-2016-1577\", \"CVE-2016-1867\", \"CVE-2016-2116\");\n script_xref(name:\"FEDORA\", value:\"2016-9b17661de5\");\n\n script_name(english:\"Fedora 25 : jasper (2016-9b17661de5)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2015-5203, CVE-2015-5221, CVE-2016-1867,\nCVE-2016-1577 and CVE-2016-2116.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-9b17661de5\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected jasper package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:jasper\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:25\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/01/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^25([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 25\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC25\", reference:\"jasper-1.900.1-33.fc25\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"jasper\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-03T12:18:35", "bulletinFamily": "scanner", "description": "This update for jasper fixes the following issues: Security fixes :\n\n - CVE-2016-8887: NULL pointer dereference in\n jp2_colr_destroy (jp2_cod.c) (bsc#1006836)\n\n - CVE-2016-8886: memory allocation failure in jas_malloc\n (jas_malloc.c) (bsc#1006599)\n\n - CVE-2016-8884,CVE-2016-8885: two NULL pointer\n dereferences in bmp_getdata (incomplete fix for\n CVE-2016-8690) (bsc#1007009)\n\n - CVE-2016-8883: assert in jpc_dec_tiledecode()\n (bsc#1006598)\n\n - CVE-2016-8882: segfault / NULL pointer access in\n jpc_pi_destroy (bsc#1006597)\n\n - CVE-2016-8881: Heap overflow in jpc_getuint16()\n (bsc#1006593)\n\n - CVE-2016-8880: Heap overflow in jpc_dec_cp_setfromcox()\n (bsc#1006591)\n\n - CVE-2016-8693: Double free vulnerability in mem_close\n (bsc#1005242)\n\n - CVE-2016-8691, CVE-2016-8692: Divide by zero in\n jpc_dec_process_siz (bsc#1005090)\n\n - CVE-2016-8690: NULL pointer dereference in bmp_getdata\n triggered by crafted BMP image (bsc#1005084)\n\n - CVE-2016-2089: invalid read in the JasPer", "modified": "2019-11-02T00:00:00", "id": "SUSE_SU-2016-2776-1.NASL", "href": "https://www.tenable.com/plugins/nessus/94729", "published": "2016-11-11T00:00:00", "title": "SUSE SLES11 Security Update : jasper (SUSE-SU-2016:2776-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:2776-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(94729);\n script_version(\"2.9\");\n script_cvs_date(\"Date: 2019/09/11 11:22:14\");\n\n script_cve_id(\"CVE-2008-3522\", \"CVE-2015-5203\", \"CVE-2015-5221\", \"CVE-2016-1577\", \"CVE-2016-1867\", \"CVE-2016-2089\", \"CVE-2016-2116\", \"CVE-2016-8690\", \"CVE-2016-8691\", \"CVE-2016-8692\", \"CVE-2016-8693\", \"CVE-2016-8880\", \"CVE-2016-8881\", \"CVE-2016-8882\", \"CVE-2016-8883\", \"CVE-2016-8884\", \"CVE-2016-8885\", \"CVE-2016-8886\", \"CVE-2016-8887\");\n script_bugtraq_id(31470);\n\n script_name(english:\"SUSE SLES11 Security Update : jasper (SUSE-SU-2016:2776-1)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for jasper fixes the following issues: Security fixes :\n\n - CVE-2016-8887: NULL pointer dereference in\n jp2_colr_destroy (jp2_cod.c) (bsc#1006836)\n\n - CVE-2016-8886: memory allocation failure in jas_malloc\n (jas_malloc.c) (bsc#1006599)\n\n - CVE-2016-8884,CVE-2016-8885: two NULL pointer\n dereferences in bmp_getdata (incomplete fix for\n CVE-2016-8690) (bsc#1007009)\n\n - CVE-2016-8883: assert in jpc_dec_tiledecode()\n (bsc#1006598)\n\n - CVE-2016-8882: segfault / NULL pointer access in\n jpc_pi_destroy (bsc#1006597)\n\n - CVE-2016-8881: Heap overflow in jpc_getuint16()\n (bsc#1006593)\n\n - CVE-2016-8880: Heap overflow in jpc_dec_cp_setfromcox()\n (bsc#1006591)\n\n - CVE-2016-8693: Double free vulnerability in mem_close\n (bsc#1005242)\n\n - CVE-2016-8691, CVE-2016-8692: Divide by zero in\n jpc_dec_process_siz (bsc#1005090)\n\n - CVE-2016-8690: NULL pointer dereference in bmp_getdata\n triggered by crafted BMP image (bsc#1005084)\n\n - CVE-2016-2089: invalid read in the JasPer's\n jas_matrix_clip() function (bsc#963983)\n\n - CVE-2016-1867: Out-of-bounds Read in the JasPer's\n jpc_pi_nextcprl() function (bsc#961886)\n\n - CVE-2016-1577, CVE-2016-2116: double free vulnerability\n in the jas_iccattrval_destroy function (bsc#968373)\n\n - CVE-2015-5221: Use-after-free (and double-free) in\n Jasper JPEG-200 (bsc#942553)\n\n - CVE-2015-5203: Double free corruption in JasPer\n JPEG-2000 implementation (bsc#941919)\n\n - CVE-2008-3522: multiple integer overflows (bsc#392410)\n\n - bsc#1006839: NULL pointer dereference in\n jp2_colr_destroy (jp2_cod.c) (incomplete fix for\n CVE-2016-8887)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1005084\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1005090\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1005242\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1006591\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1006593\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1006597\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1006598\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1006599\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1006836\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1006839\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1007009\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=392410\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=941919\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=942553\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=961886\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=963983\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=968373\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2008-3522/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-5203/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-5221/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-1577/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-1867/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2089/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2116/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-8690/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-8691/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-8692/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-8693/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-8880/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-8881/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-8882/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-8883/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-8884/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-8885/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-8886/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-8887/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20162776-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?730c3414\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t\npatch sdksp4-jasper-12846=1\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-jasper-12846=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-jasper-12846=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjasper\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/10/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"libjasper-32bit-1.900.14-134.25.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"libjasper-32bit-1.900.14-134.25.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"libjasper-1.900.14-134.25.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"jasper\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-01T03:00:55", "bulletinFamily": "scanner", "description": "This update for jasper to version 1.900.14 fixes several issues.\n\nThese security issues were fixed :\n\n - CVE-2008-3522: Buffer overflow in the jas_stream_printf\n function in libjasper/base/jas_stream.c in JasPer might\n have allowed context-dependent attackers to have an\n unknown impact via vectors related to the mif_hdr_put\n function and use of vsprintf (bsc#392410)\n\n - CVE-2015-5203: Double free corruption in JasPer\n JPEG-2000 implementation (bsc#941919).\n\n - CVE-2015-5221: Use-after-free (and double-free) in\n Jasper JPEG-200 (bsc#942553).\n\n - CVE-2016-1577: Double free vulnerability in the\n jas_iccattrval_destroy function in JasPer allowed remote\n attackers to cause a denial of service (crash) or\n possibly execute arbitrary code via a crafted ICC color\n profile in a JPEG 2000 image file, a different\n vulnerability than CVE-2014-8137 (bsc#968373).\n\n - CVE-2016-2116: Memory leak in the\n jas_iccprof_createfrombuf function in JasPer allowed\n remote attackers to cause a denial of service (memory\n consumption) via a crafted ICC color profile in a JPEG\n 2000 image file (bsc#968373)\n\n - CVE-2016-8690: NULL pointer dereference in bmp_getdata\n triggered by crafted BMP image (bsc#1005084).\n\n - CVE-2016-8691, CVE-2016-8692: Missing range check on\n XRsiz and YRsiz fields of SIZ marker segment\n (bsc#1005090).\n\n - CVE-2016-8693: The memory stream interface allowed for a\n buffer size of zero. The case of a zero-sized buffer was\n not handled correctly, as it could lead to a double free\n (bsc#1005242).\n\n - CVE-2016-8880: Heap overflow in jpc_dec_cp_setfromcox()\n (bsc#1006591).\n\n - CVE-2016-8881: Heap overflow in jpc_getuint16()\n (bsc#1006593).\n\n - CVE-2016-8882: NULL pointer access in jpc_pi_destroy\n (bsc#1006597).\n\n - CVE-2016-8883: Assert triggered in jpc_dec_tiledecode()\n (bsc#1006598).\n\n - CVE-2016-8886: Memory allocation failure in jas_malloc\n (jas_malloc.c) (bsc#1006599).\n\nFor additional change description please have a look at the changelog.", "modified": "2019-11-02T00:00:00", "id": "OPENSUSE-2016-1263.NASL", "href": "https://www.tenable.com/plugins/nessus/94596", "published": "2016-11-07T00:00:00", "title": "openSUSE Security Update : jasper (openSUSE-2016-1263)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-1263.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(94596);\n script_version(\"$Revision: 2.3 $\");\n script_cvs_date(\"$Date: 2017/02/27 15:13:34 $\");\n\n script_cve_id(\"CVE-2008-3522\", \"CVE-2014-8137\", \"CVE-2015-5203\", \"CVE-2015-5221\", \"CVE-2016-1577\", \"CVE-2016-2116\", \"CVE-2016-8690\", \"CVE-2016-8691\", \"CVE-2016-8692\", \"CVE-2016-8693\", \"CVE-2016-8880\", \"CVE-2016-8881\", \"CVE-2016-8882\", \"CVE-2016-8883\", \"CVE-2016-8886\");\n\n script_name(english:\"openSUSE Security Update : jasper (openSUSE-2016-1263)\");\n script_summary(english:\"Check for the openSUSE-2016-1263 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for jasper to version 1.900.14 fixes several issues.\n\nThese security issues were fixed :\n\n - CVE-2008-3522: Buffer overflow in the jas_stream_printf\n function in libjasper/base/jas_stream.c in JasPer might\n have allowed context-dependent attackers to have an\n unknown impact via vectors related to the mif_hdr_put\n function and use of vsprintf (bsc#392410)\n\n - CVE-2015-5203: Double free corruption in JasPer\n JPEG-2000 implementation (bsc#941919).\n\n - CVE-2015-5221: Use-after-free (and double-free) in\n Jasper JPEG-200 (bsc#942553).\n\n - CVE-2016-1577: Double free vulnerability in the\n jas_iccattrval_destroy function in JasPer allowed remote\n attackers to cause a denial of service (crash) or\n possibly execute arbitrary code via a crafted ICC color\n profile in a JPEG 2000 image file, a different\n vulnerability than CVE-2014-8137 (bsc#968373).\n\n - CVE-2016-2116: Memory leak in the\n jas_iccprof_createfrombuf function in JasPer allowed\n remote attackers to cause a denial of service (memory\n consumption) via a crafted ICC color profile in a JPEG\n 2000 image file (bsc#968373)\n\n - CVE-2016-8690: NULL pointer dereference in bmp_getdata\n triggered by crafted BMP image (bsc#1005084).\n\n - CVE-2016-8691, CVE-2016-8692: Missing range check on\n XRsiz and YRsiz fields of SIZ marker segment\n (bsc#1005090).\n\n - CVE-2016-8693: The memory stream interface allowed for a\n buffer size of zero. The case of a zero-sized buffer was\n not handled correctly, as it could lead to a double free\n (bsc#1005242).\n\n - CVE-2016-8880: Heap overflow in jpc_dec_cp_setfromcox()\n (bsc#1006591).\n\n - CVE-2016-8881: Heap overflow in jpc_getuint16()\n (bsc#1006593).\n\n - CVE-2016-8882: NULL pointer access in jpc_pi_destroy\n (bsc#1006597).\n\n - CVE-2016-8883: Assert triggered in jpc_dec_tiledecode()\n (bsc#1006598).\n\n - CVE-2016-8886: Memory allocation failure in jas_malloc\n (jas_malloc.c) (bsc#1006599).\n\nFor additional change description please have a look at the changelog.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1005084\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1005090\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1005242\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1006591\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1006593\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1006597\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1006598\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1006599\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=392410\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=941919\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=942553\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=968373\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected jasper packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:jasper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:jasper-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:jasper-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjasper-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjasper1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjasper1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjasper1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjasper1-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.2\", reference:\"jasper-1.900.14-163.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"jasper-debuginfo-1.900.14-163.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"jasper-debugsource-1.900.14-163.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libjasper-devel-1.900.14-163.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libjasper1-1.900.14-163.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libjasper1-debuginfo-1.900.14-163.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libjasper1-32bit-1.900.14-163.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libjasper1-debuginfo-32bit-1.900.14-163.24.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"jasper / jasper-debuginfo / jasper-debugsource / libjasper-devel / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-03T12:18:35", "bulletinFamily": "scanner", "description": "This update for jasper to version 1.900.14 fixes several issues. These\nsecurity issues were fixed :\n\n - CVE-2016-8887: NULL pointer dereference in\n jp2_colr_destroy (jp2_cod.c) (bsc#1006836)\n\n - CVE-2016-8886: memory allocation failure in jas_malloc\n (jas_malloc.c) (bsc#1006599)\n\n - CVE-2016-8884,CVE-2016-8885: two NULL pointer\n dereferences in bmp_getdata (incomplete fix for\n CVE-2016-8690) (bsc#1007009)\n\n - CVE-2016-8883: assert in jpc_dec_tiledecode()\n (bsc#1006598)\n\n - CVE-2016-8882: segfault / NULL pointer access in\n jpc_pi_destroy (bsc#1006597)\n\n - CVE-2016-8881: Heap overflow in jpc_getuint16()\n (bsc#1006593)\n\n - CVE-2016-8880: Heap overflow in jpc_dec_cp_setfromcox()\n (bsc#1006591)\n\n - CVE-2016-8693 Double free vulnerability in mem_close\n (bsc#1005242)\n\n - CVE-2016-8691, CVE-2016-8692: Divide by zero in\n jpc_dec_process_siz (bsc#1005090)\n\n - CVE-2016-8690: NULL pointer dereference in bmp_getdata\n triggered by crafted BMP image (bsc#1005084)\n\n - CVE-2016-2116: Memory leak in the\n jas_iccprof_createfrombuf function in JasPer allowed\n remote attackers to cause a denial of service (memory\n consumption) via a crafted ICC color profile in a JPEG\n 2000 image file (bsc#968373)\n\n - CVE-2016-2089: invalid read in the JasPer", "modified": "2019-11-02T00:00:00", "id": "SUSE_SU-2016-2775-1.NASL", "href": "https://www.tenable.com/plugins/nessus/94728", "published": "2016-11-11T00:00:00", "title": "SUSE SLED12 / SLES12 Security Update : jasper (SUSE-SU-2016:2775-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:2775-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(94728);\n script_version(\"2.9\");\n script_cvs_date(\"Date: 2019/09/11 11:22:14\");\n\n script_cve_id(\"CVE-2008-3522\", \"CVE-2014-8158\", \"CVE-2015-5203\", \"CVE-2015-5221\", \"CVE-2016-1577\", \"CVE-2016-1867\", \"CVE-2016-2089\", \"CVE-2016-2116\", \"CVE-2016-8690\", \"CVE-2016-8691\", \"CVE-2016-8692\", \"CVE-2016-8693\", \"CVE-2016-8880\", \"CVE-2016-8881\", \"CVE-2016-8882\", \"CVE-2016-8883\", \"CVE-2016-8884\", \"CVE-2016-8885\", \"CVE-2016-8886\", \"CVE-2016-8887\");\n script_bugtraq_id(31470, 72293);\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : jasper (SUSE-SU-2016:2775-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for jasper to version 1.900.14 fixes several issues. These\nsecurity issues were fixed :\n\n - CVE-2016-8887: NULL pointer dereference in\n jp2_colr_destroy (jp2_cod.c) (bsc#1006836)\n\n - CVE-2016-8886: memory allocation failure in jas_malloc\n (jas_malloc.c) (bsc#1006599)\n\n - CVE-2016-8884,CVE-2016-8885: two NULL pointer\n dereferences in bmp_getdata (incomplete fix for\n CVE-2016-8690) (bsc#1007009)\n\n - CVE-2016-8883: assert in jpc_dec_tiledecode()\n (bsc#1006598)\n\n - CVE-2016-8882: segfault / NULL pointer access in\n jpc_pi_destroy (bsc#1006597)\n\n - CVE-2016-8881: Heap overflow in jpc_getuint16()\n (bsc#1006593)\n\n - CVE-2016-8880: Heap overflow in jpc_dec_cp_setfromcox()\n (bsc#1006591)\n\n - CVE-2016-8693 Double free vulnerability in mem_close\n (bsc#1005242)\n\n - CVE-2016-8691, CVE-2016-8692: Divide by zero in\n jpc_dec_process_siz (bsc#1005090)\n\n - CVE-2016-8690: NULL pointer dereference in bmp_getdata\n triggered by crafted BMP image (bsc#1005084)\n\n - CVE-2016-2116: Memory leak in the\n jas_iccprof_createfrombuf function in JasPer allowed\n remote attackers to cause a denial of service (memory\n consumption) via a crafted ICC color profile in a JPEG\n 2000 image file (bsc#968373)\n\n - CVE-2016-2089: invalid read in the JasPer's\n jas_matrix_clip() function (bsc#963983)\n\n - CVE-2016-1867: Out-of-bounds Read in the JasPer's\n jpc_pi_nextcprl() function (bsc#961886)\n\n - CVE-2015-5221: Use-after-free (and double-free) in\n Jasper JPEG-200 (bsc#942553).\n\n - CVE-2015-5203: Double free corruption in JasPer\n JPEG-2000 implementation (bsc#941919)\n\n - CVE-2008-3522: Buffer overflow in the jas_stream_printf\n function in libjasper/base/jas_stream.c in JasPer might\n have allowed context-dependent attackers to have an\n unknown impact via vectors related to the mif_hdr_put\n function and use of vsprintf (bsc#392410)\n\n - jasper: NULL pointer dereference in jp2_colr_destroy\n (jp2_cod.c) (incomplete fix for CVE-2016-8887)\n (bsc#1006839) For additional change description please\n have a look at the changelog.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1005084\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1005090\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1005242\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1006591\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1006593\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1006597\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1006598\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1006599\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1006836\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1006839\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1007009\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=392410\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=941919\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=942553\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=961886\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=963983\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=968373\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2008-3522/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-8158/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-5203/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-5221/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-1577/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-1867/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2089/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2116/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-8690/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-8691/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-8692/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-8693/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-8880/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-8881/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-8882/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-8883/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-8884/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-8885/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-8886/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-8887/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20162775-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c3af566f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t\npatch SUSE-SLE-SDK-12-SP2-2016-1639=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP1:zypper in -t\npatch SUSE-SLE-SDK-12-SP1-2016-1639=1\n\nSUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t\npatch SUSE-SLE-RPI-12-SP2-2016-1639=1\n\nSUSE Linux Enterprise Server 12-SP2:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2016-1639=1\n\nSUSE Linux Enterprise Server 12-SP1:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2016-1639=1\n\nSUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP2-2016-1639=1\n\nSUSE Linux Enterprise Desktop 12-SP1:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP1-2016-1639=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:jasper-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:jasper-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjasper1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjasper1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/10/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(1|2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP1/2\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(1|2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP1/2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"jasper-debuginfo-1.900.14-181.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"jasper-debugsource-1.900.14-181.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libjasper1-1.900.14-181.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libjasper1-debuginfo-1.900.14-181.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libjasper1-32bit-1.900.14-181.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libjasper1-debuginfo-32bit-1.900.14-181.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"jasper-debuginfo-1.900.14-181.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"jasper-debugsource-1.900.14-181.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libjasper1-1.900.14-181.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libjasper1-debuginfo-1.900.14-181.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libjasper1-32bit-1.900.14-181.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libjasper1-debuginfo-32bit-1.900.14-181.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"jasper-debuginfo-1.900.14-181.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"jasper-debugsource-1.900.14-181.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libjasper1-1.900.14-181.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libjasper1-32bit-1.900.14-181.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libjasper1-debuginfo-1.900.14-181.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libjasper1-debuginfo-32bit-1.900.14-181.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"jasper-debuginfo-1.900.14-181.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"jasper-debugsource-1.900.14-181.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libjasper1-1.900.14-181.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libjasper1-32bit-1.900.14-181.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libjasper1-debuginfo-1.900.14-181.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libjasper1-debuginfo-32bit-1.900.14-181.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"jasper\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-01T03:00:56", "bulletinFamily": "scanner", "description": "This update for jasper to version 1.900.14 fixes several issues.\n\nThese security issues were fixed :\n\n - CVE-2016-8887: NULL pointer dereference in\n jp2_colr_destroy (jp2_cod.c) (bsc#1006836)\n\n - CVE-2016-8886: memory allocation failure in jas_malloc\n (jas_malloc.c) (bsc#1006599)\n\n - CVE-2016-8884,CVE-2016-8885: two NULL pointer\n dereferences in bmp_getdata (incomplete fix for\n CVE-2016-8690) (bsc#1007009)\n\n - CVE-2016-8883: assert in jpc_dec_tiledecode()\n (bsc#1006598)\n\n - CVE-2016-8882: segfault / NULL pointer access in\n jpc_pi_destroy (bsc#1006597)\n\n - CVE-2016-8881: Heap overflow in jpc_getuint16()\n (bsc#1006593)\n\n - CVE-2016-8880: Heap overflow in jpc_dec_cp_setfromcox()\n (bsc#1006591)\n\n - CVE-2016-8693 Double free vulnerability in mem_close\n (bsc#1005242)\n\n - CVE-2016-8691, CVE-2016-8692: Divide by zero in\n jpc_dec_process_siz (bsc#1005090)\n\n - CVE-2016-8690: NULL pointer dereference in bmp_getdata\n triggered by crafted BMP image (bsc#1005084)\n\n - CVE-2016-2116: Memory leak in the\n jas_iccprof_createfrombuf function in JasPer allowed\n remote attackers to cause a denial of service (memory\n consumption) via a crafted ICC color profile in a JPEG\n 2000 image file (bsc#968373) \n\n - CVE-2016-2089: invalid read in the JasPer", "modified": "2019-11-02T00:00:00", "id": "OPENSUSE-2016-1309.NASL", "href": "https://www.tenable.com/plugins/nessus/94945", "published": "2016-11-18T00:00:00", "title": "openSUSE Security Update : jasper (openSUSE-2016-1309)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-1309.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(94945);\n script_version(\"$Revision: 2.3 $\");\n script_cvs_date(\"$Date: 2017/02/27 15:13:34 $\");\n\n script_cve_id(\"CVE-2008-3522\", \"CVE-2014-8158\", \"CVE-2015-5203\", \"CVE-2015-5221\", \"CVE-2016-1577\", \"CVE-2016-1867\", \"CVE-2016-2089\", \"CVE-2016-2116\", \"CVE-2016-8690\", \"CVE-2016-8691\", \"CVE-2016-8692\", \"CVE-2016-8693\", \"CVE-2016-8880\", \"CVE-2016-8881\", \"CVE-2016-8882\", \"CVE-2016-8883\", \"CVE-2016-8884\", \"CVE-2016-8885\", \"CVE-2016-8886\", \"CVE-2016-8887\");\n\n script_name(english:\"openSUSE Security Update : jasper (openSUSE-2016-1309)\");\n script_summary(english:\"Check for the openSUSE-2016-1309 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for jasper to version 1.900.14 fixes several issues.\n\nThese security issues were fixed :\n\n - CVE-2016-8887: NULL pointer dereference in\n jp2_colr_destroy (jp2_cod.c) (bsc#1006836)\n\n - CVE-2016-8886: memory allocation failure in jas_malloc\n (jas_malloc.c) (bsc#1006599)\n\n - CVE-2016-8884,CVE-2016-8885: two NULL pointer\n dereferences in bmp_getdata (incomplete fix for\n CVE-2016-8690) (bsc#1007009)\n\n - CVE-2016-8883: assert in jpc_dec_tiledecode()\n (bsc#1006598)\n\n - CVE-2016-8882: segfault / NULL pointer access in\n jpc_pi_destroy (bsc#1006597)\n\n - CVE-2016-8881: Heap overflow in jpc_getuint16()\n (bsc#1006593)\n\n - CVE-2016-8880: Heap overflow in jpc_dec_cp_setfromcox()\n (bsc#1006591)\n\n - CVE-2016-8693 Double free vulnerability in mem_close\n (bsc#1005242)\n\n - CVE-2016-8691, CVE-2016-8692: Divide by zero in\n jpc_dec_process_siz (bsc#1005090)\n\n - CVE-2016-8690: NULL pointer dereference in bmp_getdata\n triggered by crafted BMP image (bsc#1005084)\n\n - CVE-2016-2116: Memory leak in the\n jas_iccprof_createfrombuf function in JasPer allowed\n remote attackers to cause a denial of service (memory\n consumption) via a crafted ICC color profile in a JPEG\n 2000 image file (bsc#968373) \n\n - CVE-2016-2089: invalid read in the JasPer's\n jas_matrix_clip() function (bsc#963983)\n\n - CVE-2016-1867: Out-of-bounds Read in the JasPer's\n jpc_pi_nextcprl() function (bsc#961886)\n\n - CVE-2015-5221: Use-after-free (and double-free) in\n Jasper JPEG-200 (bsc#942553).\n\n - CVE-2015-5203: Double free corruption in JasPer\n JPEG-2000 implementation (bsc#941919)\n\n - CVE-2008-3522: Buffer overflow in the jas_stream_printf\n function in libjasper/base/jas_stream.c in JasPer might\n have allowed context-dependent attackers to have an\n unknown impact via vectors related to the mif_hdr_put\n function and use of vsprintf (bsc#392410)\n\n - jasper: NULL pointer dereference in jp2_colr_destroy\n (jp2_cod.c) (incomplete fix for CVE-2016-8887)\n (bsc#1006839)\n\nFor additional change description please have a look at the changelog.\n\nThis update was imported from the SUSE:SLE-12:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1005084\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1005090\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1005242\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1006591\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1006593\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1006597\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1006598\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1006599\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1006836\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1006839\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1007009\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=392410\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=941919\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=942553\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=961886\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=963983\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=968373\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected jasper packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:jasper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:jasper-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:jasper-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjasper-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjasper1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjasper1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjasper1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjasper1-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1|SUSE42\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1 / 42.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", reference:\"jasper-1.900.14-166.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"jasper-debuginfo-1.900.14-166.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"jasper-debugsource-1.900.14-166.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libjasper-devel-1.900.14-166.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libjasper1-1.900.14-166.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libjasper1-debuginfo-1.900.14-166.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libjasper1-32bit-1.900.14-166.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libjasper1-debuginfo-32bit-1.900.14-166.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"jasper-1.900.14-167.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"jasper-debuginfo-1.900.14-167.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"jasper-debugsource-1.900.14-167.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libjasper-devel-1.900.14-167.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libjasper1-1.900.14-167.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libjasper1-debuginfo-1.900.14-167.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libjasper1-32bit-1.900.14-167.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libjasper1-debuginfo-32bit-1.900.14-167.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"jasper / jasper-debuginfo / jasper-debugsource / libjasper-devel / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-01T03:00:55", "bulletinFamily": "scanner", "description": "This update for jasper to version 1.900.14 fixes several issues.\n\nThese security issues were fixed :\n\n - CVE-2008-3522: Buffer overflow in the jas_stream_printf\n function in libjasper/base/jas_stream.c in JasPer might\n have allowed context-dependent attackers to have an\n unknown impact via vectors related to the mif_hdr_put\n function and use of vsprintf (bsc#392410)\n\n - CVE-2015-5203: Double free corruption in JasPer\n JPEG-2000 implementation (bsc#941919).\n\n - CVE-2015-5221: Use-after-free (and double-free) in\n Jasper JPEG-200 (bsc#942553).\n\n - CVE-2016-1577: Double free vulnerability in the\n jas_iccattrval_destroy function in JasPer allowed remote\n attackers to cause a denial of service (crash) or\n possibly execute arbitrary code via a crafted ICC color\n profile in a JPEG 2000 image file, a different\n vulnerability than CVE-2014-8137 (bsc#968373).\n\n - CVE-2016-2116: Memory leak in the\n jas_iccprof_createfrombuf function in JasPer allowed\n remote attackers to cause a denial of service (memory\n consumption) via a crafted ICC color profile in a JPEG\n 2000 image file (bsc#968373)\n\n - CVE-2016-8690: NULL pointer dereference in bmp_getdata\n triggered by crafted BMP image (bsc#1005084).\n\n - CVE-2016-8691, CVE-2016-8692: Missing range check on\n XRsiz and YRsiz fields of SIZ marker segment\n (bsc#1005090).\n\n - CVE-2016-8693: The memory stream interface allowed for a\n buffer size of zero. The case of a zero-sized buffer was\n not handled correctly, as it could lead to a double free\n (bsc#1005242).\n\n - CVE-2016-8880: Heap overflow in jpc_dec_cp_setfromcox()\n (bsc#1006591).\n\n - CVE-2016-8881: Heap overflow in jpc_getuint16()\n (bsc#1006593).\n\n - CVE-2016-8882: NULL pointer access in jpc_pi_destroy\n (bsc#1006597).\n\n - CVE-2016-8883: Assert triggered in jpc_dec_tiledecode()\n (bsc#1006598).\n\n - CVE-2016-8886: Memory allocation failure in jas_malloc\n (jas_malloc.c) (bsc#1006599).\n\n For additional change description please have a look at\n the changelog.", "modified": "2019-11-02T00:00:00", "id": "OPENSUSE-2016-1270.NASL", "href": "https://www.tenable.com/plugins/nessus/94601", "published": "2016-11-07T00:00:00", "title": "openSUSE Security Update : jasper (openSUSE-2016-1270)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-1270.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(94601);\n script_version(\"2.6\");\n script_cvs_date(\"Date: 2019/04/11 17:23:07\");\n\n script_cve_id(\"CVE-2008-3522\", \"CVE-2011-4516\", \"CVE-2011-4517\", \"CVE-2014-8137\", \"CVE-2014-8138\", \"CVE-2014-8157\", \"CVE-2014-8158\", \"CVE-2014-9029\", \"CVE-2015-5203\", \"CVE-2015-5221\", \"CVE-2016-1577\", \"CVE-2016-1867\", \"CVE-2016-2089\", \"CVE-2016-2116\", \"CVE-2016-8690\", \"CVE-2016-8691\", \"CVE-2016-8692\", \"CVE-2016-8693\", \"CVE-2016-8880\", \"CVE-2016-8881\", \"CVE-2016-8882\", \"CVE-2016-8883\", \"CVE-2016-8884\", \"CVE-2016-8885\", \"CVE-2016-8886\", \"CVE-2016-8887\");\n\n script_name(english:\"openSUSE Security Update : jasper (openSUSE-2016-1270)\");\n script_summary(english:\"Check for the openSUSE-2016-1270 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for jasper to version 1.900.14 fixes several issues.\n\nThese security issues were fixed :\n\n - CVE-2008-3522: Buffer overflow in the jas_stream_printf\n function in libjasper/base/jas_stream.c in JasPer might\n have allowed context-dependent attackers to have an\n unknown impact via vectors related to the mif_hdr_put\n function and use of vsprintf (bsc#392410)\n\n - CVE-2015-5203: Double free corruption in JasPer\n JPEG-2000 implementation (bsc#941919).\n\n - CVE-2015-5221: Use-after-free (and double-free) in\n Jasper JPEG-200 (bsc#942553).\n\n - CVE-2016-1577: Double free vulnerability in the\n jas_iccattrval_destroy function in JasPer allowed remote\n attackers to cause a denial of service (crash) or\n possibly execute arbitrary code via a crafted ICC color\n profile in a JPEG 2000 image file, a different\n vulnerability than CVE-2014-8137 (bsc#968373).\n\n - CVE-2016-2116: Memory leak in the\n jas_iccprof_createfrombuf function in JasPer allowed\n remote attackers to cause a denial of service (memory\n consumption) via a crafted ICC color profile in a JPEG\n 2000 image file (bsc#968373)\n\n - CVE-2016-8690: NULL pointer dereference in bmp_getdata\n triggered by crafted BMP image (bsc#1005084).\n\n - CVE-2016-8691, CVE-2016-8692: Missing range check on\n XRsiz and YRsiz fields of SIZ marker segment\n (bsc#1005090).\n\n - CVE-2016-8693: The memory stream interface allowed for a\n buffer size of zero. The case of a zero-sized buffer was\n not handled correctly, as it could lead to a double free\n (bsc#1005242).\n\n - CVE-2016-8880: Heap overflow in jpc_dec_cp_setfromcox()\n (bsc#1006591).\n\n - CVE-2016-8881: Heap overflow in jpc_getuint16()\n (bsc#1006593).\n\n - CVE-2016-8882: NULL pointer access in jpc_pi_destroy\n (bsc#1006597).\n\n - CVE-2016-8883: Assert triggered in jpc_dec_tiledecode()\n (bsc#1006598).\n\n - CVE-2016-8886: Memory allocation failure in jas_malloc\n (jas_malloc.c) (bsc#1006599).\n\n For additional change description please have a look at\n the changelog.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1005084\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1005090\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1005242\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1006591\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1006593\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1006597\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1006598\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1006599\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1006836\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1006839\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1007009\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=941919\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected jasper packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:jasper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:jasper-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:jasper-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjasper-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjasper1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjasper1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjasper1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjasper1-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"jasper-1.900.14-160.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"jasper-debuginfo-1.900.14-160.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"jasper-debugsource-1.900.14-160.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libjasper-devel-1.900.14-160.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libjasper1-1.900.14-160.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libjasper1-debuginfo-1.900.14-160.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libjasper1-32bit-1.900.14-160.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libjasper1-debuginfo-32bit-1.900.14-160.25.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"jasper / jasper-debuginfo / jasper-debugsource / libjasper-devel / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2017-07-24T12:55:15", "bulletinFamily": "scanner", "description": "Several vulnerabilities were\ndiscovered in JasPer, a library for manipulating JPEG-2000 files. The Common\nVulnerabilities and Exposures project identifies the following problems:\n\nCVE-2016-1577\nJacob Baines discovered a double-free flaw in the\njas_iccattrval_destroy function. A remote attacker could exploit\nthis flaw to cause an application using the JasPer library to crash,\nor potentially, to execute arbitrary code with the privileges of the\nuser running the application.\n\nCVE-2016-2089\nThe Qihoo 360 Codesafe Team discovered a NULL pointer dereference\nflaw within the jas_matrix_clip function. A remote attacker could\nexploit this flaw to cause an application using the JasPer library\nto crash, resulting in a denial-of-service.\n\nCVE-2016-2116\nTyler Hicks discovered a memory leak flaw in the\njas_iccprof_createfrombuf function. A remote attacker could exploit\nthis flaw to cause the JasPer library to consume memory, resulting\nin a denial-of-service.", "modified": "2017-07-07T00:00:00", "published": "2016-03-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=703508", "id": "OPENVAS:703508", "title": "Debian Security Advisory DSA 3508-1 (jasper - security update)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3508.nasl 6608 2017-07-07 12:05:05Z cfischer $\n# Auto-generated from advisory DSA 3508-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703508);\n script_version(\"$Revision: 6608 $\");\n script_cve_id(\"CVE-2016-1577\", \"CVE-2016-2089\", \"CVE-2016-2116\");\n script_name(\"Debian Security Advisory DSA 3508-1 (jasper - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:05 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2016-03-06 00:00:00 +0100 (Sun, 06 Mar 2016)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2016/dsa-3508.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"jasper on Debian Linux\");\n script_tag(name: \"solution\", value: \"For the oldstable distribution (wheezy),\nthese problems have been fixed in version 1.900.1-13+deb7u4.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1.900.1-debian1-2.4+deb8u1.\n\nWe recommend that you upgrade your jasper packages.\");\n script_tag(name: \"summary\", value: \"Several vulnerabilities were\ndiscovered in JasPer, a library for manipulating JPEG-2000 files. The Common\nVulnerabilities and Exposures project identifies the following problems:\n\nCVE-2016-1577\nJacob Baines discovered a double-free flaw in the\njas_iccattrval_destroy function. A remote attacker could exploit\nthis flaw to cause an application using the JasPer library to crash,\nor potentially, to execute arbitrary code with the privileges of the\nuser running the application.\n\nCVE-2016-2089\nThe Qihoo 360 Codesafe Team discovered a NULL pointer dereference\nflaw within the jas_matrix_clip function. A remote attacker could\nexploit this flaw to cause an application using the JasPer library\nto crash, resulting in a denial-of-service.\n\nCVE-2016-2116\nTyler Hicks discovered a memory leak flaw in the\njas_iccprof_createfrombuf function. A remote attacker could exploit\nthis flaw to cause the JasPer library to consume memory, resulting\nin a denial-of-service.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed\nsoftware version using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libjasper-dev\", ver:\"1.900.1-13+deb7u4\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libjasper-runtime\", ver:\"1.900.1-13+deb7u4\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libjasper1\", ver:\"1.900.1-13+deb7u4\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libjasper-dev\", ver:\"1.900.1-debian1-2.4+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libjasper-runtime\", ver:\"1.900.1-debian1-2.4+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libjasper1:amd64\", ver:\"1.900.1-debian1-2.4+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libjasper1:i386\", ver:\"1.900.1-debian1-2.4+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:35:10", "bulletinFamily": "scanner", "description": "Several vulnerabilities were\ndiscovered in JasPer, a library for manipulating JPEG-2000 files. The Common\nVulnerabilities and Exposures project identifies the following problems:\n\nCVE-2016-1577\nJacob Baines discovered a double-free flaw in the\njas_iccattrval_destroy function. A remote attacker could exploit\nthis flaw to cause an application using the JasPer library to crash,\nor potentially, to execute arbitrary code with the privileges of the\nuser running the application.\n\nCVE-2016-2089\nThe Qihoo 360 Codesafe Team discovered a NULL pointer dereference\nflaw within the jas_matrix_clip function. A remote attacker could\nexploit this flaw to cause an application using the JasPer library\nto crash, resulting in a denial-of-service.\n\nCVE-2016-2116\nTyler Hicks discovered a memory leak flaw in the\njas_iccprof_createfrombuf function. A remote attacker could exploit\nthis flaw to cause the JasPer library to consume memory, resulting\nin a denial-of-service.", "modified": "2019-03-18T00:00:00", "published": "2016-03-06T00:00:00", "id": "OPENVAS:1361412562310703508", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703508", "title": "Debian Security Advisory DSA 3508-1 (jasper - security update)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3508.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Auto-generated from advisory DSA 3508-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703508\");\n script_version(\"$Revision: 14275 $\");\n script_cve_id(\"CVE-2016-1577\", \"CVE-2016-2089\", \"CVE-2016-2116\");\n script_name(\"Debian Security Advisory DSA 3508-1 (jasper - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-03-06 00:00:00 +0100 (Sun, 06 Mar 2016)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2016/dsa-3508.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(7|8)\");\n script_tag(name:\"affected\", value:\"jasper on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (wheezy),\nthese problems have been fixed in version 1.900.1-13+deb7u4.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1.900.1-debian1-2.4+deb8u1.\n\nWe recommend that you upgrade your jasper packages.\");\n script_tag(name:\"summary\", value:\"Several vulnerabilities were\ndiscovered in JasPer, a library for manipulating JPEG-2000 files. The Common\nVulnerabilities and Exposures project identifies the following problems:\n\nCVE-2016-1577\nJacob Baines discovered a double-free flaw in the\njas_iccattrval_destroy function. A remote attacker could exploit\nthis flaw to cause an application using the JasPer library to crash,\nor potentially, to execute arbitrary code with the privileges of the\nuser running the application.\n\nCVE-2016-2089\nThe Qihoo 360 Codesafe Team discovered a NULL pointer dereference\nflaw within the jas_matrix_clip function. A remote attacker could\nexploit this flaw to cause an application using the JasPer library\nto crash, resulting in a denial-of-service.\n\nCVE-2016-2116\nTyler Hicks discovered a memory leak flaw in the\njas_iccprof_createfrombuf function. A remote attacker could exploit\nthis flaw to cause the JasPer library to consume memory, resulting\nin a denial-of-service.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed\nsoftware version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libjasper-dev\", ver:\"1.900.1-13+deb7u4\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libjasper-runtime\", ver:\"1.900.1-13+deb7u4\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libjasper1\", ver:\"1.900.1-13+deb7u4\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libjasper-dev\", ver:\"1.900.1-debian1-2.4+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libjasper-runtime\", ver:\"1.900.1-debian1-2.4+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libjasper1:amd64\", ver:\"1.900.1-debian1-2.4+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libjasper1:i386\", ver:\"1.900.1-debian1-2.4+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:48", "bulletinFamily": "scanner", "description": "Mageia Linux Local Security Checks mgasa-2016-0100", "modified": "2018-10-12T00:00:00", "published": "2016-03-08T00:00:00", "id": "OPENVAS:1361412562310131254", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310131254", "title": "Mageia Linux Local Check: mgasa-2016-0100", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: mgasa-2016-0100.nasl 11856 2018-10-12 07:45:29Z cfischer $\n#\n# Mageia Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2016 Eero Volotinen, http://www.solinor.com\n#\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.131254\");\n script_version(\"$Revision: 11856 $\");\n script_tag(name:\"creation_date\", value:\"2016-03-08 07:15:18 +0200 (Tue, 08 Mar 2016)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 09:45:29 +0200 (Fri, 12 Oct 2018) $\");\n script_name(\"Mageia Linux Local Check: mgasa-2016-0100\");\n script_tag(name:\"insight\", value:\"Updated jasper packages fix security vulnerabilities: The jas_matrix_clip function in jas_seq.c in JasPer 1.900.1 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted JPEG 2000 image (CVE-2016-2089). Jacob Baines discovered that a double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file (CVE-2016-1577). Tyler Hicks discovered that a memory leak in the jas_iccprof_createfrombuf function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (memory consumption) via a crafted ICC color profile in a JPEG 2000 image file (CVE-2016-2116).\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://advisories.mageia.org/MGASA-2016-0100.html\");\n script_cve_id(\"CVE-2016-1577\", \"CVE-2016-2089\", \"CVE-2016-2116\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mageia_linux\", \"ssh/login/release\", re:\"ssh/login/release=MAGEIA5\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Mageia Linux Local Security Checks mgasa-2016-0100\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Mageia Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MAGEIA5\")\n{\nif ((res = isrpmvuln(pkg:\"jasper\", rpm:\"jasper~1.900.1~20.4.mga5\", rls:\"MAGEIA5\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:48", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2016-12-07T00:00:00", "id": "OPENVAS:1361412562310871991", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871991", "title": "Fedora Update for jasper FEDORA-2016-9b17661de5", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for jasper FEDORA-2016-9b17661de5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871991\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-07 05:23:18 +0100 (Wed, 07 Dec 2016)\");\n script_cve_id(\"CVE-2015-5203\", \"CVE-2015-5221\", \"CVE-2016-1867\", \"CVE-2016-1577\", \"CVE-2016-2116\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for jasper FEDORA-2016-9b17661de5\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'jasper'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"jasper on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-9b17661de5\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QIZNTZDXOJR5BTRZKCS3GVHVZV2PWHH\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"jasper\", rpm:\"jasper~1.900.1~33.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:30", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2016-08-16T00:00:00", "id": "OPENVAS:1361412562310809112", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809112", "title": "Fedora Update for jasper FEDORA-2016-7776983633", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for jasper FEDORA-2016-7776983633\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809112\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-08-16 05:55:48 +0200 (Tue, 16 Aug 2016)\");\n script_cve_id(\"CVE-2015-5203\", \"CVE-2015-5221\", \"CVE-2016-1867\", \"CVE-2016-1577\", \"CVE-2016-2116\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for jasper FEDORA-2016-7776983633\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'jasper'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"jasper on Fedora 24\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-7776983633\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UNLVBZWDEXZCFWOBZ3YVEQINMRBRX5QV\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC24\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"jasper\", rpm:\"jasper~1.900.1~33.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:52", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2016-09-22T00:00:00", "id": "OPENVAS:1361412562310809278", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809278", "title": "Fedora Update for jasper FEDORA-2016-bbecf64af4", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for jasper FEDORA-2016-bbecf64af4\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809278\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-09-22 05:52:04 +0200 (Thu, 22 Sep 2016)\");\n script_cve_id(\"CVE-2015-5203\", \"CVE-2015-5221\", \"CVE-2016-1867\", \"CVE-2016-1577\", \"CVE-2016-2116\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for jasper FEDORA-2016-bbecf64af4\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'jasper'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"jasper on Fedora 23\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-bbecf64af4\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AXWV22WGSQFDRPE7G6ECGP3QXS2V2A2M\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC23\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC23\")\n{\n\n if ((res = isrpmvuln(pkg:\"jasper\", rpm:\"jasper~1.900.1~34.fc23\", rls:\"FC23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:55", "bulletinFamily": "scanner", "description": "Check the version of jasper", "modified": "2019-03-08T00:00:00", "published": "2017-05-16T00:00:00", "id": "OPENVAS:1361412562310882714", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882714", "title": "CentOS Update for jasper CESA-2017:1208 centos7", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for jasper CESA-2017:1208 centos7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882714\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-05-16 06:51:19 +0200 (Tue, 16 May 2017)\");\n script_cve_id(\"CVE-2015-5203\", \"CVE-2015-5221\", \"CVE-2016-10248\", \"CVE-2016-10249\",\n \"CVE-2016-10251\", \"CVE-2016-1577\", \"CVE-2016-1867\", \"CVE-2016-2089\",\n \"CVE-2016-2116\", \"CVE-2016-8654\", \"CVE-2016-8690\", \"CVE-2016-8691\",\n \"CVE-2016-8692\", \"CVE-2016-8693\", \"CVE-2016-8883\", \"CVE-2016-8884\",\n \"CVE-2016-8885\", \"CVE-2016-9262\", \"CVE-2016-9387\", \"CVE-2016-9388\",\n \"CVE-2016-9389\", \"CVE-2016-9390\", \"CVE-2016-9391\", \"CVE-2016-9392\",\n \"CVE-2016-9393\", \"CVE-2016-9394\", \"CVE-2016-9560\", \"CVE-2016-9583\",\n \"CVE-2016-9591\", \"CVE-2016-9600\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for jasper CESA-2017:1208 centos7\");\n script_tag(name:\"summary\", value:\"Check the version of jasper\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"JasPer is an implementation of Part 1 of\nthe JPEG 2000 image compression standard.\n\n\nSecurity Fix(es):\n\n\nMultiple flaws were found in the way JasPer decoded JPEG 2000 image files.\nA specially crafted file could cause an application using JasPer to crash\nor, possibly, execute arbitrary code.\n\n\nMultiple flaws were found in the way JasPer decoded JPEG 2000 image files.\nA specially crafted file could cause an application using JasPer to crash.\n\n\nRed Hat would like to thank Liu Bingchang (IIE) for reporting\nCVE-2016-8654, CVE-2016-9583, CVE-2016-9591, and CVE-2016-9600 Gustavo\nGrieco for reporting CVE-2015-5203 and Josselin Feist for reporting\nCVE-2015-5221.\");\n script_tag(name:\"affected\", value:\"jasper on CentOS 7\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2017:1208\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2017-May/022411.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"jasper\", rpm:\"jasper~1.900.1~30.el7_3\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"jasper-devel\", rpm:\"jasper-devel~1.900.1~30.el7_3\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"jasper-libs\", rpm:\"jasper-libs~1.900.1~30.el7_3\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"jasper-utils\", rpm:\"jasper-utils~1.900.1~30.el7_3\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:04", "bulletinFamily": "scanner", "description": "Check the version of jasper", "modified": "2019-03-08T00:00:00", "published": "2017-05-16T00:00:00", "id": "OPENVAS:1361412562310882713", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882713", "title": "CentOS Update for jasper CESA-2017:1208 centos6", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for jasper CESA-2017:1208 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882713\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-05-16 06:50:02 +0200 (Tue, 16 May 2017)\");\n script_cve_id(\"CVE-2015-5203\", \"CVE-2015-5221\", \"CVE-2016-10248\", \"CVE-2016-10249\",\n \"CVE-2016-10251\", \"CVE-2016-1577\", \"CVE-2016-1867\", \"CVE-2016-2089\",\n \"CVE-2016-2116\", \"CVE-2016-8654\", \"CVE-2016-8690\", \"CVE-2016-8691\",\n \"CVE-2016-8692\", \"CVE-2016-8693\", \"CVE-2016-8883\", \"CVE-2016-8884\",\n \"CVE-2016-8885\", \"CVE-2016-9262\", \"CVE-2016-9387\", \"CVE-2016-9388\",\n \"CVE-2016-9389\", \"CVE-2016-9390\", \"CVE-2016-9391\", \"CVE-2016-9392\",\n \"CVE-2016-9393\", \"CVE-2016-9394\", \"CVE-2016-9560\", \"CVE-2016-9583\",\n \"CVE-2016-9591\", \"CVE-2016-9600\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for jasper CESA-2017:1208 centos6\");\n script_tag(name:\"summary\", value:\"Check the version of jasper\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"JasPer is an implementation of Part 1 of\n the JPEG 2000 image compression standard.\n\nSecurity Fix(es):\n\nMultiple flaws were found in the way JasPer decoded JPEG 2000 image files.\nA specially crafted file could cause an application using JasPer to crash\nor, possibly, execute arbitrary code.\n\n\nMultiple flaws were found in the way JasPer decoded JPEG 2000 image files.\nA specially crafted file could cause an application using JasPer to crash.\n\n\nRed Hat would like to thank Liu Bingchang (IIE) for reporting\");\n script_tag(name:\"affected\", value:\"jasper on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2017:1208\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2017-May/022408.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"jasper\", rpm:\"jasper~1.900.1~21.el6_9\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"jasper-devel\", rpm:\"jasper-devel~1.900.1~21.el6_9\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"jasper-libs\", rpm:\"jasper-libs~1.900.1~21.el6_9\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"jasper-utils\", rpm:\"jasper-utils~1.900.1~21.el6_9\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:04", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2017-05-10T00:00:00", "id": "OPENVAS:1361412562310871813", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871813", "title": "RedHat Update for jasper RHSA-2017:1208-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for jasper RHSA-2017:1208-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871813\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-05-10 06:49:13 +0200 (Wed, 10 May 2017)\");\n script_cve_id(\"CVE-2015-5203\", \"CVE-2015-5221\", \"CVE-2016-10248\", \"CVE-2016-10249\",\n \"CVE-2016-10251\", \"CVE-2016-1577\", \"CVE-2016-1867\", \"CVE-2016-2089\",\n \"CVE-2016-2116\", \"CVE-2016-8654\", \"CVE-2016-8690\", \"CVE-2016-8691\",\n \"CVE-2016-8692\", \"CVE-2016-8693\", \"CVE-2016-8883\", \"CVE-2016-8884\",\n \"CVE-2016-8885\", \"CVE-2016-9262\", \"CVE-2016-9387\", \"CVE-2016-9388\",\n \"CVE-2016-9389\", \"CVE-2016-9390\", \"CVE-2016-9391\", \"CVE-2016-9392\",\n \"CVE-2016-9393\", \"CVE-2016-9394\", \"CVE-2016-9560\", \"CVE-2016-9583\",\n \"CVE-2016-9591\", \"CVE-2016-9600\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for jasper RHSA-2017:1208-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'jasper'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"JasPer is an implementation of Part 1 of the\n JPEG 2000 image compression standard.\n\nSecurity Fix(es):\n\nMultiple flaws were found in the way JasPer decoded JPEG 2000 image files.\nA specially crafted file could cause an application using JasPer to crash\nor, possibly, execute arbitrary code. (CVE-2016-8654, CVE-2016-9560,\nCVE-2016-10249, CVE-2015-5203, CVE-2015-5221, CVE-2016-1577, CVE-2016-8690,\nCVE-2016-8693, CVE-2016-8884, CVE-2016-8885, CVE-2016-9262, CVE-2016-9591)\n\nMultiple flaws were found in the way JasPer decoded JPEG 2000 image files.\nA specially crafted file could cause an application using JasPer to crash.\n(CVE-2016-1867, CVE-2016-2089, CVE-2016-2116, CVE-2016-8691, CVE-2016-8692,\nCVE-2016-8883, CVE-2016-9387, CVE-2016-9388, CVE-2016-9389, CVE-2016-9390,\nCVE-2016-9391, CVE-2016-9392, CVE-2016-9393, CVE-2016-9394, CVE-2016-9583,\nCVE-2016-9600, CVE-2016-10248, CVE-2016-10251)\n\nRed Hat would like to thank Liu Bingchang (IIE) for reporting\nCVE-2016-8654, CVE-2016-9583, CVE-2016-9591, and CVE-2016-9600 Gustavo\nGrieco for reporting CVE-2015-5203 and Josselin Feist for reporting\nCVE-2015-5221.\");\n script_tag(name:\"affected\", value:\"jasper on\n Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Server (v. 7),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2017:1208-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2017-May/msg00010.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_(7|6)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"jasper-debuginfo\", rpm:\"jasper-debuginfo~1.900.1~30.el7_3\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"jasper-libs\", rpm:\"jasper-libs~1.900.1~30.el7_3\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"jasper\", rpm:\"jasper~1.900.1~21.el6_9\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"jasper-debuginfo\", rpm:\"jasper-debuginfo~1.900.1~21.el6_9\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"jasper-libs\", rpm:\"jasper-libs~1.900.1~21.el6_9\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "archlinux": [{"lastseen": "2016-09-02T18:44:46", "bulletinFamily": "unix", "description": "- CVE-2016-1577 (arbitrary code execution)\n\nDouble free vulnerability in the jas_iccattrval_destroy function in\nJasPer 1.900.1 and earlier allows remote attackers to cause a denial of\nservice (crash) or possibly execute arbitrary code via a crafted ICC\ncolor profile in a JPEG 2000 image file.\n\n- CVE-2016-2089 (denial of service)\n\nThe jas_matrix_clip function in jas_seq.c in JasPer 1.900.1 allows\nremote attackers to cause a denial of service (invalid read and\napplication crash) via a crafted JPEG 2000 image.\n\n- CVE-2016-2116 (denial of service)\n\nMemory leak in the jas_iccprof_createfrombuf function in JasPer 1.900.1\nand earlier allows remote attackers to cause a denial of service\n(memory consumption) via a crafted ICC color profile in a JPEG 2000\nimage file.", "modified": "2016-05-04T00:00:00", "published": "2016-05-04T00:00:00", "id": "ASA-201605-2", "href": "https://lists.archlinux.org/pipermail/arch-security/2016-May/000609.html", "title": "jasper: multiple issues", "type": "archlinux", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2019-05-30T02:22:44", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3508-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nMarch 06, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : jasper\nCVE ID : CVE-2016-1577 CVE-2016-2089 CVE-2016-2116\nDebian Bug : 812978 816625 816626\n\nSeveral vulnerabilities were discovered in JasPer, a library for\nmanipulating JPEG-2000 files. The Common Vulnerabilities and Exposures\nproject identifies the following problems:\n\nCVE-2016-1577\n\n Jacob Baines discovered a double-free flaw in the\n jas_iccattrval_destroy function. A remote attacker could exploit\n this flaw to cause an application using the JasPer library to crash,\n or potentially, to execute arbitrary code with the privileges of the\n user running the application.\n\nCVE-2016-2089\n\n The Qihoo 360 Codesafe Team discovered a NULL pointer dereference\n flaw within the jas_matrix_clip function. A remote attacker could\n exploit this flaw to cause an application using the JasPer library\n to crash, resulting in a denial-of-service.\n\nCVE-2016-2116\n\n Tyler Hicks discovered a memory leak flaw in the\n jas_iccprof_createfrombuf function. A remote attacker could exploit\n this flaw to cause the JasPer library to consume memory, resulting\n in a denial-of-service.\n\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 1.900.1-13+deb7u4.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1.900.1-debian1-2.4+deb8u1.\n\nWe recommend that you upgrade your jasper packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2016-03-06T15:34:08", "published": "2016-03-06T15:34:08", "id": "DEBIAN:DSA-3508-1:44F45", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2016/msg00080.html", "title": "[SECURITY] [DSA 3508-1] jasper security update", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:46:46", "bulletinFamily": "unix", "description": "JasPer is an implementation of Part 1 of the JPEG 2000 image compression standard.\n\nSecurity Fix(es):\n\nMultiple flaws were found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. (CVE-2016-8654, CVE-2016-9560, CVE-2016-10249, CVE-2015-5203, CVE-2015-5221, CVE-2016-1577, CVE-2016-8690, CVE-2016-8693, CVE-2016-8884, CVE-2016-8885, CVE-2016-9262, CVE-2016-9591)\n\nMultiple flaws were found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash. (CVE-2016-1867, CVE-2016-2089, CVE-2016-2116, CVE-2016-8691, CVE-2016-8692, CVE-2016-8883, CVE-2016-9387, CVE-2016-9388, CVE-2016-9389, CVE-2016-9390, CVE-2016-9391, CVE-2016-9392, CVE-2016-9393, CVE-2016-9394, CVE-2016-9583, CVE-2016-9600, CVE-2016-10248, CVE-2016-10251)\n\nRed Hat would like to thank Liu Bingchang (IIE) for reporting CVE-2016-8654, CVE-2016-9583, CVE-2016-9591, and CVE-2016-9600; Gustavo Grieco for reporting CVE-2015-5203; and Josselin Feist for reporting CVE-2015-5221.", "modified": "2018-06-07T18:22:00", "published": "2017-05-09T18:59:57", "id": "RHSA-2017:1208", "href": "https://access.redhat.com/errata/RHSA-2017:1208", "type": "redhat", "title": "(RHSA-2017:1208) Important: jasper security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2019-05-29T18:33:39", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2017:1208\n\n\nJasPer is an implementation of Part 1 of the JPEG 2000 image compression standard.\n\nSecurity Fix(es):\n\nMultiple flaws were found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. (CVE-2016-8654, CVE-2016-9560, CVE-2016-10249, CVE-2015-5203, CVE-2015-5221, CVE-2016-1577, CVE-2016-8690, CVE-2016-8693, CVE-2016-8884, CVE-2016-8885, CVE-2016-9262, CVE-2016-9591)\n\nMultiple flaws were found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash. (CVE-2016-1867, CVE-2016-2089, CVE-2016-2116, CVE-2016-8691, CVE-2016-8692, CVE-2016-8883, CVE-2016-9387, CVE-2016-9388, CVE-2016-9389, CVE-2016-9390, CVE-2016-9391, CVE-2016-9392, CVE-2016-9393, CVE-2016-9394, CVE-2016-9583, CVE-2016-9600, CVE-2016-10248, CVE-2016-10251)\n\nRed Hat would like to thank Liu Bingchang (IIE) for reporting CVE-2016-8654, CVE-2016-9583, CVE-2016-9591, and CVE-2016-9600; Gustavo Grieco for reporting CVE-2015-5203; and Josselin Feist for reporting CVE-2015-5221.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2017-May/022408.html\nhttp://lists.centos.org/pipermail/centos-announce/2017-May/022411.html\n\n**Affected packages:**\njasper\njasper-devel\njasper-libs\njasper-utils\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2017-1208.html", "modified": "2017-05-15T16:46:03", "published": "2017-05-15T15:59:23", "href": "http://lists.centos.org/pipermail/centos-announce/2017-May/022408.html", "id": "CESA-2017:1208", "title": "jasper security update", "type": "centos", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:36:01", "bulletinFamily": "unix", "description": "[1.900.1-21]\n- Bump release\n[1.900.1-20]\n- Multiple security fixes (fixed by thoger):\n CVE-2015-5203 CVE-2015-5221 CVE-2016-1577 CVE-2016-1867 CVE-2016-2089\n CVE-2016-2116 CVE-2016-8654 CVE-2016-8690 CVE-2016-8691 CVE-2016-8692\n CVE-2016-8693 CVE-2016-8883 CVE-2016-8884 CVE-2016-8885 CVE-2016-9262\n CVE-2016-9387 CVE-2016-9388 CVE-2016-9389 CVE-2016-9390 CVE-2016-9391\n CVE-2016-9392 CVE-2016-9393 CVE-2016-9394 CVE-2016-9560 CVE-2016-9583\n CVE-2016-9591 CVE-2016-9600 CVE-2016-10248 CVE-2016-10249 CVE-2016-10251\n- Fix implicit declaration warning caused by security fixes above\n[1.900.1-19]\n- CVE-2014-8157 - dec->numtiles off-by-one check in jpc_dec_process_sot() (#1183672)\n- CVE-2014-8158 - unrestricted stack memory use in jpc_qmfb.c (#1183680)\n[1.900.1-18]\n- CVE-2014-8137 - double-free in in jas_iccattrval_destroy (#1173567)\n- CVE-2014-8138 - heap overflow in jp2_decode (#1173567)\n[1.900.1-17]\n- CVE-2014-9029 - incorrect component number check in COC, RGN and QCC\n marker segment decoders (#1171209)", "modified": "2017-05-09T00:00:00", "published": "2017-05-09T00:00:00", "id": "ELSA-2017-1208", "href": "http://linux.oracle.com/errata/ELSA-2017-1208.html", "title": "jasper security update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "amazon": [{"lastseen": "2019-05-29T19:20:24", "bulletinFamily": "unix", "description": "**Issue Overview:**\n\nMultiple flaws were found in the way JasPer decoded JPEG 2000 image files. A \nspecially crafted file could cause an application using JasPer to crash or, \npossibly, execute arbitrary code. ( [CVE-2016-8654 __](<https://access.redhat.com/security/cve/CVE-2016-8654>), [CVE-2016-9560 __](<https://access.redhat.com/security/cve/CVE-2016-9560>), [CVE-2016-10249 __](<https://access.redhat.com/security/cve/CVE-2016-10249>), \n[CVE-2015-5203 __](<https://access.redhat.com/security/cve/CVE-2015-5203>), [CVE-2015-5221 __](<https://access.redhat.com/security/cve/CVE-2015-5221>), [CVE-2016-1577 __](<https://access.redhat.com/security/cve/CVE-2016-1577>), [CVE-2016-8690 __](<https://access.redhat.com/security/cve/CVE-2016-8690>), [CVE-2016-8693 __](<https://access.redhat.com/security/cve/CVE-2016-8693>), \n[CVE-2016-8884 __](<https://access.redhat.com/security/cve/CVE-2016-8884>), [CVE-2016-8885 __](<https://access.redhat.com/security/cve/CVE-2016-8885>), [CVE-2016-9262 __](<https://access.redhat.com/security/cve/CVE-2016-9262>), [CVE-2016-9591 __](<https://access.redhat.com/security/cve/CVE-2016-9591>) )\n\nMultiple flaws were found in the way JasPer decoded JPEG 2000 image files. A \nspecially crafted file could cause an application using JasPer to crash. \n([CVE-2016-1867 __](<https://access.redhat.com/security/cve/CVE-2016-1867>), [CVE-2016-2089 __](<https://access.redhat.com/security/cve/CVE-2016-2089>), [CVE-2016-2116 __](<https://access.redhat.com/security/cve/CVE-2016-2116>), [CVE-2016-8691 __](<https://access.redhat.com/security/cve/CVE-2016-8691>), [CVE-2016-8692 __](<https://access.redhat.com/security/cve/CVE-2016-8692>), \n[CVE-2016-8883 __](<https://access.redhat.com/security/cve/CVE-2016-8883>), [CVE-2016-9387 __](<https://access.redhat.com/security/cve/CVE-2016-9387>), [CVE-2016-9388 __](<https://access.redhat.com/security/cve/CVE-2016-9388>), [CVE-2016-9389 __](<https://access.redhat.com/security/cve/CVE-2016-9389>), [CVE-2016-9390 __](<https://access.redhat.com/security/cve/CVE-2016-9390>), \n[CVE-2016-9391 __](<https://access.redhat.com/security/cve/CVE-2016-9391>), [CVE-2016-9392 __](<https://access.redhat.com/security/cve/CVE-2016-9392>), [CVE-2016-9393 __](<https://access.redhat.com/security/cve/CVE-2016-9393>), [CVE-2016-9394 __](<https://access.redhat.com/security/cve/CVE-2016-9394>), [CVE-2016-9583 __](<https://access.redhat.com/security/cve/CVE-2016-9583>), \n[CVE-2016-9600 __](<https://access.redhat.com/security/cve/CVE-2016-9600>), [CVE-2016-10248 __](<https://access.redhat.com/security/cve/CVE-2016-10248>), [CVE-2016-10251 __](<https://access.redhat.com/security/cve/CVE-2016-10251>))\n\n \n**Affected Packages:** \n\n\njasper\n\n \n**Issue Correction:** \nRun _yum update jasper_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n jasper-devel-1.900.1-21.9.amzn1.i686 \n jasper-utils-1.900.1-21.9.amzn1.i686 \n jasper-1.900.1-21.9.amzn1.i686 \n jasper-libs-1.900.1-21.9.amzn1.i686 \n jasper-debuginfo-1.900.1-21.9.amzn1.i686 \n \n src: \n jasper-1.900.1-21.9.amzn1.src \n \n x86_64: \n jasper-debuginfo-1.900.1-21.9.amzn1.x86_64 \n jasper-libs-1.900.1-21.9.amzn1.x86_64 \n jasper-1.900.1-21.9.amzn1.x86_64 \n jasper-devel-1.900.1-21.9.amzn1.x86_64 \n jasper-utils-1.900.1-21.9.amzn1.x86_64 \n \n \n", "modified": "2017-07-25T18:15:00", "published": "2017-07-25T18:15:00", "id": "ALAS-2017-836", "href": "https://alas.aws.amazon.com/ALAS-2017-836.html", "title": "Important: jasper", "type": "amazon", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}
